1. Home
  2. DAO Attack

DAO Attack

Compound Finance proposals elicit ‘governance attack’ allegations

Community risk assessors warned against the perceived centralization effort days before the proposal’s passage.

Compound Finance, a decentralized lending and borrowing protocol, appears to be going through a tumultuous community disagreement over governance, according to community forums and a slew of recent proposals. 

The passage of proposal 289, on July 28, appears to be the catalyst for a series of allegations on social media that a governance attack has occurred as perpetuated by a voting bloc called the “Golden Boys.”

Over on the Compound governance message boards, insiders specifically warned such an event would occur just days before as discussions over the proposals played out.

Read more

Lightchain Presale Skyrockets, Setting New Standards as the Next Ethereum Contender

ERC-2771 integration introduces address spoofing vulnerability — OpenZeppelin

The smart contract vulnerability arises after the integration of ERC-2771 and Multicall standards. OpenZepplin identified 13 sets of vulnerable smart contracts.

Soon after Thirdweb revealed a security vulnerability that could impact a variety of common smart contracts used across the Web3 ecosystem, OpenZeppelin identified two specific standards as the root cause of the threat.

On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library, which could impact pre-built contracts, including DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.

James Edwards, the lead maintainer for cybersecurity investigator Librehash, said that while AI chatbots have the ability to develop smart contracts, deploying them in a live environment is risky.

Read more

Lightchain Presale Skyrockets, Setting New Standards as the Next Ethereum Contender

MakerDAO passes new ‘constitution’ to formalize governance process

The document creates multiple offices tasked with fulfilling various jobs for the protocol, each with their own powers and responsibilities.

MakerDAO, the decentralized autonomous organization that governs the Dai (DAI) stablecoin, has passed a new proposed “constitution” intended to formalize governance processes and help prevent hostile actors from taking over the protocol, according to the official forum page for the proposal.

According to the proposal’s text, a constitution is needed because the Maker Protocol “relies on governance decisions by humans and institutions holding MKR tokens,” which can “expose weaknesses and vulnerabilities that can result in the failure of the Maker Protocol or the loss of user funds.”

To avoid this failure, the Maker Constitution engages in “alignment engineering” to “lock in the core commitments” of Maker's community, the document said.

The governing document creates several categories of participants with different powers and responsibilities. For example, constitutional conservers (CCs) have the job of “facilitating and protecting the Maker Governance process” by ensuring that the constitution is followed by other participants. CCs can become constitutional voter committee members (CVCMs) or constitutional delegates (CDs).

CVCMs craft position documents for voters to consider, and CDs operate smart contracts that allow MKR holders to delegate their MKR without losing custody of their tokens.

Related: MakerDAO votes to keep USDC as primary collateral

Each office has powers to remove listings of officers from the app’s front end if they are believed to be violating the constitution. For example, a CD can ban a CVC from the front end if the CVC is believed to be deceiving the voters who are delegating to it.

The Maker constitution proposal passed with 76.04% of the MKR vote. Less than a quarter (23.95%) of MKR votes went against the proposal, and 0.01% abstained.

Despite the vote in its favor, some Maker users have openly criticized the constitution as being authoritarian. For example, the pseudonymous Twitter user PaperImperium has claimed that it forces users to be “muzzled and forbidden from communicating with anyone at or around Maker about Maker” due to restrictions it imposes on communications from constitutional delegates.

Maker's constitution is one step in the process of creating what Maker founder Rune Christensen called the “Endgame Plan” for the protocol, which he believes will convert MakerDAO into a decentralized organization that keeps DAI stable as it potentially becomes the reserve currency for the world. End Game has been criticized by Andreessen Horowitz for doing too much too fast: the venture capital firm supports changing the protocol in a more piecemeal fashion.

DAI is an algorithmic stablecoin pegged to the U.S. Dollar. It temporarily lost its peg on March 11 due to fallout from a banking panic in the U.S., but then recovered it after MakerDAO passed emergency measures to limit the ability of users to mint DAI with USD Coin (USDC).

Lightchain Presale Skyrockets, Setting New Standards as the Next Ethereum Contender

Barely halfway and October already the biggest month in crypto hacks: Finance Redefined

Blockchain analytics firm Chainalysis has labeled October 2022 as “the biggest month in the biggest year ever for hacking activity."

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week.

October is historically associated with the bulls, but in 2022, the month has also become the leader in crypto hacks as barely halfway through, and the DeFi ecosystem has already seen nearly a dozen hacks resulting in losses of hundreds of millions of dollars.

The largest hack occurred on Solana’s DeFi platform Mango Markets on Oct. 11, resulting in a loss of over $100 million worth of crypto. The hacker has now come out to demand $70 million in USD Coin (USDC) stablecoin as a bounty to return the stolen crypto.

In another hack, TempleDAO was exploited for $2 million on the same day as Mango Market’s exploit.

Moving on from the hacker exploits, DappRadar, a DeFi analytic firm, came out with its side of the explanation on why its calculation about daily active users in the $1.6 billion metaverse ecosystem Decentraland came to less than 40.

