Since the vote to add a 24 hour delay to the Governance Security Module failed, is there a timeline for when MakerDAO will put it up for a vote again? If not, does MakerDAO intend to allow the vulnerability it fixes to remain exploitable?
There is not a timeline currently.
I don’t believe the vulnerability will remain exploitable though. It was always planned to activate the GSM at some point.
Part of the problem is that it’s difficult to judge the intention of MKR Token Holders with respect to that executive. The fact that it didn’t pass could indicate either:
- MKR Token Holders do not think that activating the GSM at this time is a good idea.
- MKR Token Holders were not paying attention to the executive vote and did not move their MKR from the previous executive to the GSM activation.
I’ve listened to the Feb 13 Governance and Risk Meeting (Ep. 73). The darkfix plan makes sense to me. Great work!
It is interesting, but it forces MKR holders to accept execution of a code that they do not know in hope that it is genuine fix not exploit. If someone remember Parity Multisign Wallet “Fix” he will understand a risk.
I disagree with this characterization. MKR holders can approve the darkfix or not. It’s an option. It’s a matter of social consensus whether the security researcher can convince the big MKR holders that the darkfix is in our/their best interests. If this option allows us to enable the GSM then I’m all for it.
You mention the Parity Multisig Wallet fix. How is this relevant?
Guys introduced a bug while fixing another one found previously, It have led to 250 mln locked. This is kind of risk You fall into when not enough eyes is watching and that is exacly what darkfix is by design. Code seen before by as few eyes as possible.
But I agree that if it will allow to enable GSM it is woth it especially that dark fix is a tool of a last resort to an existing bug, hopefully will be never used. Does not change the fact that it is dangerous as hell.