Coinbase Exchange notified users about a vulnerability that poses a great risk to MakerDAO smart-contracts (MKR).
"This week, Coinbase and Coinbase Custody security groups discovered a critical vulnerability in MKR contracts. We identified the problem and worked to resolve it with partners and the MKR team."– exchange Twitter.
Check for vulnerability from Zeppelin partner
According to the exchange's version, a weak spot was discovered during a routine security check of smart-contracts conducted by an external partner, namely Zeppelin.
Interesting in the section: Coinbase Cryptobusiness Exchange: an overview of the exchange platform
Zeppelin published a revised schedule of how the problem was discovered, solved and made public.
April 22-26: Zeppelin internally checks for a vulnerability.
April 26: Zeppelin reports a vulnerability to the development team in the presence of Coinbase team representatives.
April 30: The Maker team presents its correction plan.
May 2: The Maker team shares its fixed contract, and Zeppelin evaluates its security.
May 6: The Maker Team publicly announces this vulnerability.
May 9: Zeppelin has published a technical description of the vulnerability.
Coinbase Exchange has released a blog update with details about the vulnerability. According to the description of the auditor, the potential use of the MakerDAO system would allow an attacker to remove votes from proposals or block other users' MKR markers indefinitely, which would deprive them of their right to vote. After the release of the Coinbase update, which took place yesterday at about 10:00 (UTC), the price of the Maker suffered losses, which were restored in the last hours.
Editor: Alyona Nabok