[TEMP CHECK] Qualify the security incident 04-11-2023 as a shortfall event

I am against this proposal.

Do some people here really expect there to be compensation …… when they deliberately move collateral out (during an upmarket) to lower their own Heath Factor, and then expect other people to pay for their action?

Eye widening.

The issue is that, in my understanding, liquidation is supposed to be impossible for a paused asset. So either:

  • the reported liquidation didn’t happen,
  • the assets were not paused,
  • a bug/exploit occurred.

EDIT: To whoever is tempted to feed the troll, please don’t :pray:

Ok, so you are saying you experienced liquidation.

Show us YOUR address then, the one which got “liquidated”.

No? Cant? I will tell you why you cant/wont, because you took collateral out.

So it is your own doing that led to your liquidation (if any at all), so why should there be compensation?

*First, let me state how disappointed I am in the AAVE community that it doesn’t really seem to be possible for most of them to come up with a proper proposal for anything. As seen with Harmony recovery, it seems to take a long while to get from bickering about losses (“Give me my money back!!!111one”) to a point where the proper proceedings for an action by the DAO can be activated. *
*This mostly, in my opinion, stems from the fact that most users do not even have a bit of a clue what they put their money into or who “controls” the protocol they put their money into. Ignorance is bliss, I guess. *
Anyway, that’s a topic for another time.

This proposal comes fast but with an incredibly low effort.

First, my opinion: compensation for users that were locked into high interest rates, because they could neither pay back their loans nor did liquidity providers have the option to supply more liquidity to get the interest rates lower again, is a valid claim.

This obviously only goes for paused assets, as in freezing periods it is still possible to repay a loan.

This is also not a task that is too hard, as the markets are literally paused and we have the documentation on chain of who had how much debt during the pausing period. From that, it’s easy to determine who would be eligible.

But we also need a baseline. Users choose the variable debt option because they see 3-4% and think “well, that’s way cheaper than the stable rate, I’ll take it!” but they’re also choosing the riskier option. A choice that needs to be considered when talking about compensation for high interest rate periods outside of their control. Because they may have chosen the option with the believe that they could either switch to a stable rate or repay the debt quickly to forgo high interest rates.
But everyone should agree that users that chose the riskier option need to take personal responsibility for that action and they can not expect to be repaid in full for a risk they were aware of from the start.

So my proposal would be to set a baseline at 5% over the average stable rate over the past 365 days calculated individually for any given market. (i.e. if the average stable rate was 7% over the last year, 12% should be an acceptable interest rate for variable debt positions in an emergency situation).

I would also propose that the AAVE safety module should not be triggered for this. I agree that the function of the module is also for cases like these but the losses are not immediate and the trust of the stakers should not be broken by this, fairly small, loss for users.
The compensation should be paid by fees that go into the treasury over the course of one year, paid out every 3 months as claimable stkAAVE, so that the compensation for the individual wallet could either be claimed quarterly, as it becomes available, or after 12 months in full.
This way the AAVE community will be whole again, the ecosystem will be further secured and the AAVE treasury will have time to “soften the blow”.

From what I see in protocol revenue over the last few weeks, the cost for this proposal would be less than 500.000$ (this is a back of the napkin calculation, please correct me if you have better numbers).

Please discuss and please look at the bigger picture and the good of AAVE when considering this.

For the other proposal, i.e. compensating for fees caused by liquidations, I have not and do not see any evidence up to now to support that this was a protocol issue and not individual decisions that led to said liquidations. In every example I’ve heard up to now the cause was excessive risk taking by the individual, while ignoring the special situation the protocol was in at the time. Paused markets can’t be liquidated. Frozen markets can be repaid, thus there should not really be liquidations if you’re aware of what’s happening.
Show me the evidence and I may reconsider, but I doubt it.

4 Likes

If AAVE governance is a brain, let just say this post is meant to be a single neuron firing a signal in the hope to activate the full cortex. I am glad you proposed a more detailed action plan and I agree with all your points.

2 Likes

Ok, but I think it would then be equally valid to claim that I lost huge opportunities by not being able to withdraw my USDC, DAI, and CRV…

I mean, like, wtf.

1 Like

Hello,

With the ACI, we will form a definitive opinion on this TEMP CHECK after all markets are back to normal (expected Monday afternoon UTC for V2).

Meanwhile, we want to remind that the Aave protocol is decentralized, owned, and governed by the Aave governance. Anyone is free to open a standard TEMP CHECK, and constructive discussions & feedback are expected from these propositions.

TEMP CHECKs are, as their name implies here to gauge community sentiment on an idea. The requirement for technical specification is low, they’re meant to be a first filter that doesn’t require mandatory feedback from service providers and investment of engineering resources to define a path for execution.

After a potential TEMP CHECK successful snapshot, a proposal becomes an ARFC and needs to be more technical and “well-defined” by then.

To keep the DAO inclusive, TEMP CHECK requirements are low, and the ACI Skyward program handles the technical details & coding part on behalf of posters if they get approved at the TEMP CHECK snapshot stage.

Here’s a reminder of how the Aave DAO works :
image

We invite the community to remain civil and focus on constructive debate. While all opinions are welcomed in the Aave DAO, not all ways to express them are, and moderation will be enforced if needed.

6 Likes

I did not argue against that, did I?

But the thing there is that the liquidity provider side benefitted from this situation as well, with being paid high interest rates.

So the situation is that debtors had no opportunity to either withdraw their collateral (because they had locked in debt positions) nor could they repay their debt position while paying high interest rates.

Pure liquidity providers on the other hand could simply not withdraw their provided liquidity while being paid higher than average interest rates.

So everyone should see that one side has it way worse than the other site.

