Share

Sky Faces Investigation for Potential $756M Exploit Vulnerability

Sky's reliance on externally owned accounts to handle $756 million in USDC reserves sparks concerns regarding both security and transparency.
Chris Lion
Author
About Author
Author
Last updated:
7 December 2024 @ 17:42 UTC
Why Trust CTW

CTW is a fresh voice in the world of cryptocurrency, offering clear and insightful coverage of the ever-evolving digital asset landscape. Backed by a team of passionate writers and crypto enthusiasts, we dive deep into market trends, emerging technologies, and innovative blockchain projects. We hope to become your go-to source for up-to-date information in this fast-paced industry.

Share

Sky, the decentralized project formerly known as MakerDAO, has come under fire for a potential vulnerability that could put $756 million in USD Coin (USDC) reserves at risk. The funds are held in Sky’s lite peg stability module (PSM), which plays a crucial role in maintaining the stability of its flagship stablecoin, DAI.

User Highlights System Issues

According to a recent post on X, a user highlighted issues with the system’s use of an externally controlled account to handle a large share of its assets, totaling $756 million in stablecoin reserves.

Observers also contended that this custodianship approach may expose the assets to possible security breaches or internal mismanagement.

Following its recent transition to the Sky brand and ongoing debates over the feasibility of introducing a freeze mechanism, the potential for exploitation or misappropriation of funds managed via EOAs could further erode the protocol’s credibility and stakeholder confidence.

The lite PSM is a tool that enables Sky to maintain the peg of its stablecoin against the United States dollar, permitting users to exchange the stablecoin for USDC at a fixed rate.

As part of the migration plan, Sky intends to shift reserves from the older PSM to the Lite PSM in three stages, starting with an initial transfer of $20 million. However, the Lite PSM’s reserves are reportedly managed through an externally owned account (EOA), according to claims made by an X user and Sky official forum, sparking concerns about transparency and security.

EOA-Based Custodianship

On the other hand, EOA is a standard Ethereum wallet managed via a private key, in contrast to a smart contract, which operates based on predefined code and security protocols without external control.

Critics of using EOAs for custodianship assert that these accounts are fundamentally more prone to risks and less transparent, as they lack mechanisms such as multi-signature verification or time-locked transactions.

This approach to fund management would leave the $756 million reserve vulnerable to private key breaches or possible malicious activities, especially in the absence of protections to limit the movement of the assets.

Meanwhile, the Sky co-founder’s perspective fails to adequately address questions about who has ultimate control over the wallet, how transactions are approved, or whether governance mechanisms can enforce actions related to fund management.

Chris Lion

Author
Data analyst cum crypto writer.

Enter your email for our Free Daily Newsletter.

Newsletter Subscribers (Home Footer}