Connect with us


Coinbase reveals steps taken to tackle MakerDAO vulnerability without incurring loss of funds




Coinbase reveals the steps taken to tackle MakerDAO vulnerability without incurring loss of funds
Source: Unsplash

Maker Foundation, the organization behind the development of the MakerDAO ecosystem, recently announced that the team had discovered a critical vulnerability in its voting contracts, in collaboration with Coinbase and Zeppelin. Coinbase, the leading cryptocurrency exchange, released a blog post titled ‘Technical Retro: Remediating the Vulnerability in MakerDAO’s Voting Contracts’. The blog post detailed the measures taken by the teams to “remediate the vulnerability – leading to no loss of funds”.

Coinbase’s blog post read,

“This story starts with smart contracts. We’ve historically stayed away from smart contracts as part of our infrastructure as we see the smart contract ecosystem as still fairly young […] With Coinbase Custody’s push to provide governance services to its clients, however […] became something we had to develop […]

Further, it stated that the team built a custom VoteProxy smart contract in order to integrate MakerDAO voting to their cold storage system. This was then sent for an audit to their external audit partners, Zeppelin, along with details pertaining to inter-contract interactions in the MakerDAO voting ecosystem. The blog post stated,

“We knew something unusual was happening when Zeppelin scheduled an unplanned check-in. At this point, they briefly let us know they’d found a critical bug in MakerDAO voting. We reached out to the MakerDAO team and we all got on a call together within hours of the initial findings.”

Source: Coinbase

Source: Coinbase

This was followed by the firm stating that there were a “couple of catches” with this situation, underlinig the three major points. The first was the possibility of loss of funds in a scenario where an active attack takes place before users withdraw their MKR from their old vulnerable smart contract,

“However, the MakerDAO team was able to come up with a suite of mitigations that would significantly reduce the impact of any active exploitation. We think this is a fairly interesting corner case in vulnerability management in this kind of environment.”

The second point that was outlined was that the “vulnerable” smart contract was open source and would have been a problem if any other project started to use it, considering the fact that this was “a common problem in open source software development”. The blog post further read,

“In the end, MakerDAO was able to ship a new contract, get network participants moved over and avoid any loss. This was only possible because of the outstanding work in discovering the vulnerability by Zeppelin and the rapid, collaborative involvement of all three parties in reviewing and addressing the issue.”

Subscribe to AMBCrypto’s Newsletter

Follow us on Telegram | Twitter | Facebook

Priya is a full-time member of the reporting team at AMBCrypto. She is a finance major with one year of writing experience. She has not held any value in Bitcoin or other currencies.


Bitcoin [BTC], Litecoin [LTC] can be transacted on Whatsapp, announces Zulu Republic as security concerns remain

Namrata Shukla



Bitcoin and Litecoin can be transacted on Whatsapp, announces Zulu Republic as security concerns remain
Source: Pixabay

The prominent messaging platform Whatsapp has brought the common man one step closer to adopting crypto. According to a recent announcement by Zulu Republic, Bitcoin [BTC] and Litecoin [LTC] would be the first two coins available for users to send and receive on the social messaging platform.

Zulu, “an ecosystem of blockchain tools and platforms where people, businesses, and organizations thrive,” announced the development on May 19:

“We are happy to announce that from today you can send and receive #bitcoin & #litecoin on #WhatsApp via @liteim_official ! try it yourself here: …”

The Whatsapp bot currently supports English and Spanish and allows users to exchange Zulu’s native token, ZTX, along with BTC and LTC. With Facebook planning to launch its own crypto and now Whatsapp joining its league, crypto adoption is expected to increase exponentially in the future.

However, Facebook has been struggling with several privacy issues. A report by highlighted that Whatsapp hackers managed to install spyware on iOS and Android smartphones through a single phone call through the popular messaging application. This vulnerability of Whatsapp existed for weeks, enabling hackers to inject Israeli spyware on phones through a phone call. The report noted,

“The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs.”

Whatsapp has urged its users to update the software and is currently investigating the vulnerability. The messaging app giant noted that it was too early to estimate the number of phones affected by the hack. With privacy being an important aspect for crypto and social media application users, Facebook and Whatsapp would have to reassure its users of their tightened security measures to further drive global adoption.

Subscribe to AMBCrypto’s Newsletter

Continue Reading