Maker DsChief 1.2 Governance Security Update Requires MKR Holder Actions

December 2, 2020

Flash loans, a new development in DeFi, enable anyone to borrow funds from lending pools without putting up any collateral, as long as the funds (and any fees) are repaid in the same transaction they were borrowed. If that does not occur, the network rejects the transaction and no record is left on the blockchain. 

Flash loans allow anyone to access liquidity for many different applications. For example, the Maker Protocol’s updated Liquidations System is expected to support flash loans. However, flash loans have also been used to manipulate the crypto markets and attack DeFi protocols, and, more recently, to influence DAO voting results. 

In October, flash-borrowed MKR (MakerDAO’s governance token) was used by a voter to pass a Maker governance proposal. While the vote might have passed anyway, the action raised the concern that a flash loan could be used to pass a harmful proposal or prevent a critical proposal from being approved—all for the financial benefit of a voter. For that and other reasons, the community determined that it was necessary to secure the Maker Protocol against immediate and future risks from flash loan attacks. This meant taking an immediate step and then proposing a governance security update to the DsChief, the Maker contract used to manage and process governance votes by MKR holders. 

Protecting the Protocol from Flash Loan Risks

To mitigate the immediate risk posed by voting with flash-borrowed MKR, a late October executive vote was held, and three measures passed:

  1. Increase the GSM Pause Delay (the gap between governance proposals being approved and activated) from 12 hours to 72 hours, providing an extended window of time in which maliciously-elected proposals could be removed.
  2. Deauthorize the Oracle Freeze Module, preventing an attacker from freezing Oracles
  3. Deauthorize the Liquidations Circuit Breaker, preventing an attacker from disabling liquidations.

Beyond that, updates to DsChief were discussed in detail on the Maker Forum, and now formal voting to update the contract begins. 

The proposed updates, should they be approved by MKR voters, will prevent flash loans from being used to vote by ensuring that MKR tokens locked in the voting contract can only be unlocked in a subsequent block. In other words, a voter will no longer be able to borrow, lock, use to vote, unlock, and repay MKR in the same block. 

DsChief 1.2 would significantly raise the difficulty and cost of governance attacks, because MKR would need to be purchased in sufficient quantity to influence a vote, rather than borrowed at a very low fee. The update would also re-enable governance to instantaneously freeze oracles and disable liquidations, since these protections were added to address other potential threats to the Protocol. 

MKR holders vote for the DsChief 1.2 Governance Security Update via  the Maker Governance Portal.

Next Steps for MKR Voters

Head to the Maker governance portal now to vote on the DsChief 1.2 smart contract proposal.  

Full details are on the MakerDAO forum. Please read them carefully.

If that vote passes and DsChief 1.2 is accepted, there will be a delay of 72 hours (the additional security measure put in place by governance at the end of October) before the old Chief is deactivated. 

During that time, MKR holders should leave their tokens in the old Chief to prevent malicious proposals from being passed before the Chief is deactivated.

The DsChief 1.2 update requires MKR holders to take several steps.
Upgrading to DsChief 1.2 requires MKR holders take several steps.

Once the old Chief is deactivated, MKR holders should withdraw their tokens and deposit them on the new Chief, as they will be needed to vote on activation of the new Chief.  At that time, a banner will be displayed on the governance portal to walk MKR holders through the different stages of the migration process.  

The new Chief will only be activated when 80,000 MKR support the proposal. This is another security measure to prevent potentially malicious governance proposals from passing with low MKR support. No governance actions are possible until the vote reaches this threshold.

To get involved with Maker governance, join the open discussion on the MakerDAO forum.

December 2, 2020