[TEMP CHECK] Qualify the security incident 04-11-2023 as a shortfall event

Ok, but I think it would then be equally valid to claim that I lost huge opportunities by not being able to withdraw my USDC, DAI, and CRV…

I mean, like, wtf.

1 Like

Hello,

With the ACI, we will form a definitive opinion on this TEMP CHECK after all markets are back to normal (expected Monday afternoon UTC for V2).

Meanwhile, we want to remind that the Aave protocol is decentralized, owned, and governed by the Aave governance. Anyone is free to open a standard TEMP CHECK, and constructive discussions & feedback are expected from these propositions.

TEMP CHECKs are, as their name implies here to gauge community sentiment on an idea. The requirement for technical specification is low, they’re meant to be a first filter that doesn’t require mandatory feedback from service providers and investment of engineering resources to define a path for execution.

After a potential TEMP CHECK successful snapshot, a proposal becomes an ARFC and needs to be more technical and “well-defined” by then.

To keep the DAO inclusive, TEMP CHECK requirements are low, and the ACI Skyward program handles the technical details & coding part on behalf of posters if they get approved at the TEMP CHECK snapshot stage.

Here’s a reminder of how the Aave DAO works :
image

We invite the community to remain civil and focus on constructive debate. While all opinions are welcomed in the Aave DAO, not all ways to express them are, and moderation will be enforced if needed.

6 Likes

I did not argue against that, did I?

But the thing there is that the liquidity provider side benefitted from this situation as well, with being paid high interest rates.

So the situation is that debtors had no opportunity to either withdraw their collateral (because they had locked in debt positions) nor could they repay their debt position while paying high interest rates.

Pure liquidity providers on the other hand could simply not withdraw their provided liquidity while being paid higher than average interest rates.

So everyone should see that one side has it way worse than the other site.

I would also argue that “lost opportunities” are very hard to quantify.

yeah, so i just hope i can withdraw my supplies soon and move forward

I argue against that

LP provides stable coins which people like you borrow to buy other crypto (or else why would you borrow stables and pay interest?)

You used the borrowed stable coins to buy crypto which experienced a 20% rise this week

Hence you have made money because of the LP liquidity provision of stable coins. The 20% crypto price gain outweight the 0.5% interest for a week, while LP couldnt extract their stables to buy in the up market

So if anything it is the LP who should be compensated.

2 Likes

Now that all markets are back to normal, as the ACI we will state our opinion on this proposal:

The responsible disclosure event led to zero user funds loss. That’s a best-case scenario realized.

  • It’s a success of the bug bounty program that allowed a gigachad whitehat to do the right thing and protect the Aave users. (as the ACI, we will support in a separate proposal a just compensation for this person)

  • it’s a success of the guardian role, that coordinated and enforced the necessary security measures they’re elected to perform in this kind of critical scenario.

  • it’s a success of @bgdlabs, our service provider that coordinated, and worked tirelessly to identify the issue, coordinate, patch, and fix everything during these stressful nine days.

However, It’s a fact some users have been locked with higher-than-average borrow rates, but nine days is ~2.45% of a year as rates are annualized; simple maths prove that the actual impact on the position cost is below 0.5-1% in most cases.

These users chose a variable rate defined by supply and demand. Liquidity crush can also happen (especially in rising markets) and increase the cost of borrowing outside special events.

We don’t consider the impact significant enough to trigger the activation of the safety module, and we will support instead allocating resources for the whitehat bounty as a DAO.

The ACI will cast a NAY vote.

8 Likes

We don’t consider the impact significant enough to trigger the activation of the safety module

While I acknowledge the success of the bug bounty program, the guardian role, and the coordination efforts of @bgdlabs, this shouldn’t negate the fact that certain users have experienced losses as a result of the incident. These losses may be slight according to some, but still significant for these users.

Saying that the impact is insignificant and hence does not warrant the activation of the safety module implies a sliding scale for justice that is determined by the size of the loss. This is in violation of the principles of equal protection and the rule of law, where the amount of loss should not determine the validity of its restitution.

The principle of the shortfall event as per AAVE governance rules is crystal clear: It’s meant to protect the protocol against unexpected loss of funds due to (undisclosed) smart contract risk. The magnitude of the loss is an irrelevant factor. By qualifying this incident as a shortfall event, we need to recognize that users have lost funds unforeseen through the freeze/pause action, which is a direct outcome of an (undisclosed) smart contract risk, and thereby we meet the definition of a shortfall event.

Further, the precedent we could potentially establish in deeming losses as too insignificant to execute module safety is alarming. Today, it could be a just a handful of users who are affected, but tomorrow it could be a substantial percentage of the community who somehow end up on the losing side of a shortfall event - if you fail to implement the protections you agreed upon in your governance rules, then you undermine the very fabric of the ecosystem you’ve built.

In a decentralized finance environment, transparency, fairness, and adherence to predetermined rules are of paramount importance. Once a shortfall event is identified, actions should be the same, irrespective of the number of affected users or the size of the loss. Governance rules are created to provide recourse for all participants, not just the majority. Your community values should not be compromised, irrespective of the situation.

Thus, I firmly believe that you should proceed with the activation of the safety module and protect all affected users, however few or minor their losses may currently be. It is a matter of principle, not of proportion. You should be guided by the agreed governance rules, not situational interpretation.

@raphael The aave governance governs the Aave DAO.

If you own the AAVE asset, you own the protocol, 100%.

This means that we don’t get to decide what happens. We can only create proposals and submit them to the governance for approval/rejection.

