Per the announcement, during the second round of security audits part of the DAO’s partnership with crypto exchange Coinbase and smart contract security startup Zeppelin, a critical vulnerability had been discovered in the governance smart contract. Zeppelin also released an independent critical vulnerability notice.
While the announcement claims that the tokens of users who have staked MKR tokens in the contract are not in danger, it also advises users to move them. Still, no action is required from users who are not in control of one of the ~190 addresses who have staked MKR in the current voting contract.
A website with instructions has been created to help users with staked tokens move them out of the old voting smart contract, and chat assistance is offered to those who still find themselves confused about how to proceed. The announcement also claims:
“This does NOT impact the security or stability of the MKR token, it is only relevant to those who are using the old voting contract.”
Lastly, the company promises that it will shortly release a full debrief and detailed outline of the changes made to the smart contract.
At the end of April, Andy Milenius, formerly the chief technology officer at MakerDAO, published an open letter dated April 3 explaining his concerns over the project’s internal conflicts.