MakerDAO, the issuer of the stablecoin DAI, confirmed that Oasis is only a frontend partner of the project, not a product it manages.
As reported by Kyptos, the information that is causing a stir in the crypto community in recent days is that Oasis used a vulnerability of its own to recover $ 140 million in ETH stolen in the bridge attack. Wormhole connection.
Specifically, Oasis claims to have been ordered by a British court to assist in recovering the amount of 120,000 ETH that has been sent to this project by Wormhole hacker since January. The project says it has reported a vulnerability in its own protocol that allows hijacking of user-created vaults. Using that information, Oasis decided to comply with the court’s request, take advantage of the vulnerability to withdraw all the money stolen by the Wormhole hacker and return it to the relevant party.
The incident when it was announced caused a huge wave of controversy in the crypto community on Twitter, fearing that this would be a dangerous precedent that threatens the decentralization of cryptocurrencies. However, it also raises a big question mark as to whether deposits on Oasis are still safe, given that the project has a close relationship with MakerDAO, the largest decentralized stablecoin issuer in the market at the moment. is DAI.
In a statement issued on February 26, Maker explained the difference between MakerDAO, the Maker Protocol, and frontend projects like Oasis.
In light of the recent transactions regarding Maker Vault 30100 and the Oasis frontend, it is remarkable to explain the distinction between MakerDAO, the Maker Protocol, and third-party frontend providers to clarify MakerDAO’s involvement.
— Maker (@MakerDAO) February 25, 2023
MakerDAO is the developer of Maker Protocol, a smart contract system that handles borrowing and lending of multiple cryptocurrencies on Ethereum. However, because MakerDAO does not build a simple interface for ordinary users to easily access these smart contracts, it has to rely on third-party frontend solutions such as Oasis. MakerDAO denies that Oasis is a product offered by them, instead it is just a frontend solution to help interact with the Maker Protocol.
In the Wormhole hacker case, although the bad guy sent money and set up Maker Vault 30100, this vault was created through a smart contract deployed by Oasis, so the frontend management unit can interfere in the vault and execute it. withdrawal transactions without the owner’s approval.
MakerDAO commits that Maker Protocol smart contracts are not affected by the Oasis vulnerability.
However, the explanation from the project is still not enough to ease the community’s concern. Many have pointed out that Maker’s homepage has a direct link to Oasis, as well as Maker’s DAI stablecoin minting video using Oasis’s example, giving new users the impression that Oasis is a product of Oasis. Maker.
The “Use DAI” button on MakerDAO website links directly to Oasis giving the appearance that Oasis is part of Maker. This should be changed immediately. pic.twitter.com/qPxo1vtMK6
— Chris Blec (@ChrisBlec) February 25, 2023
MakerDAO developer Sam MacPherson acknowledged that linking Oasis on Maker’s homepage could be misleading, and suggested that the project could show more frontend vendors. Mr. MacPherson also revealed that Oasis was once a product of the Maker Foundation, but has since become independent since the organization that helped develop Maker dissolved.
The website should list multiple frontends I agree.
— Sam MacPherson (@hexonaut) February 25, 2023