On March 14th, the CertiK Security Team discovered a novel type of attack which was leveraged against the DeFi stablecoin project; True Seigniorage Dollar. The attack resulted in a total loss of approximated $16,600. In order to conduct this, the attacker took advantage of the principle of the Decentralized Autonomous Organization (DAO) mechanism in order to conduct an attack without manipulating conventional ‘vulnerabilities’.
The attacker (0x50f753c5932b18e9ca28362cf0df725142fa6376) acquired a large number of True Seigniorage Dollar tokens (TSD) at a low price. They then leveraged those tokens for voting power and forcibly passed proposal No. 2
No security vulnerabilities were exploited in the TSD smart contract or dApps. Through an understanding of the DAO mechanism, the attacked continued to purchase TSD at a low price and leveraged the mechanism by which token holders could no longer vote on proposals after they unbonded their tokens; doing so because they could no longer profit from the protocol. Taking into consideration the project owner has a very low proportion of voting rights, the attacker took control of the governance surrounding proposal No. 2 with absolute advantage, thereby ensuring that the malicious proposal was passed.
Although the entire attack was conducted through the use of a malicious contract implanted in the backdoor, the DAO mechanism was the main contributing factor which enabled the attack to be conducted throughout the entire implementation process.
The CertiK Security Team recommends the following: starting from the DAO mechanism, the project party should have the right to vote to ensure that the governance proposal is not “kidnapped”, there, they can avoid recurrence of the attack.