Gnosis’s new tool allows trust-less execution of off-chain proposals
While we often cover decentralized finance (DeFi), decentralized autonomous organizations (DAOs), and airdrops of various governance tokens, we rarely talk in details about a decentralized governance process that determines the fate of many DeFi protocols. Before covering the news about SafeSnap, we should understand the difference between off-chain and on-chain voting.
In an on-chain governance model a user can cast his vote by interacting with a blockchain, which implies paying high gas fees as major DeFi projects currently use the highly congested Ethereum network. This model allows trust-less execution of proposals by smart contracts and it’s being often used for tweaking certain parameters in the protocol, as well as managing DAO’s treasury.
Since on-chain governance is too costly, many DeFi protocols use an off-chain voting model, in which all eligible users can cast their votes for free by signing messages using open-source tools like Snapshot. The major drawback of this approach is that users have to trust developers to implement their decisions.
In order to bridge both approaches and save on gas fees, Gnosis has merged with Snapshot and launched its SafeSnap governance tool, which allows a trust-less on-chain execution of passed off-chain proposals.
However, a trust-less execution introduces an additional attack vector, which can be used by well-funded malicious actors as it recently happened with the True Seigniorage Dollar protocol.
To reduce risks of potential exploits, Gnosis’s SafeSnap module will have an option to give multisig owners the right to veto an execution of malicious actions in the case of emergency. This, however, will add some degree of trust back to the system, so there is no silver bullet solution, and each team should decide for themselves which path to take.
Major DeFi projects like Yearn and SushiSwap plan to use SafeSnap.
Nano releases an upgrade amid a network attack
The Nano network has been experiencing a massive DoS attack, which clogged the network with many small transactions. There were around 5.5M Nano accounts over last 5 years until March, when the spam attack has begun, increasing the total number of accounts to over 20M in just 10 days.
By continuously sending millions of tiny transactions, an adversary was able to successfully increase an average confirmation time for each Nano transaction, with some users complaining about their transactions being stuck for many hours. Nano is asynchronous, meaning that the attacker was able to maintain his malicious activity even while many honest nodes - known as representatives - fell out of sync.
The main value proposition of Nano is almost instant transactions with zero fees, which makes the network extremely vulnerable to spam attacks as the system lacks spam-protection mechanisms. After the recent release of the V21.3 upgrade honest nodes were able to synchronize with the network in a more efficient way, which reduced the average confirmation time of Nano transactions under one second.
Developers promised to add more patches to the upcoming V22 upgrade in an attempt to make the network spam-tolerant, while still keeping zero fees, fast confirmation time, and censorship-resistant properties.
In other news
Decentralized exchange Uniswap released details of its upcoming v3 upgrade, which is scheduled to go live in May. The upgrade will include various innovate features to significantly increase capital efficiency of liquidity providers and decrease transaction fees by utilizing layer-2 scaling solution Optimism. Unlike most open-source DeFi protocols, Uniswap v3 will launch under the Business Source License 1.1, making it illegal for other projects to use the same codebase for up to two years.
Nathan Worsley, DeFi trader and CTO of LocalCoinSwap, released details about a new DeFi trading exploit dubbed Salmonella, which utilizes “poisoned” token contracts to swindle Ethereum miners who run Maximal Extractable Value (MEV) front-running bots. Recently, large mining pools have been introducing MEV as a way to offset miners’ expected revenue losses from the upcoming EIP-1559 fee market overhaul. The Salmonella strategy netted Worsley at least 130 ETH — worth ~$210,000 at press time.
True Seigniorage Dollar protocol has been exploited through its DAO. An attacker slowly accumulated project’s governance token TSD until he controlled more than 33% of the DAO. Then the hacker used his power to mint 11.5 quintillion TSD for himself and dumped all the tokens on PancakeSwap.
DeFi projects PancakeSwap and Cream Finance suffered from a DNS hijack attack. A hacker was phishing website visitors to input their private keys. It’s important to mention that smart contracts of PanckaSwap and Cream Finance have not been exploited.
Roll, the platform for issuing social tokens, has been exploited for $5.7 million. According to the team, the Roll smart contracts were not compromised, because the hack was caused by a leak of the private keys of project’s hot wallet.
Google searches for Bitcoin in Turkey skyrocketed more than 5 times after the Turkish lira lost 17 percent against the US dollar in one day. The record crash in almost 2 decades came after President Recep Tayyip Erdogan made a decision to oust the head of the country’s central bank.
Tesla has official started accepting bitcoins as a payment option for its e-cars. According to Elon Musk, received bitcoins won’t be converted to fiat currency.