jEUR incident. Plan of action

Context

Hours ago, Midas, a liquidity protocol on Polygon has been exploited, causing the partial uncollateralization of jEUR (for approximately 368’000 jEUR) on the Jarvis Protocol.

As jEUR is not listed as collateral, this doesn’t have a high impact on Aave, but we think it is reasonable to freeze jEUR via the EMERGENCY_ADMIN role of the Aave Guardian.

What has been done?

We have notified the Aave Guardian about the situation, to freeze jEUR on Aave v3 Polygon, a non-invasive action only disabling borrowing and supplying more liquidity, but keeping active all other mechanisms (repayment, withdrawal, liquidation).

In parallel, we have contacted Jarvis network, to confirm they have a contingency plan for the recovery of the full collateralization. They are fairly confident about a recovery, given that the impact is quite limited.

Next steps

We will keep evaluating the situation, in order to propose (if required) any extra actions for the community to decide on.

8 Likes

A correction on the plan of action: having only EMERGENCY_ADMIN role, the Aave Guardian can only pause the jEUR asset on Aave v3 Polygon, not freeze it.
Therefore, we will be creating a cross-chain governance proposal to proceed with the freeze.

8 Likes

@bgdlabs it appears agEUR was also effected by the incident, albeit a smaller number of a little more than 45,000. Is there any push to freeze/pause that pool as well?

Effectively, even in smaller magnitude, the situation with agEUR is similar, given that Angle protocol also has a “direct deposit” module (activated for Midas on this discussion).

Given that freezing is non-invasive, we will also propose to freeze agEUR until the situation is clarified, and then the Aave community can choose the path forward.

Generally, we recommend being extremely careful when listing assets on which the collateralization is managed externally.
Historically, even a major player like Maker has been extremely careful with similar mechanisms (D3M, even if not really the same), only trusting protocols battle-tested protocols like Aave itself.

The ACI is supportive of a freezing of jEUR reserve, while this asset does not represent a direct risk for the Aave protocol, stopping the ability to short this asset via Aave might do more good than harm in the short term for Jarvis protocol.

Relative to agEUR the ACI is not supportive of a freeze, the impacted amount represent 0.1% of agEUR supply and angle protocol has a surplus superior of impacted amount.

AgEUR is currently as a whole, overcollateralized and freezing doesn’t seem to be a fitting solution for their asset.

As a general remark, while we recognize “D3M” modules as powerful tools, they’re also risky and we invite protocols to curate the protocols they work with.

we also invite the Aave community to implement in the asset onboarding process especially in LSDs & stablecoins assets due diligence about Direct Deposit modules to identify these kinds of risks early.

2 Likes

The Angle Protocol did effectively mint agEUR in the Midas Protocol.

I’d like to correct the numbers though, the protocol did lose a bit less than 35k agEUR out of this hack.
Governance was able to save yesterday 15k in this transaction. And it had minted 50k originally in this transaction.

The agEUR total supply is 30M€, so the loss is 0.1% of the total agEUR supply. And the protocol remains over-collateralized. Angle has accumulated a surplus to cover for this kind of situations of >$7.5m (see Analytics), and so the loss of 35k€ can easily be absorbed using the protocol proceeds.
35k is the revenue the protocol is currently making in two weeks, so even without this safety mattress, the loss could still be absorbed.

More generally, about direct deposit modules, Angle direct deposit modules are built to make sure that exposure to a single protocol is not too big with respect to the TVL of Angle and more precisely with respect to the losses that could be absorbed with the protocol equity.

Happy to answer any other questions on Angle but I feel that freezing agEUR at this point would be a bit extreme (cf @MarcZeller comment above).

Please also find here the Angle Labs comment on the hack.

1 Like

Even as the risk to the Aave protocol is minor, Chaos Labs supports the proposal to freeze both jEUR and agEUR as an immediate and temporary risk mitigation step.

This is a prudent step as the situation develops, and the community should revisit it in a couple of weeks to unfreeze it, barring any significant developments.

as an update: the current amount of unbacked jEUR has been revised to 257k due to further investigation from Jarvis team.

with the ACI we still maintain our position in favor of freezing jEUR and not freeze agEUR.

Given that the community seems to have a granular view of the potential freezing of only one of the two assets, we have created 2 different governance proposals, one for each asset.

Freezing of agEUR
https://app.aave.com/governance/proposal/?proposalId=142

Freezing of jEUR
https://app.aave.com/governance/proposal/?proposalId=143

Voting will be open in approximately 24h.
Given that this is a relatively urgent matter, we think it should be acceptable to have 1.5 days of voting during the week and 1.5 during the weekend.

3 Likes

Gauntlet plans on voting YAE to freeze jEUR, but we do not believe there is an immediate need to freeze agEUR.

  • Angle protocol can use the protocol surplus (or revenue) to offset the bad debt.
  • The fees and interest generated since genesis is $7.5M.
    image
  • The protocol has 35k agEUR stolen
  • The amount stolen is 35000 * 1.08 / 7500000 = 0.504% of the protocol revenue

In addition,

  • The protocol is fully collateralized for this loss with $48M deposit backing $30M stablecoins.
    image

Given that the amount stolen is only 0.5% of the protocol revenue and the protocol is overcollateralized, Gauntlet doesn’t support freezing agEUR.

4 Likes

Hi all! Pascal from Jarvis here!

I support this proposal for jEUR. Even if we have enough liquidity to absorb short-seller liquidity, we don’t have yield yet on jEUR on Polygon, so there is little incentive to hold jEUR (yield will start in 2 weeks); therefore limiting this risk is a good thing. On our side we have started withdrawing liquidity from money markets to make shorting jEUR more expensive.

We are obviously committed to covering the bad debt as soon as it is possible for us, so we can ask to reconsider the freeze in the future.

I however do not support the freezing of agEUR, considering their financial capacity of covering the bad debt. I understand the risk-averse attitude but I do think it should remain consistent with the reality of the situation (in terms of risk).

4 Likes

The governance has spoken,

The ACI just executed AIP-143 on L1 side and will execute on polygon side after timelock of the cross-chain governance bridge.

agEUR has been voted to remain unfrozen. we would like to thanks the community for participating in these discussions and especially Pablo & Pascal from Angle & Jarvis for their feedback and contribution for these AIPs

2 Likes

update:
AIP-143 is now executed on polygon side and jEUR is frozen on Aave polygon v3 after ACI execution.