An unknown market manipulator launched an elaborate arbitrage attack last week against the bZx decentralized financing lending protocol. The bad actor took home $350,000 USD in ether. The heads of bZx were turned again days later when they suffered another oracle-based attack. The culprit, whose appearance suggested that it was the same agent behind the first incident, made off with approximately $650,000 in Ethereum. Flash loans were featured in both episodes. This new type of DeFi primitive allows users to perform complex financial transactions within one transaction. Flash loans are a way to create a loan and have it paid back in one transaction. It’s a powerful tool that the cryptoeconomy has seen can be used for both positive and negative ends. Concerning the latter, the bZx group has taken emergency measures in order to defend against any new attacks, but DeFi stakeholders remain on high alert for any further nefarious attempts to stop larger projects.
The Governance Vector
MakerDAO is the largest DeFi project currently underway and has a large target. The good news is that there is a major defense mechanism on the horizon and could be activated quickly. MakerDAO, a decentralized lending platform, is an example. It allows users to draw out automated loans using the dollar-pegged Dai stablecoin and locked-up collateral such as ETH.
MakerDAO’s governance token MKR is a key component of this system. MKR holders are able to participate in routine votes to steward Dai and Maker projects’ trajectories. What if a bad actor had a lot of MKR and wanted to vote with those tokens?
This is the definable catastrophe that every stakeholder in DeFi wants to see. Fortunately, there are several large Maker “whales”, which are public-facing venture capital companies that have more to lose by helping the dApp succeed. Additionally, there is not enough MKR liquidity in the cryptoeconomy to allow an attacker to source the funds necessary for a governance attack.
Despite this, flash loan attacks against bZx have led to a growing awareness that a malicious agent could borrow a large sum of MKR to attack Maker quickly. The Governance Security Module (GSM), the defensive mechanism mentioned above, is here to help.
GSM is a Big Deal
The Maker team explained that the GSM was designed to allow MKR token holders to review any changes to the system and to take appropriate action if they are deemed malicious. An attacker could attempt to launch a governance blitz against Maker, but the GSM would allow good-faith stakeholders to prevent nefarious voting results ever being finalized.
Problem? The GSM currently has a 0 hour time limit, meaning that a DeFi predator could theoretically try to ambush Maker. This “0 hour” status would allow MKR voter to act quickly and decisively in the event of an immediate crisis. However, it could also be misused quickly if governance was compromised.
MKR voters will vote on Friday, February 21st to approve an executive proposal to increase the GSM’s delay to 24 hours. Maker’s defenders would have one full day to respond if the new module is approved.
MKR voters have voted down the idea of raising the GSM in recent weeks, possibly due to a lack awareness. New community campaigns in support of a higher GSM mean there will be more “yays” votes this time around, regardless of what happens.