The Maker Foundation recently announced a series of regulatory polls around security after the software engineer Micah Zoltu stated that any hacker who has $20 million could manage to set up an attack on the Maker DAO network. This would allow the hacker to steal up to $340 million.
In a blog post from December 9, the Maker Foundation's risk team stated that a series of polls for governance had been placed in its voting system. One poll is asking the community if a governance security module should be boosted from 0 seconds to 24 hours. In an earlier statement on December 9, Zoltu said that it would only cost a hacker about $20 million to attack the network and get away with Ether worth $340 million. That amount is locked up in Maker DAO's network.
Zoltu added that the version 2 of Maker DAO should have been launched with safeguards against a disruptive MKR account holder. The launch should have provided protection against a digital robbery of Uniswap, Compound and other systems that are integrated with Maker. However, this was not the case, leaving all the collateral unprotected.
Zoltu went on to say that Maker DAO tried to reduce the risk of exploitation by enforcing a delay after each new transaction is selected. This safety period allows for network verification of the contract in order to determine malicious intent. That delay could allow a bad guy with enough money to vote on their own contracts and get away with all of the collateral. He said that it would take about 80,000 Maker to do almost whatever a person wants with Maker contracts.
Zoltu added that the value for the GSM delay is only 0 seconds, which gives a security specialist no possibility or time to stop an attack form a malicious individual or group with a lot of money. While Zoltu stated that Maker is not currently willing to give up instant governance control, the Maker Foundation's risk team did set up a poll about it. If people vote in favor of it, the delay would be 24 hours.