It is disappointing that there is such a lack of accountability here. The DAO is paying Llama upwards of $2m for an annual engagement and should expect a higher level of service. Their proposed scope covers “treasury management” and this indiscretion should be viewed in that light. Their management, or lack thereof, of the treasury cost the DAO $1m and counting due to a lack of priority.
The community was active and responsive in the the day of the CRV attack and prioritized derisking thereafter, even Llama got involved in review and risk mitigation. The protocol was proactive in changing risk parameters and Llama was proactive in pushing the community towards a resolution on debt repayment, until they weren’t.
With ~$1.8m in Bad Debt owed by the protocol, the community was up in arms against Gauntlet. Why is poor planning and execution by Llama to the same scale viewed differently? The fact that there was a one month gap between the snapshot and PR review shows that either the initial strategy was rushed without a full plan of efficient implementation or that Aave, during an extremely vulnerable period, was not their top priority. No one controls the market, but a seeing as we’re likely going to have to restart the approval process (two votes and peer review), a 2-month delay from hack to repayment should not be viewed as acceptable and nor should the lack of communication from Llama during that period.
I would be eager to hear @Llamaxyz’s proposal on how the DAO can recoup losses from this oversight and the plan to prevent it in the future. Personally, I would view this as a mark against their ability to “manage Aave’s treasury” and would hope they include the final value of loss on CRV debt in any measurement of “success” when reviewing their relationship with the DAO, per their own KPIs below.