MakerDAO developers fixed a critical vulnerability that could lead to the loss of more than 10% of the total collateral funds of users of the DAI token, reports CoinDesk .
The user HackerOne under the nickname lucash-dev found an error in the planned update of the Multi-Collateral Dai (MCD) system during the testing phase. The vulnerability allowed an attacker to steal the entire security, which is at the liquidation stage in MCD, in one transaction.
According to lucash-dev, the possibility of an attack opened up a complete lack of access control in the system’s smart contract.
When the MCD was in the phase of liquidating the security bond, the attacker could create a fake auction with an arbitrary rate. Thus, he received all the pledges in the system.
Lucash-dev received a reward of $ 50 thousand as part of the MakerDAO bounty program.
Recall that previously critical vulnerability was found in a smart contract for voting in MakerDAO.
Follow BlockchainJournal on Twitter !
BlockchainJournal.news
BlockchainJournal.news
