Mundus Security Technical Blog

Four ways how DAO community could increase security of the protocol

Smart Contract Security Tips
Decentralized Autonomous Organizations (DAOs) have become increasingly popular in the world of decentralized finance (DeFi) and blockchain technology. As these organizations continue to grow and evolve, so do their challenges in maintaining security and trust within their platforms. We will explore cases where DAOs and their communities have played a critical role in addressing security issues and fostering a secure environment. Building trust is crucial for the community. In Mundus Security, we are always happy to talk about security and how to build trust for Web3 communities. Let's talk: https://calendly.com/alex-mundus/public-mundus-security

DAOs Hiring Auditors

The most recent trend is DAOs looking for the services of professional auditors to review their platforms and smart contracts constantly and make a collective decision about the name and price for such collaboration. By doing so, they can identify and address vulnerabilities, ensuring the security of their systems.
Compound since Dec 2021, subscribed to an audit firm for quarterly updates about protocol security for USD 1 mln per quarter.

DAOs Investigating Hacks

Also DAOs and their communities have come together to investigate hacking incidents, share information, and implement security measures to prevent similar attacks in the future.
After hackers exploited Badger DAO's web interface and stole approximately $120 million, the DAO community actively investigated the incident, shared information, and implemented security measures to prevent similar attacks.
Deus Finance DAO lost $13.4 million in Ethereum due to a flash loan attack. The DAO and its community investigated the incident, identified the root cause, and implemented security measures to protect against future attacks.
An attacker compromised Axie Infinity by taking control of a blockchain validator operated by its DAO. The DAO community was crucial in investigating the incident, identifying weaknesses, and enhancing the platform's security.
A phishing scheme caused a developer of the bZx protocol to lose key passphrases, enabling attackers to drain $55 million from the platform. The DAO community actively participated in the investigation of the attack and worked together to find security solutions.

DAOs Fixing Vulnerabilities Through Proposals

Often DAOs and their communities have discovered vulnerabilities and addressed them through governance proposals. These proposals allow for democratic decision-making processes that lead to improved security measures. But sometimes, democracy takes too much time.
Aave, a decentralized lending platform, had a security vulnerability that hackers could exploit. The Aave community recognized this issue and submitted an Aave Improvement Proposal (AIP) to address the vulnerability. This demonstrated their commitment to the platform's security and proactive approach to resolving potential issues.
After discovering a bug that allowed borrowers to claim more than their intended share of COMP, Compound's team proposed a fix. After $80 million in COMP was sent to the wrong people, the team rushed to patch a fix. But before any fix could be implemented, the protocol required a governance proposal to pass. It was created on October 2 and finally accepted on October 9. While the community debated, the vaults lost a further $68.8 million.
On the one hand, this case shows the importance of the community reacting quickly. On the other hand, it shows the necessity of partial centralization or another governance for extreme cases. For example, delegating part of the votes to a group of reputable auditors or creating a dedicated voting scheme for security issues with adding auditors.

DAOs Reversing Exploits

Sometimes DAOs and their communities have taken steps to reverse the effects of hacking incidents or exploits by implementing changes that restore stolen funds to their rightful owners.
In response to an exploit that resulted in a loss of over $100 million in cryptocurrency, the Binance Smart Chain community implemented a hard fork to reverse the exploit and return the stolen funds to their rightful owners.
The most known case is $150 mln The DAO hack. It caused the fork of Ethereum to ETH and Ethereum classic and took a lot of effort from all parts of the community: users, investors, devs, miners, etc.

Conclusion

These cases demonstrate the importance of DAOs and their communities in addressing DAO smart contract vulnerabilities and building trust in decentralized platforms. Through hiring auditors, investigating hacks, addressing vulnerabilities with proposals, or reversing exploits, DAOs can play an active role in maintaining the security and success of their platforms. As the world of DeFi and blockchain technology continues to evolve, DAOs and their communities must remain vigilant and proactive in addressing potential security risks.
To increase security in each of these categories, hiring a great auditor that can work closely with the community is crucial. A skilled auditor will identify vulnerabilities and provide guidance on the best practices and strategies for securing the platform. By working with the community, auditors can ensure that the platform's security is maintained, building a safer and more reliable environment for all users.
Investing in a professional auditor and building strong communication between the auditor and the community is crucial in securing the future of decentralized platforms. As the space continues to grow and face new challenges, the collaboration between DAOs, their communities, and skilled auditors will remain essential in building a more secure and trustworthy DeFi ecosystem. As a leading smart contract audit services provider, we would happily discuss your project. You could easily set up a call with us: https://calendly.com/alex-mundus/public-mundus-security