DAO Behind DAI Stablecoin MakerDAO Announces Critical Vulnerability in Voting Contract

Published at: May 7, 2019

MakerDAO, the Decentralized Autonomous Organization (DAO) behind the DAI stablecoin, announced a critical security update to its governance contract in a Reddit thread published on May 6.

Per the announcement, during the second round of security audits part of the DAO’s partnership with crypto exchange Coinbase and smart contract security startup Zeppelin, a critical vulnerability had been discovered in the governance smart contract. Zeppelin also released an independent critical vulnerability notice.

While the announcement claims that the tokens of users who have staked MKR tokens in the contract are not in danger, it also advises users to move them. Still, no action is required from users who are not in control of one of the ~190 addresses who have staked MKR in the current voting contract.

A website with instructions has been created to help users with staked tokens move them out of the old voting smart contract, and chat assistance is offered to those who still find themselves confused about how to proceed. The announcement also claims:

“This does NOT impact the security or stability of the MKR token, it is only relevant to those who are using the old voting contract.”

Lastly, the company promises that it will shortly release a full debrief and detailed outline of the changes made to the smart contract.

As Cointelegraph reported last week, MakerDAO claims to have now stabilized its DAI stablecoin with fee increases after it previously struggled to maintain its peg to the U.S. dollar.

At the end of April, Andy Milenius, formerly the chief technology officer at MakerDAO, published an open letter dated April 3 explaining his concerns over the project’s internal conflicts.

Tags
Dao
Related Posts
Developers of Ethereum DEX Protocol AirSwap Disclose Critical Exploit
Ethereum (ETH) decentralized exchange protocol AirSwap’s developers announced that they have discovered a critical vulnerability in the system’s new smart contract. AirSwap’s team announced its findings and a possible solution for all potentially affected users in a Medium post published on Sept. 13. A limited vulnerability Per the release, on Sept. 12 AirSwap’s development team found a vulnerability in a new smart contract, which has already been reverted to an older version in under 24 hours after the discovery. The exploit in question could have allowed an attacker to perform a swap without requiring a signature from a counterparty under …
Ethereum / Sept. 15, 2019
0x DEX Protocol Suspended Because of Vulnerability, Funds Safe
The Ethereum (ETH) smart contract of 0x (ZRX) decentralized exchange (DEX) protocol has been suspended after a vulnerability has been uncovered in its code, the project’s team announced in a Medium post published on July 13. Per the announcement, third-party security researcher samczsun warned the 0x team about the vulnerability in the exchange smart contract and, after evaluating it, the team suspended the exchange’s contract and the AssetProxy contracts. The vulnerability would have allowed an attacker to fill certain orders with invalid signatures. The announcement reassures that one has exploited this vulnerability and no users have lost their funds. The …
Ethereum / July 13, 2019
Coinbase Now Supports Cryptocurrency Token EOS
Major United States-based cryptocurrency exchange and wallet service Coinbase has added support for EOS, according to a press release on May 30. The new addition is reportedly available for trading and storage in most areas covered by Coinbase, with the exception of the United Kingdom and New York at press time. The announcement also notes that there are no transaction fees associated with EOS; the cost is instead paid in computing resources, such as a tax on RAM, CPUs, or network bandwidth. Users that run the network also earn EOS by contributing to the computational power needed to run transactions. …
Decentralization / May 30, 2019
Coinbase Exec Joins Stablecoin Issuer TrueUSD as Head of Compliance
A former senior employee at United States crypto exchange Coinbase has left the industry giant to join stablecoin issuer TrustToken as head of compliance, according to the company’s official website Jan. 4. Vaishali Mehta, whose LinkedIn profile indicates she served just over a year as senior compliance manager at the major San Francisco-based exchange, reportedly joined TrustToken in December 2018. Trust Token is the issuer of TrueUSD (TUSD), which has been listed on top crypto exchange Binance as of last May. The listing makes it a relatively early entrant amid the increasing number of new stablecoins notionally pegged 1:1 to …
United States / Jan. 4, 2019
Coinbase and Circle Launch USDC Stablecoin With Purported Full Backing in US Dollars
Major U.S. cryptocurrency exchange Coinbase has launched the USD Coin stablecoin (USDC), making it the first stablecoin for trade on the platform, Cointelegraph learned at the Money 20/20 conference Oct. 23. The underlying technology behind USDC was developed collaboratively between Coinbase and blockchain-powered payments technology company Circle. Coinbase customers in supported jurisdictions can now purchase, sell, send, and receive USDC at coinbase.com and the exchange’s iOS and Android apps. Coinbase notes in the statement that its U.S.-based customers outside the state of New York are able to buy and sell, while customers around the world can send and receive the …
Altcoin / Oct. 24, 2018