The top 100 DeFi tokens faced bearish pressure throughout the week, with some relief coming late on Thursday. The majority of the tokens traded in red on the weekly charts, barring a few and the total value locked (TVL) dipped below $50 billion.

Barely halfway and October is the ‘biggest month’ in crypto hacks: Chainalysis

Blockchain analytics firm Chainalysis has labeled October 2022 as “the biggest month in the biggest year ever for hacking activity,” with the total hacked value for the month nearly reaching $718 million.

Despite not being more than halfway through the month, Chainalysis said 11 different hacks on DeFi protocols had seen hundreds of millions exploited.

Continue reading

Mango Markets hacker proposes steep settlement

On Oct. 12, one day after $117 million was drained from Solana DeFi platform Mango Markets via a price feed exploit, the hacker responsible for the attack demanded a settlement. The proposal was filed on the Mango Markets decentralized autonomous organization (DAO) governance forum.

If passed, the procedure would involve the hacker sending stolen MNGO, SOL (SOL) and Marinade Staked SOL tokens to an address provided by the Mango DAO team. Users without bad debt will be remade whole. However, the hacker demands that any bad debt be viewed as a bug bounty and insurance to be paid out via the community treasury worth 70 million USDC, or $70 million.

Continue reading

DappRadar explains why it counted less than 40 active users on Decentraland

Crypto Twitter was shocked by reports claiming Decentraland, a $1.2 billion metaverse ecosystem, has had less than 40 daily active users recently. The data, courtesy of DeFi analytic firm DappRadar, created quite a buzz among the crypto community, with questions being raised over the future of Web3.

Decentraland was quick to refute those metrics and claimed that to get a better insight into the platform’s user activity, one should refer to the dashboard on the website. The metaverse platform noted that it accounted for 1,074 users interacting with smart contracts in September and a total of 56,697 monthly logged-in users.

Continue reading

MakerDAO revenue tumbles 86% on Ether and Wrapped BTC woes

MakerDAO, the governing body of the Maker Protocol, has seen its revenue plummet in the third quarter of 2022, caused by a fall in loan demand and few liquidations, while expenses have remained high.

According to an Oct. 13 tweet by Johnny_TVL, a Messari analyst and co-author of “The State of Maker Q3 2022,” the decentralized autonomous organization saw its revenue plunge to just over $4 million in Q3, down 86% from the previous quarter.

Continue reading

DeFi market overview

Analytical data reveals that DeFi’s total value registered another dip, with the TVL value falling to $50 billion at the time of writing. Data from Cointelegraph Markets Pro and TradingView show that DeFi’s top 100 tokens by market capitalization had a mixed week, with the majority of the tokens trading in red on the 7-day chart, barring a few.

Maker (MKR) continued its bullish momentum into the second week of October, registering a 10. 78% gain over the past seven days. No other DeFi token in top-100 was trading in the green on the weekly chart.

Thanks for reading our summary of this week’s most impactful DeFi developments. Join us next Friday for more stories, insights and education in this dynamically advancing space.

Lightchain Presale Skyrockets, Setting New Standards as the Next Ethereum Contender

Fei Protocol founder proposes ghosting Tribe DAO following hack repayment

Refuting TIP-121, members of the community questioned the lack of timelines and hard numbers within the proposal.

An attack in April 2022, which drained off nearly $80 million from various Rari Fuse pools, required the decentralized finance (DeFi) platform Fei Protocol to come up with a solution that minimizes damage to the ecosystem. Fei Labs’ latest proposal, which partly recommends revoking participation from Tribe DAO, received mixed sentiments from the community.

Fei Protocol founder Joey Santoro announced the latest proposal, TIP-121: Proposal for the future of the Tribe DAO, revealing the company’s intent to reimburse Fuze victims. It also details plans for asset redemption and the distribution of protocol-controlled value (PCV) assets that manage the liquidity and yield.

Members of the community questioned the lack of timelines and hard numbers within the proposal.

A snippet of the proposal TIP-121. Source: tribe.fei.money

One of the members, onigiri, stated:

“I think trust has been broken, and I can’t believe such vague proposal probably overlooked by an army of blood-thirsty lawyers will be in the users’s favor.”

Fei Protocol previously offered the hacker a $10 million bounty for returning the $80 million worth of assets, which received no response from the hacker.

While seeking a responsible direction that reduces risk, the protocol intends to defend the FEI peg without the need for governance. “Upon completion of this proposal, and irrespective of whether the individual pieces of it fail or succeed, Fei Labs will no longer be participating in the Tribe DAO,” read the proposal.

Related: BlueBenx fires employees, halts funds withdrawal citing $32M hack

On the positive side, Ethereum-based algorithmic stablecoin project Beanstalk Farms relaunched just four months after shutting down following a $77 million governance exploit.

“Beanstalk has come out on the other end of this ordeal stronger than ever. It is a testament to the creditworthiness of the protocol and its potential to help realize a permissionless future,” said Publius, the developer group behind the BEAN stablecoin and protocol, speaking to Cointelegraph.

Lightchain Presale Skyrockets, Setting New Standards as the Next Ethereum Contender