The Governance Facilitator(s) and the Protocol Engineering Core Unit have placed an out-of-schedule executive proposal into the voting system. MKR Holders should vote for this proposal if they support the following alterations to the Maker Protocol.

If you are new to voting in the Maker Protocol, please see the voting guide to learn how voting works, and this wallet setup guide to set up your wallet to vote.

Executive Summary

This out-of-schedule executive proposal mitigates the post-shutdown flash loan vulnerability in the Maker Protocol as described by the Protocol Engineering Core Unit here. Note that there is no risk to Maker Protocol or any of its stakeholders so long as Emergency Shutdown has not been triggered.

Voting for this executive proposal will place your MKR in support of the changes and additions outlined above.

Unless otherwise noted, the changes and additions listed above are subject to the GSM Pause Delay. This means that if this executive proposal passes, the changes and additions listed above will only become active in the Maker Protocol after the GSM Pause Delay has expired. The GSM Pause Delay is currently set to 48 hours.

If this executive proposal does not pass within 30 days, then it will expire and can no longer have any effect on the Maker Protocol.

Proposal Details

Mitigate Post-Shutdown Flash Loan Vulnerability

If this executive proposal passes, it will mitigate the post-shutdown flash loan vulnerability in the Maker Protocol as described by the Protocol Engineering Core Unit here. It does this by:

• Giving a new module flash-killer authorization over the Flash Mint Module, such that anyone can permissionlessly use flash-killer to disable the Flash Mint Module in the event of Emergency Shutdown being triggered.
• The vulnerability is not exploitable until 3 days (currently) after Emergency Shutdown is triggered, meaning there is a 3-day window where any user can disable the Flash Mint Module using flash-killer before an exploit can take place.

The Protocol Engineering Core Unit considers this a temporary mitigation and recommends that the issue be solved more permanently in the future via the replacement of the Flash Mint Module. The source code for the flash-killer module can be found here. The flash-killer contract address is 0x07a4BaAEFA236A649880009B5a2B862097D9a1cD.

Review

Community debate on these topics can be found on the MakerDAO Governance forum. Please review any linked threads to inform your position before voting.

Resources

Additional information about the Governance process can be found in the Governance section of the MakerDAO community portal.

To participate in future Governance calls, please join us every Thursday at 17:00 UTC.

To add current and upcoming votes to your calendar, please see the MakerDAO Public Events Calendar.