The team behind a DeFi protocol wanted white-list access MakerDAO’s price oracle. And to make it happen, they used a flash loan to manipulate a vote in a process that has triggered questions about the stablecoin platform’s governance apparatus.
The complicated nature of the situation was detailed in a forum post on Wednesday. It’s a notable example of flash loans, or lending arrangements that play out across a single Ethereum transaction, can lead to unexpected outcomes and create security quandaries across the largely experimental DeFi landscape.
Readers might remember flash loans as the central piece in a series of protocol exploits earlier this year. Ultimately, those exploits forced ecosystem participants to rethink their security practices in a fast-moving space.
Essentially, B Protocol’s team wanted to be white-listed in order to access the MakerDAO’s price oracle. So, they submitted a proposal to Maker’s governance structure in order to receive that approval on October 23.
Three days later, a multi-step transaction was created and processed that began with a borrowing of synthetic Ether, which was then used as collateral to borrow $7 million worth of MKR tokens, which are used to vote on proposals. The newly-borrowed MKR was used to pass the vote and then returned to the markets from which they were lent.
At this point, it doesn’t appear that what occurred with Maker and BProtocol was malicious in nature, and the post states that BProtocol has been fully transparent in communicating their actions once the Foundation became aware of the voting irregularities.
Still, as the post noted: “Their actions are a practical example for the community that flash loans can and may impact system governance and highlight that MKR market liquidity needs to be actively monitored.”
What comes next is discussion and action on possible countermeasures to a future event in which flash loans are used in a more malicious fashion against Maker. The post also outlined some more immediate steps to reduce the risk to Maker’s governance architecture. This includes extra time for MKR holders to react to a governance attack and disabling some functions for governance participants.
© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.