The firm behind Maker [MKR], and crypto-collateralized stablecoin DAI project, have disclosed a key issue with respect to its internal governance voting contract. Revealed in a Reddit post, the Maker Foundation stated that this finding will result in a “need to make a critical update.”
Following the second round of audits in partnership with cryptocurrency exchange Coinbase and Zeppelin Solutions, the “Critical Vulnerability,” as the Zeppelin blog termed it, was noticed. The blog stated that the issue was with respect to one of DAppHub’s library contracts which affect the MakerDAO system in production.
Zeppelin stated that the vulnerability was communicated to the Maker team privately and a “mitigation plan” had been formulated to address the same over the past few days. The blog quelled customer concerns stating,
“After reviewing the amended contract, we can confirm that the vulnerability has now been fixed. The security of the MKR token contract is not affected by our findings.”
Despite the reassuring tone of the Zeppelin blog post however, the Reddit thread advised MKR hodlers to transfer their coins out of the “old contract,” and back into their personal wallets as soon as possible. However, since this issue pertains to governance, if the hodler in question did not participate in the “voting portal,” no remedy is required.
The Maker post stated,
“Please note: This does NOT impact the security or stability of the MKR token, it is only relevant to those who are using the old voting contract.”
According to the voting section of the MakerDAO website, tokens amounting to 114,936 MKR or $63.32 million were staked in the stability fee voting proposal.
The Head of Community Development at Maker, rich_at_makerdao, added that the report addressing the entire issue will be released soon,
“A detailed post mortem will be provided after the transition period is over. We are targeting sometime next week.”
Given the upfront nature of both Maker and their respective audit partners in addressing this issue, the cryptocurrency community voiced their support for the prompt response. A Reddit user, CryptoOnly, stated,
“Its refreshing to see we are hopefully at a point where projects are taking security and auditing seriously, catching stuff like this and fixing it before a malicious actor exploits it.
Having lived through The DAO and similar it certainly wasn’t always this way, in the early days it seems security was an afterthought however we’ve all seen what the ramifications of that mindset is.”
The post Maker [MKR]: Coinbase, Zeppelin solutions audit reveals bug in Maker’s voting contract appeared first on AMBCrypto.