This means that regardless of who you are, how much AAVE you own, and what’s your position in aave, you have 100% the right to submit a standard TEMP CHECK in this forum and collect community feedback.

As the ACI, service provider of the DAO, I will escalate your proposal to snapshot in two days once we reach the 5 days debate period.

I will personally vote NAY as the ACI and I stated our rationale why. some can agree, some can think we’re wrong and that is fine, they’re free to vote as they see fit and explain their rationale too.

But what is guaranteed 100% is that if the YAE wins on this TEMP CHECK snapshot, regardless of my opinion, The ACI will craft a compliant ARFC on your behalf, define the amount impacted, define a mitigation plan, and publish it. and other service providers will answer to it and provide technical feedback on it

And if that ARFC snapshot wins as well, regardless of our vote, regardless of other service providers’ opinions, the ACI will write the smart contracts necessary to translate your English words into enforceable code that can trigger protocol action creating requested outcomes.

that is what decentralization & an open, inclusive DAO mean. and the ACI role is to support this.

Aave Token holders have full control of this protocol.

8 Likes

We don’t believe that this qualifies as as shortfall event considering all the steps taken to ensure the safety of the funds deployed and the outcome.

1 Like

@JohnSmith

I vote for …… NAY

Have a good day.

We don’t believe that this qualifies as as shortfall event considering all the steps taken to ensure the safety of the funds deployed and the outcome.

Thank you for your input, but with due respect, allow me to propose an analogy to adequately illustrate the nature of the situation we’re dealing with here.

Consider the AAVE protocol as a vehicle moving on a fast-paced highway of the decentralized finance environment, and the users as its passengers. Suddenly, a fault in the vehicle’s system is detected — a potential danger lying ahead. The “airbags” – the safety measures you’ve implemented – deploy timely. The severity of the accident is averted – no fatal losses occur.

However, does the deployment of airbags signify that there were no damages? No bruises or minor injuries? I believe we can agree that despite the airbags’ deployment, there can still be passengers who have suffered shock or minor bruises. Under normal circumstances, any passenger, irrespective of the extent of their injury, will be entitled to a claim. Such is the nature of protection measures - they’re designed to mitigate, not nullify, the potential damage.

Similarly, even though the major flaws were managed swiftly, some of the users have suffered. They may not amount to a significant number or their losses might not be substantial, but they were affected nonetheless.

Considering this incident as a shortfall event is recognizing those minor yet impactful “bruises” that some of the users endured. By denying them the rightful compensation that have been promised under the governance rules, you compromise not just on the safety measures you promised but on the very principles this decentralized environment is built upon - equity, fairness, and transparency.

I vote for NAY because funds lost are not related to the vulnerability, but too much risk taken on health factor before the incident and I prefer to let the safety bag in a real case funds lost in case of hack.

1 Like

ok, but i couldn’t withdraw my usdc/dai/crv for days and days meaning i couldn’t use it to buy anything

that a is a huge lose to me

1 Like

I also have paid 30% interest in USDC, should the governance use the safety fund?

Thank you for your comment @CryptoInvest .

As mentioned earlier in this post, there is a governance process, where If there is sufficient consensus on this issue, a TEMP CHECK will be created, and feedback will be collected from the community to determine what should be done in this situation and the subsequent steps to be taken.

However, I would like to point out that the concept of the Safety Module and its usage should not be invoked lightly, as it is a very restrictive term. A strict criteria must be established to avoid unnecessary and inefficient use. In this case, after analyzing all the provided information, we still think the impact does not have sufficient magnitude to activate the Safety Module. Nevertheless, we will make sure all voices are heard and that the process is followed, no matter it’s direction.

Following governance guidelines,

This proposal has been escalated to the TEMP CHECK Snapshot stage, voting starts tomorrow.

1 Like

Esteemed members of the AAVE community:

Upon deep reflection and consideration of the recent discourse, particularly the insightful points raised by Raphael, I find myself compelled to advocate for the activation of the safety module in response to the incident.

It is imperative to recognize that, in decentralized finance, the strength of our protocols lies not just in their technical robustness but in the unwavering adherence to our governance principles. The issue at hand, though seemingly minor in terms of financial impact, poses a significant question about our commitment to these principles. Raphael’s arguments highlight a crucial perspective - the magnitude of loss should not dictate our course of action, but rather the principle that all users, irrespective of their stake, deserve equal protection under our governance.

This incident, while limited in scope, provides a pivotal opportunity for us to reinforce our community values. It’s a matter of principle, respecting the governance rules we have collectively agreed upon. Ignoring the losses, however small, sets a concerning precedent and could erode trust in our ecosystem. Our response to this situation will be a testament to our commitment to fairness, transparency, and the rule of law within our community.

In conclusion, while I understand and respect the differing viewpoints, particularly the cautionary stance taken by respected community members like MarcZeller, I firmly believe that the activation of the safety module in this instance aligns with our long-term vision and the foundational values of AAVE. It is a proactive step in maintaining the integrity and trust of our platform, ensuring that all members of our community feel equally valued and protected.

Thank you for considering this perspective.

1 Like

@MarcZeller

How to vote technically speaking?

And are the votes of equal weighting? (eg. $1m balance vs $1 balance the vote counts as the same from a single wallet?)

The more tokens you have, the more voting power you have :+1:

How is this fair?

So a user with $1,000,000 fund deposited has LESS SAY than a user with $10 fund deposited with 1 AAVE token?

Why is there no reply on how to vote?