MakerDAO Vulnerability Would Have Let Criminals Siphon ETH-Powered DAI Stablecoin
MakerDAO network had such a major bug that, Ethereum (ETH) that powers the DAI stablecoin could have been stolen due to an exploit. According to the reports, a hacker could use a single transaction to steal the tokens.
This would result in the complete loss of funds for the project, which could have catastrophic consequences for the network and possibly ruined the network forever. According to the researcher responsible for finding the bug, the attack would have needed minimal costs and it could be pretty effective.
HackerOne affirmed that the attack was only possible because a flaw in the code could allow someone to create an auction with a fake bid. The end contract would trust that value, which could lead to the exploit. This would basically let someone withdraw all the ETH.
One of the reasons why the exploit would work is because DAI loans can be liquidated if the network is considered being “unsafe”. In order to cancel these loans, there is collateral, which is from where the money would have been stolen if the hack was successfully implemented.
Right now, there is around $270 million USD) locked as collateral for the DAI network. If the heist was successfully made and the criminal escaped with his money, he would have certainly been able to live a very wealthy life. Fortunately, white hat hackers exist and it seems that they have protected the network once more.