DeFi Threatened by Smart Contract Exploit?
Decentralized finance relies on Ethereum-based smart contracts, and this raised the question of bailing out funds in case of an exploit.
The trend of decentralized finance means more and more funds are sent to smart contracts for various organizations. The most prominent one, Maker DAO, kept gathering millions of ETH as collateral, and prepares to accept multiple coins for holding.
But while the organization was growing, the smart contract also held a risky vulnerability. Recently, a bug reporter on HackerOne found a critical vulnerability that could steal the entire collateral during liquidation. The bug affected the protocol for multi-collateral DAI. So far, there is no information on the ETH collateral, and the Maker smart contract.
“A lack of validation in the method flip.kick allows an attacker to create an auction with a fake bid value,” stated the HackerOne report. “Since the end contract trusts that value, it can be exploited to issue any amount of free Dai during liquidation. That Dai can then be immediately used to obtain all collateral stored in the end contract.”
The opportunity to steal funds from a contract also raised the issue of bailing out the organizations. Vitalik Buterin, co-founder of Ethereum, posted a poll on the issue.
The majority of respondents, both to Buterin’s tweet, and a similar poll by Vlad Zamfir, suggest that a bailout should not be an option.
The potential for losses for ETH-based DeFi schemes may be significant, and no bailout is coming in case any coins are lost or syphoned off. The returns from exchange-based lending schemes are thus less risky, as the balances are not kept in a smart contract.
The Eth2Dai smart contract is the ninth most active, while Maker moved to position 22 from top gas burners on the Ethereum network. But other contracts compete for attention, and may create trouble for DeFi, when the network is overloaded.
ETH is currently trading at around $184.14, relatively stagnant, despite expectations for a move above $225 if BTC rallies continue. Still, using ETH as collateral has additional risks, and may hurt the coin’s reputation.