Smart Contract Security Newsletter #46 ConsenSys Diligence – Medium

Last Month at Liquidity2020 we presented two talks (videos below) and coming up next week we will be presenting at Trufflecon, stay tuned for DevSecOps — Shifting left smart contract development by Joran Honig.

Also, for VSCode users, there’s an update on Ethereum Vyper language support.

Vyper – Visual Studio Marketplace

Distilled News

Governance Attacks — MakerDAO

Earlier this week, a flash loan was used to pass a governance vote on MakerDAO:

Essentially, B Protocol’s team wanted to be white-listed in order to access the MakerDAO’s price oracle. So, they submitted a proposal to Maker’s governance structure in order to receive that approval on October 23.

Three days later, a multi-step transaction was created and processed that began with a borrowing of synthetic Ether, which was then used as collateral to borrow $7 million worth of MKR tokens, which are used to vote on proposals. The newly-borrowed MKR was used to pass the vote and then returned to the markets from which they were lent.

You can read more about the details and ensuing discussion on the MakerDAO forum, and see the transaction itself on Etherscan. This opens up the discussion to rethink many of the decentralized governance designs.

Harvest Finance Hack

Another drama hits the DeFi world with the Harvest.finance hack. Aside from $1M bounty on the hacker, and some putting the blame on the auditors [audits], the issue was related to the price calculation in Harvest [Exploit example].

Read more on the analysis of the attack:

DeFi Security & Hacks

The Week’s Links

Research Papers

If you enjoy this newsletter please share it with your friends, or ask them to sign up here Smart Contract Security Newsletter


Smart Contract Security Newsletter #46 was originally published in ConsenSys Diligence on Medium, where people are continuing the conversation by highlighting and responding to this story.

—Source link—

What do you think?

Psychedelic Investment Opportunities More Popular? Off The Chain

Maker Governance Review: October 2020 The Maker Blog