Dai Users Almost Lost All of their Funds

All Dai users are now safe from losing all their funds after MakerDAO, the decentralized organization running on Ethereum, has fixed a critical bug.

In a report on October 1, HackerOne user lucash-dev revealed a critical bug in the planned Multi-Collateral Dai (MCD) upgrade. The bug could have let an attacker steal the complete collateral stored in the MCD system. And they can do it in a single transaction only.

Moreover, they caught the bug while testing the phase of the MCD upgrade and before users can even access the system. Also, the report disclosed that the attack was doable because of a full lack of access control on a MakerDAO smart contract.

The report stated, “A lack of validation in the flip.kick allows an attacker to create an auction with a fake bid value.”

And according to them, the end contract trusts the value. And it can become exploited to issue any amount of free Dai during liquidation. Also, they can use Dai right away to gain all collateral stored in the end contract.

Then, Lucash-dev reported the security flaw through the HackerOne forum. After that, lucash-dev received a $50,000 bounty from the bounty program of MakerSAO. And this was the first critical finding in the program.

India

Elsewhere, in India, the police of Pune has sought a directive from a court to transfer 85 million Rupee seized from a Bitcoin (BTC) Ponzi last year.

In an article of Times of India on October 3, Pune cyberpolice stated the value of 244 cryptocurrency units, worth $1.2 million, became blacklisted in the bank account of company Discidium Internet. The police hired this to change the seized crypto units into rupees.

Furthermore, the Discidium Internet is challenging the validity of RBI’s order. This blocks dealing in virtual currencies. And it asked that the RBI instruct the Central Bank of India to unfreeze the account.