A post reporting a bug in the app.aave UI was closed only a couple of hours after being posted. The reason: interaction with a malicious contract. The user is aware that there had been interaction with a malicious contract, but that was not the basis of his complaint.
The bug occurred in the apps’s UI. He staked Aave, and it’s shown as safely staked in the official Aave staking contract (0x4da27a545c0c5B758a6BA100e3a049001de870f5) with a total of 2.754076 stkaave among 4 wallets.
These 4 wallets have staked the 2.754 Aave in total, as can be seen in the staking contract on etherscan, yet each of the wallets, when connected to the app, shows 0 staked Aave and 0 or less than .01 staking power.
How is this an issue with phishing wallet transaction?
In addition, how is his constant dismissal when reporting his issues suitable treatment for a contributing member of the Aave governance community?
It seems to me like Aave is conducting irresponsible and unfair business. I propose that the original proposal be reopened. So many people have lost money in their interactions with Aave. Maybe if Aave did something to stop it, more people would have confidence in Aave and the Aave reputation would improve in the crypto industry. This seems to me like a good place to start addressing the issue.
In summary: the UI incorrectly displaying the amount of staked Aave, directly affecting the user’s ability to vote, is NOT an issue of interaction with a phishing contract. And there absolutely is something you can do about it.
I closed the post because the UI is showing everything correctly.
If I take this wallet 0xDB352d44f79c844cC4f121169af6e0b94dBd97f0 it will and has to show 0 staked Aave as the wallet is not holding any stkaave. It’s because the hacker transferred all stkaave to his wallet.
So what’s the problem here now? How is this an UI bug?
If I am wrong please show me and we can report it.
There were several instances where staking took place, delegation was granted, voting occurred, then voting power was lost.
@EzR3aL, you are correct that the stkAave goes into a hacker’s wallet. I know that Aave is safely secured in the Aave staking contract, but since Aave becomes stkAave once staked, that doesn’t really protect the staker. There are screenshots of staking taking place on the official Aave platform. After staked, the Aave token goes to the staked Aave contract, the staker gets back stkAave in return, and this is when the hacker steals it. So what is the purpose of protecting the Aave itself within the staking contract? How does this protect the user’s stakes assets?
It’s pretty simple. Everyone is responsible on how own for making sure the wallet does not get exposed to anything malicious. The Aave protocol is and was safe at all times during your actions or the hacker ones. He simply had access to your wallet and was able to get the stkaave and probably sold them somewhere. Pretty sure there are stkaave/Aave pools where you can sell these into. So sorry again, but there is nothing that can be done. That’s the risk of using a permissionless protocol. We are all responsible for our actions.
Understood. We’re all responsible for our own actions. Forgive me for being candid, but I can’t help but to feel like Aave is NOT responsible for their LACK of taking action. But you’re right. That’s the risk we take when we decide to stake with Aave.