Now that all markets are back to normal, as the ACI we will state our opinion on this proposal:
The responsible disclosure event led to zero user funds loss. That’s a best-case scenario realized.
-
It’s a success of the bug bounty program that allowed a gigachad whitehat to do the right thing and protect the Aave users. (as the ACI, we will support in a separate proposal a just compensation for this person)
-
it’s a success of the guardian role, that coordinated and enforced the necessary security measures they’re elected to perform in this kind of critical scenario.
-
it’s a success of @bgdlabs, our service provider that coordinated, and worked tirelessly to identify the issue, coordinate, patch, and fix everything during these stressful nine days.
However, It’s a fact some users have been locked with higher-than-average borrow rates, but nine days is ~2.45% of a year as rates are annualized; simple maths prove that the actual impact on the position cost is below 0.5-1% in most cases.
These users chose a variable rate defined by supply and demand. Liquidity crush can also happen (especially in rising markets) and increase the cost of borrowing outside special events.
We don’t consider the impact significant enough to trigger the activation of the safety module, and we will support instead allocating resources for the whitehat bounty as a DAO.
The ACI will cast a NAY vote.
