Attacker hijacks Tornado Cash governance via malicious proposal
The total control over Tornado Cash governance allows the attacker to withdraw all of the locked votes, drain all of the tokens in the governance contract and brick the router.
Hilarious! So how did he manage that!?
yeah, OK, but still, how exactly?
Did nobody read the code?
Decentralised stupidity.
Tornado Cash attacker to potentially give back governance control, proposal reveals
An attacker who sparked community-wide panic by hijacking the Tornado Cash governance is now proposing to undo their hack — and while not everyone feels the hacker can be trusted, they apparently have little choice in the matter.
This does highlight one of many problems with so-called decentralised governance - the stupidity or laziness of voters. The reason many democracies have a bicameral system is to try and stop and truly dreadful legislation hoodwinking both houses.
Apart from the obvious mathematics that control can be gained with enough will to power, it can also be pissed away through ignorance. That proposals are voted on once and implemented if passed is just plain dangerous. Tornado is just one of many examples.
Decentralisation is a belief system, similar to democracy.
Both are weak forms of governance designed to have covert control over an ignorant population.
Why do so many buy into that a rudderless ship is a good idea?
Show me a governance system that doesn't suck.
Plenty of people stating the obvious - where is a robust process? Why is governance so naive?
Even a very simple two-step process may have revealed this. Have a preliminary vote, then an investigation, then a final vote. And NOT gov proposals with 3 days to vote (or whatever) - that's also childish.
robust? oh, look, there's a rainbow!
That's like asking for a democracy that doesn't suck. Switzerland comes close, with power devolved and referenda as standard, but even that isnt fail-proof.
Ultimately, it is up to the people to be awake and aware - and not woketard believers.
even accidentally and self-inflicted...
Aave V2 Users Temporarily Unable to Access $120M on Polygon After Governance Bug
Again and again we see this. I know the code is complex, but there must be a diagram of the network of contracts that can be checked for consequences of algo changes.
It's just so brittle... and fragile.