While working on an audit for the Coinbase team, we found a critical vulnerability in one of the DappHub library contracts. This affects the MakerDAO system currently in production.
We privately disclosed the vulnerability to the MakerDAO team, and we have been working together in the past few days on a code fix and a mitigation plan.
After reviewing the amended contract, we can confirm that the vulnerability has now been fixed. The security of the MKR token contract is not affected by our findings.
If you are a user of MakerDAO, head to their reddit post to understand if you need to take action.
We will provide a detailed technical analysis of the vulnerability and fix once the mitigation plan has come to an end.