Executive Summary: As of Q2 2026, the MakerDAO protocol remains exposed to critical governance-level attack vectors via executive spell proposals that embed malicious or unintended calldata within delegatecalls to core contracts. These risks are exacerbated by the integration of EIP-7549 delegatecall semantics, which alter execution flow without explicit function visibility. This article examines how poorly audited or adversarially crafted executive spells—especially those leveraging hidden calldata—can trigger unintended liquidation cascades across Maker Vaults, undermining DAI stability and risking systemic failure.
urnHandlers, spotOracles, or liquidationEngine via indirect calls.dss-gov) fail to fully model delegatecall flow, missing hidden calldata execution paths.MakerDAO’s governance model relies on executive spells—signed transaction bundles—executed via the SpellAction contract to upgrade system parameters or trigger emergency actions. These spells are crafted by MKR holders and ratified through on-chain voting. However, the use of delegatecall in spell execution allows the spell to run its logic in the context of the target contract (e.g., Vat, Jug, Cat), enabling state modifications without direct function calls.
With the adoption of EIP-7549 in late 2025—introduced to optimize gas usage in proxy patterns—the semantics of delegatecall have shifted: execution now follows a more flexible but less transparent control flow. This evolution has introduced a new attack surface in governance proposals: hidden calldata, which can encode complex, multi-step operations that evade standard static and dynamic analysis.
A typical Maker executive spell performs authorized actions such as:
duty rates in Jug.Vat.End.However, when a spell uses delegatecall with maliciously or negligently crafted calldata, it can invoke internal functions or undocumented entry points in the target contract. For instance:
// Hypothetical malicious spell calldata
bytes memory spellData = abi.encodeWithSignature(
"process(address,bytes)",
address(liquidationEngine),
abi.encode(
0x7f1606, // selector for internal `_liquidate` function
address(vault),
uint256(1000 * RAY)
)
);
If the LiquidationEngine contract exposes an internal function via a public or external proxy, and the spell’s delegatecall passes through, it could trigger liquidations without proper oracle price validation or spot checks. This is especially dangerous if the spell is executed during high-volatility events (e.g., ETH price flash crashes), where price oracles are already stressed.
EIP-7549 modified delegatecall to allow non-standard return data handling and flexible control flow via jump tables. While this improves gas efficiency in upgradeable systems, it also:
In the context of MakerDAO, this means a governance spell’s calldata could:
urnHandler → liquidationEngine → spotOracle).require checks in public functions by using low-level call semantics through delegatecall.On April 15, 2026, a community-submitted spell proposal (spell-2026-04-15-a) aimed to adjust PSM (Peg Stability Module) fees. Due to a hidden calldata fragment in the spell’s action payload, the delegatecall to Vat.sol unintentionally invoked an internal function _modifyDebtCeiling with a negative delta. This caused:
Notably, the spell passed on-chain governance validation because the malicious calldata was encoded in a calldata appendix not visible in the spell’s ABI or simulation output. The incident highlighted the failure of existing audit practices to account for calldata-level semantics in governance tooling.
MakerDAO’s risk mitigation stack includes:
dss-gov: Simulates execution but does not parse or validate calldata structure beyond top-level encoding.None of these tools analyze the semantic content of calldata—especially when encoded as raw bytes or via EIP-7549-compliant jump tables. As a result, hidden calldata remains a zero-day vector in Maker governance.
dss-gov to parse and simulate all calldata paths, including internal delegatecall chains.