Sky, the decentralized project formerly known as MakerDAO, has come under fire for a potential vulnerability that could put $756 million in USD Coin (USDC) reserves at risk. The funds are held in Sky’s lite peg stability module (PSM), which plays a crucial role in maintaining the stability of its flagship stablecoin, DAI.
User Highlights System Issues
According to a recent post on X, a user highlighted issues with the system’s use of an externally controlled account to handle a large share of its assets, totaling $756 million in stablecoin reserves.
Observers also contended that this custodianship approach may expose the assets to possible security breaches or internal mismanagement.
Following its recent transition to the Sky brand and ongoing debates over the feasibility of introducing a freeze mechanism, the potential for exploitation or misappropriation of funds managed via EOAs could further erode the protocol’s credibility and stakeholder confidence.
The lite PSM is a tool that enables Sky to maintain the peg of its stablecoin against the United States dollar, permitting users to exchange the stablecoin for USDC at a fixed rate.
As part of the migration plan, Sky intends to shift reserves from the older PSM to the Lite PSM in three stages, starting with an initial transfer of $20 million. However, the Lite PSM’s reserves are reportedly managed through an externally owned account (EOA), according to claims made by an X user and Sky official forum, sparking concerns about transparency and security.
EOA-Based Custodianship
On the other hand, EOA is a standard Ethereum wallet managed via a private key, in contrast to a smart contract, which operates based on predefined code and security protocols without external control.
Critics of using EOAs for custodianship assert that these accounts are fundamentally more prone to risks and less transparent, as they lack mechanisms such as multi-signature verification or time-locked transactions.
This approach to fund management would leave the $756 million reserve vulnerable to private key breaches or possible malicious activities, especially in the absence of protections to limit the movement of the assets.
Meanwhile, the Sky co-founder’s perspective fails to adequately address questions about who has ultimate control over the wallet, how transactions are approved, or whether governance mechanisms can enforce actions related to fund management.
Leave a Reply