MakerDAO bug could’ve let hackers steal Ethereum powering its DAI stablecoin by transisto

crypto · @transisto · Oct 3 '19

MakerDAO bug could’ve let hackers steal Ethereum powering its DAI stablecoin

https://thenextweb.com/hardfork/2019/10/03/makerdao-security-vulnerability-ethereum-dai-stablecoin-collapse-theft-cryptocurrency/

>“The cost of performing the attack is almost zero — just the minimal denomination of each type of gem stolen plus gas,” wrote the researcher who discovered the flaw.

> MakerDAO’s smart contract had almost zero access control
A HackerOne disclosure report reveals the attack was to be possible due to a complete lack of access control in a MakerDAO smart contract — specifically, the contract that was to allow the system to auction collateral in exchange for DAI cryptocurrency when loans are liquidated.

> “A lack of validation in the method flip.kick allows an attacker to create an auction with a fake bid value,” reads the disclosure. “Since the end contract trusts that value, it can be exploited to issue any amount of free Dai during liquidation. That Dai can then be immediately used to obtain all collateral stored in the end contract.”

👍 digital-wisdom, mark-waser, steemquebec, herpetologyguy, tobias-g, homeginkit, goldhash, lifeaef, arcange, jwaser, helo, mehta, natachayacinthe1, kettleandseagull, pagliozzo, sneakgeekz, freebornsociety, bwaser, juanmcar, coinmarketcal, handyman, elviento, cryptotradingfr, a-bot, leilazamoram, ethical-ai, strong-ai, ciuoto, zeinmalik, imisstheoldkanye, steemtruth, g-dubs, michhart, ellepdub, trillhc, tonpa, raphaelle, technoprogressiv, brian-rhodes, elmauza, fcbarcelonafans, trufaith, blues-wclouds, benhamama, liock1, helsy, tomgoode, wogachioma, kaili, alexusbrave, deus-vult, lifetoday, jidgabol, ckswank, avalonprosky, joep, maxx4137, nilfanif, feye, rastalikelove, morgan.waser
👎 ranchorelaxo

`author`	transisto
`permlink`	makerdao-bug-could-ve-let-hackers-steal-ethereum-powering-its-dai-stablecoin
`category`	crypto
`json_metadata`	{"tags":["crypto","eth","fail"],"links":["https://thenextweb.com/hardfork/2019/10/03/makerdao-security-vulnerability-ethereum-dai-stablecoin-collapse-theft-cryptocurrency/"],"app":"steemit/0.1","format":"markdown"}
`created`	2019-10-03 16:05:12
`last_update`	2019-10-03 16:05:12
`depth`	0
`children`	0
`last_payout`	2019-10-10 16:05:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	979
`author_reputation`	330,357,940,720,833
`root_title`	"MakerDAO bug could’ve let hackers steal Ethereum powering its DAI stablecoin"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	91,193,657
`net_rshares`	-22,758,634,177,415
`author_curate_reward`	""

properties (23)vote details (62)

voter	rshares	pct
g-dubs	3,083,138,815	4%
mark-waser	517,768,367,386	100%
arcange	42,516,238,670	3%
raphaelle	1,750,468,709	3%
brian-rhodes	1,297,470,962	10%
digital-wisdom	555,116,423,058	100%
ethical-ai	3,378,652,781	100%
jwaser	37,352,334,879	100%
bwaser	8,529,263,697	100%
ellepdub	2,267,653,278	100%
herpetologyguy	246,494,449,796	100%
joep	153,865,104	100%
morgan.waser	0	100%
handyman	8,155,243,400	100%
strong-ai	3,378,652,442	100%
steemtruth	3,090,834,979	15%
technoprogressiv	1,663,241,275	100%
trillhc	2,206,907,475	100%
steemquebec	458,750,521,917	100%
ranchorelaxo	-25,390,003,899,357	-67%
elviento	6,983,284,666	5.08%
freebornsociety	9,135,073,274	10%
sneakgeekz	12,411,529,547	20%
helo	34,701,884,889	100%
leilazamoram	4,921,949,775	100%
rastalikelove	0	100%
feye	0	10%
tonpa	2,017,782,308	5%
trufaith	912,269,890	100%
benhamama	717,959,223	100%
zeinmalik	3,247,770,321	100%
wogachioma	554,660,260	100%
kettleandseagull	18,266,120,673	100%
helsy	592,614,805	100%
natachayacinthe1	18,920,281,948	100%
cryptotradingfr	5,106,978,597	10%
imisstheoldkanye	3,114,647,299	1%
ciuoto	3,266,660,748	20%
lifeaef	46,245,486,330	100%
mehta	29,026,539,824	30%
maxx4137	13,666,460	100%
ckswank	252,296,775	50%
liock1	608,201,721	100%
tobias-g	223,219,020,636	46%
nilfanif	0	100%
michhart	2,359,774,073	100%
homeginkit	199,696,817,128	100%
lifetoday	280,551,657	100%
goldhash	67,825,939,976	100%
juanmcar	8,468,566,692	100%
fcbarcelonafans	1,026,588,532	100%
tomgoode	563,030,099	100%
deus-vult	538,932,775	100%
pagliozzo	12,659,413,758	15%
elmauza	1,064,640,523	100%
blues-wclouds	792,305,954	100%
jidgabol	254,769,681	100%
coinmarketcal	8,416,040,566	22%
a-bot	4,979,296,724	2.17%
avalonprosky	160,475,545	50%
alexusbrave	544,035,453	100%
kaili	548,134,214	100%