Sky faces scrutiny over potential $756M exploit flaw

Sky, formerly MakerDAO, faces scrutiny for using an EOA to manage $756 million in USDC reserves within its lite PSM.
Sky, formerly MakerDAO, faces scrutiny for using an EOA to manage $756 million in USDC reserves within its lite PSM.

Sky, formerly known as MakerDAO, is facing criticism for its reliance on an externally owned account (EOA) to manage $756 million in USD Coin reserves within its lite peg stability module (PSM).

Concerns were raised by an X user about the protocol’s reliance on an EOA to manage a substantial portion of its reserves, amounting to $756 million in USD Coin (USDC).

Critics argue this custodianship model could leave funds vulnerable to potential exploits or insider misuse.

After its recent rebrand to Sky and concerns surrounding the ability to implement a freeze function in the future, the risk of a breach or misuse of these EOA-managed funds could further impact the protocol’s reputation and user trust.

Related: Sky, formerly Maker, launches USDS stablecoin on Solana

What is the lite PSM?

The lite PSM is a mechanism designed to assist Sky in maintaining the peg of its stablecoin to the United States dollar by allowing users to swap the stablecoin for USDC at a fixed rate.

As part of the migration plan, Sky will transfer reserves from the older PSM to the lite PSM in three phases, with $20 million initially moved.

Still, the lite PSM funds are allegedly controlled by an EOA, as claimed by the X user’s post and the Sky forum page related to the lite PSM, raising accountability and security concerns.

Security, Coding, MakerDAO, Maker

Source: wjmelements

Rune Christensen, co-founder of Sky, told Cointelegraph that “the private keys needed to reconstitute the MPC [multiparty computation] account were destroyed as a part of the setup process with Coinbase Custody.”

Related: Whale voters squash plan to rebrand DeFi protocol Sky back to Maker

EOA-based custodianship criticism

An EOA is a standard Ethereum wallet controlled by a private key, unlike a smart contract, which can enforce programmed security rules without interference.

Critics of EOA-based custodianship argue that EOAs are inherently less transparent and secure due to their lack of features like multisignature authentication or time-locked transfers.

This fund management method would expose the $756 million reserve to risks of private key compromise or potential malicious actions, particularly without safeguards to restrict the movement of the funds.

Christensen’s clarification that the private keys needed to “reconstitute the MPC account” were destroyed counteracts this concern because it eliminates the risk of a compromised private key.

However, the Sky co-founder’s insight doesn’t fully address concerns regarding who ultimately controls the wallet, how transactions are authorized or whether governance decisions can enforce fund management actions.

Cointelegraph asked Christensen about these points but had received no further response by publication.

Related: Sky co-founder proposes no new emissions for core token

Sky pushes for deflationary tokenomics

Christensen previously said he was preparing a proposal to halt the emissions of new tokens and decrease the total supply of the protocol.

Christensen said that the proposal aims to implement a “burn-only” deflationary model, steadily decreasing the core token supply via a systemic burning mechanism.

He told Cointelegraph at the time that, at the risk of insolvency, the protocol would follow “how the original tokenomics always worked,” which was to “plug the hole” via token emissions.

Magazine: ‘Normie degens’ go all in on sports fan crypto tokens for the rewards