As an experienced crypto investor, I find myself deeply concerned about the recent revelations surrounding Sky (formerly MakerDAO) and the security of the $756 million USDC held within its Lite PSM. The reliance on an externally owned account (EOA), as highlighted by user Will Morris, introduces unnecessary risks that could potentially lead to a “rug pull” or exploit.
Previously known as MakerDAO, the organization has been drawing attention due to apprehensions about the safety of approximately $756 million in USDC, which is currently stored within its “Lite Peg Stability Module”.
Initially, Will Morris drew attention to some issues, pointing out that the lightweight PSM structure depends on an external account (EOA) for managing a large amount of USDC. As Morris explained, this configuration might make the funds vulnerable to a possible attack, often referred to as a “rug pull.” The main problem lies in the fact that the EOA account owner has unlimited authority to withdraw the funds whenever they wish, which could potentially endanger the assets’ security.
Security Flaw in Custody Design
Morris contends that entrusting custody to an External Owned Account can unnecessarily increase security vulnerabilities. Instead, he suggests employing smart contracts as they may provide enhanced safety measures.
Morris stated that in his opinion, the earlier design enabled the PSM to hold USDC directly, without requiring privileged accounts. He favors a system where the PSM manages its own USDC, eliminating the need for external access that might pose a risk to the funds, as it could potentially be compromised.
In this situation, the sole secure method for an EOA (Externally Owned Account) is if the USDC approval transaction was signed utilizing Nick’s method. However, it seems that wasn’t the case. For enhanced transparency, it would be advantageous to have a smart contract in place that solely handles the approval process.
— wjmelements (@willmorriss4) December 6, 2024
Moreover, Morris disclosed that he filed a complaint about a suspected bug with Immunefi, a popular blockchain service specializing in detecting flaws in smart contracts. Regrettably, his report was turned down because matters concerning privileged accounts do not fall within their area of concern.
Morris mentioned that he filed a bug report on Immunefi, but it was marked as resolved because the issues only affect privileged accounts and such incidents fall outside their scope,” (paraphrased)
Coinbase’s Sid Ramesh Responds
Joining the dialogue, Sid Ramesh, who holds the position of Product and Consumer Onchain Lead at Coinbase, provided his insights. Though he sympathized with Morris’ concerns, Ramesh made it clear that he was not the appropriate person to discuss Coinbase’s role in this specific case.
He emphasized that Coinbase follows strict audits and processes for its multi-party computation (MPC) technology. However, his statement opened the possibility for further clarification on Coinbase’s role, suggesting that more information could be shared later. Embedded tweet.
As a researcher delving into this field, I recently came across an intriguing piece of news: Rune Christensen, one of Sky’s co-founders, revealed to Cointelegraph that during the MPC account’s initial setup with Coinbase Custody, the private keys essential for reconstituting the account were intentionally destroyed.
As Sky tackles security issues, it’s simultaneously undergoing major transformations in its economic framework. Co-founder Christensen has suggested adopting a deflationary system, effectively ending the creation of new tokens. Instead, the emphasis would be on destroying existing ones, a move he thinks would strengthen the protocol and align more closely with the initial token distribution design.
Read More
- The Beauty Cast Adds Rebecca Hall to Ryan Murphy’s FX Series
- How Much Did Taylor Swift’s Eras Tour Contribute to the US Economy?
- Boney Kapoor cites Jr NTR in War 2 as example when Siddharth asks if a ‘new face’ from South can find success in Bollywood today
- IMX PREDICTION. IMX cryptocurrency
- Who Is Kelly Reilly’s Husband? Kyle Baugher’s Job & Relationship History
- What Happened to Richard Perry? ‘You’re So Vain’ Music Producer Passes Away
- Skeleton Crew Episode 4 Ending Explained: What Happens to Neel?
- Arnold Schwarzenegger’s Santa & Alan Ritchson Smile for First Man With The Bag Photo
- Bridgewater Founder Advocates “Hard Money” Like Gold and Bitcoin Over Debt
- Black Ops 6 needs to add this key feature to curb-stomp cheating
2024-12-06 21:21