“The problem is, Maker Foundation has decided that the appropriate value for this governance delay is 0 seconds. That is right, defenders have 0 seconds to defend against an attack launched by a wealthy but malicious party,” he adds in the post. The issue, Zoltu notes, lies in the way in which MakerDao is governed. “Some groups of plutocrats can control how the system behaves.” In order to carry out the attack, the hacker would have to deploy approximately $20 million (40,000 MKR), which wouldn’t necessarily be straightforward. CoinDesk reports that the person would need to buy MKR without affecting the price, which is, of course, unlikely. Zoltu claims Maker has been aware of the issue since before Maker v2 launched. “Despite this, they are choosing not to plug the hole (the plug is easy). Because of that, I do not believe that it would be responsible for me to keep my mouth shut and hope that no attacker figures out what should be obvious to anyone who understands Maker’s governance model,” he notes. Back in October, MakerDAO disclosed another dangerous security flaw that could have potentially allowed an attacker to steal Ethereum powering its then-unreleased multi-collateral Dai with a single transaction. This could’ve done untold damage to the credibility of the MakerDAO system. At the time, a HackerOne disclosure report revealed the attack was made possible due to the complete lack of access control in a MakerDAO smart contract, which allows the system to auction collateral in exchange for DAI cryptocurrency once loans are liquidated.