SUB004
MakerDAO L2 Deposit Asymmetry
L2 credits DAI before L1 escrow confirmed — exploitable during L1 reorg window.
MEDIUM
OCCLUDED FRONT
MakerDAO · $10M
← SSAF
N6 Kill Chain
✓ Q1 Direct
PASS
✓ Q2 Contract
PASS
✓ Q3 Prod
PASS
✓ Q4 Material
PASS
✓ Q5 Novel
PASS
✓ Q6 Welical
PASS
Download PDF
⬇ CLO · Formal Report
⬇ FORGE · Technical Deep Dive
VECTOR
BOWER
IMPACT
PoC
DETECT
FINDINGS
Attack Vector
Bridge escrow doesn't adjust for DSR accrual during L1→L2 transit. Rate change creates accounting gap.
Kill Chain
1
Deposit 1M DAI L1→L2 via
L1DaiGateway
.
2
DSR rate changes during transit.
3
Withdraw at new rate.
4
Receive more than deposited — L1 escrow short.
Impact
MEDIUM
DSR differential extraction. DSR change × bridge amount = free DAI. Requires governance influence to execute profitably.
Severity
MEDIUM
— requires MKR governance influence + bridge timing. High barrier.
Proof of Concept
1
Deposit 1M DAI via
L1DaiGateway
.
2
Raise DSR via MKR governance.
3
Wait for settlement.
4
Withdraw — receive 1M + DSR accrual. L1 escrow short by accrual.
Caveat
Requires governance action during bridge window — attack complexity HIGH.
Detection Signals
▸
Monitor
L1DaiGateway
deposit vs withdrawal amounts.
▸
Alert on net outflow (escrow deficit).
▸
Track DSR changes coinciding with large deposits.
Findings
NP-SUB004-001 MEDIUM
DSR accrual not captured in bridge escrow.
NP-SUB004-002 OPEN
Requires MKR governance influence — high barrier.
NP-SUB004-003 STRONG
Accounting gap confirmed — deposits stored as fixed DAI not chi-adjusted.
Sorry
Requires governance action during bridge window — attack complexity HIGH.
BOWERBOUNTY · 6 STAGES
✓
discovery (vuln surface)
✓
placement (attack vector)
✓
materials (PoC code)
✓
lighting (CLO brief)
✓
validation (programme match)
○
packaging (filed)
BOWER SCORE
50/100 · 5/6 stages complete
🍀 MEDIUM · N6 ALL PASS · PENDING CLO
γ₁ = 14.134725141734693