If someone borrows 50,000 MKR from AAVE for an ESM attack, how can we protect ourselves?

The MKR deposit on AAVE is close to 40,000.

I think governance is much more active now, so ESM can be increased above 50,000 to be more secure.

Maybe through signal request?

Aave should also lock collateral of MKR borrower if there is ESM, otherwise they shouldnt allow MKR borrow at all, since they are just inviting attack on Maker

1 Like

The MKR locked in the ESM is permanently locked unless the Maker community decides to restore it when redeploying the system, it is certain that this would not happen in the event of a malicious emergency shutdown.

In practice this would mean that the borrower would not be able to repay the loan, and would be at risk of losing their collateral. In addition, the actual owner of the MKR supplied on Aave would never be able to reclaim their funds (unless others decided to supply MKR.)

In practice, the borrower might come out ahead if the value of MKR drops significantly after ES (which is likely,) however the lender is just screwed. Lending significant amounts of MKR on secondary platforms is really, really dangerous.

Changing the ESM amount is not a good solution though, it’s specifically supposed to be possible to trigger it with a minority of MKR to defend against a majority governance attack.


When our TVL has $5 billion, the cost of an attack of 50,000 MKR is still relatively low. I suggest that we should adopt a method to store MKR tokens in our own platform to make it more secure, otherwise…

1 Like

If you assume the price of MKR drops 10x in an ESM (it will easily drop 100x or go to 0), then an attacker only needs to be able to borrow 55k on aave - at that point they will have a PROFIT INCENTIVE to trigger emergency shutdown. It is very dangerous