I would also argue that “lost opportunities” are very hard to quantify.

yeah, so i just hope i can withdraw my supplies soon and move forward

I argue against that

LP provides stable coins which people like you borrow to buy other crypto (or else why would you borrow stables and pay interest?)

You used the borrowed stable coins to buy crypto which experienced a 20% rise this week

Hence you have made money because of the LP liquidity provision of stable coins. The 20% crypto price gain outweight the 0.5% interest for a week, while LP couldnt extract their stables to buy in the up market

So if anything it is the LP who should be compensated.

2 Likes

Now that all markets are back to normal, as the ACI we will state our opinion on this proposal:

The responsible disclosure event led to zero user funds loss. That’s a best-case scenario realized.

  • It’s a success of the bug bounty program that allowed a gigachad whitehat to do the right thing and protect the Aave users. (as the ACI, we will support in a separate proposal a just compensation for this person)

  • it’s a success of the guardian role, that coordinated and enforced the necessary security measures they’re elected to perform in this kind of critical scenario.

  • it’s a success of @bgdlabs, our service provider that coordinated, and worked tirelessly to identify the issue, coordinate, patch, and fix everything during these stressful nine days.

However, It’s a fact some users have been locked with higher-than-average borrow rates, but nine days is ~2.45% of a year as rates are annualized; simple maths prove that the actual impact on the position cost is below 0.5-1% in most cases.

These users chose a variable rate defined by supply and demand. Liquidity crush can also happen (especially in rising markets) and increase the cost of borrowing outside special events.

We don’t consider the impact significant enough to trigger the activation of the safety module, and we will support instead allocating resources for the whitehat bounty as a DAO.

The ACI will cast a NAY vote.

8 Likes

We don’t consider the impact significant enough to trigger the activation of the safety module

While I acknowledge the success of the bug bounty program, the guardian role, and the coordination efforts of @bgdlabs, this shouldn’t negate the fact that certain users have experienced losses as a result of the incident. These losses may be slight according to some, but still significant for these users.

Saying that the impact is insignificant and hence does not warrant the activation of the safety module implies a sliding scale for justice that is determined by the size of the loss. This is in violation of the principles of equal protection and the rule of law, where the amount of loss should not determine the validity of its restitution.

The principle of the shortfall event as per AAVE governance rules is crystal clear: It’s meant to protect the protocol against unexpected loss of funds due to (undisclosed) smart contract risk. The magnitude of the loss is an irrelevant factor. By qualifying this incident as a shortfall event, we need to recognize that users have lost funds unforeseen through the freeze/pause action, which is a direct outcome of an (undisclosed) smart contract risk, and thereby we meet the definition of a shortfall event.

Further, the precedent we could potentially establish in deeming losses as too insignificant to execute module safety is alarming. Today, it could be a just a handful of users who are affected, but tomorrow it could be a substantial percentage of the community who somehow end up on the losing side of a shortfall event - if you fail to implement the protections you agreed upon in your governance rules, then you undermine the very fabric of the ecosystem you’ve built.

In a decentralized finance environment, transparency, fairness, and adherence to predetermined rules are of paramount importance. Once a shortfall event is identified, actions should be the same, irrespective of the number of affected users or the size of the loss. Governance rules are created to provide recourse for all participants, not just the majority. Your community values should not be compromised, irrespective of the situation.

Thus, I firmly believe that you should proceed with the activation of the safety module and protect all affected users, however few or minor their losses may currently be. It is a matter of principle, not of proportion. You should be guided by the agreed governance rules, not situational interpretation.

@raphael The aave governance governs the Aave DAO.

If you own the AAVE asset, you own the protocol, 100%.

This means that we don’t get to decide what happens. We can only create proposals and submit them to the governance for approval/rejection.

This means that regardless of who you are, how much AAVE you own, and what’s your position in aave, you have 100% the right to submit a standard TEMP CHECK in this forum and collect community feedback.

As the ACI, service provider of the DAO, I will escalate your proposal to snapshot in two days once we reach the 5 days debate period.

I will personally vote NAY as the ACI and I stated our rationale why. some can agree, some can think we’re wrong and that is fine, they’re free to vote as they see fit and explain their rationale too.

But what is guaranteed 100% is that if the YAE wins on this TEMP CHECK snapshot, regardless of my opinion, The ACI will craft a compliant ARFC on your behalf, define the amount impacted, define a mitigation plan, and publish it. and other service providers will answer to it and provide technical feedback on it

And if that ARFC snapshot wins as well, regardless of our vote, regardless of other service providers’ opinions, the ACI will write the smart contracts necessary to translate your English words into enforceable code that can trigger protocol action creating requested outcomes.

that is what decentralization & an open, inclusive DAO mean. and the ACI role is to support this.

Aave Token holders have full control of this protocol.

8 Likes

We don’t believe that this qualifies as as shortfall event considering all the steps taken to ensure the safety of the funds deployed and the outcome.

1 Like

@JohnSmith

I vote for …… NAY

Have a good day.

We don’t believe that this qualifies as as shortfall event considering all the steps taken to ensure the safety of the funds deployed and the outcome.

Thank you for your input, but with due respect, allow me to propose an analogy to adequately illustrate the nature of the situation we’re dealing with here.

Consider the AAVE protocol as a vehicle moving on a fast-paced highway of the decentralized finance environment, and the users as its passengers. Suddenly, a fault in the vehicle’s system is detected — a potential danger lying ahead. The “airbags” – the safety measures you’ve implemented – deploy timely. The severity of the accident is averted – no fatal losses occur.

However, does the deployment of airbags signify that there were no damages? No bruises or minor injuries? I believe we can agree that despite the airbags’ deployment, there can still be passengers who have suffered shock or minor bruises. Under normal circumstances, any passenger, irrespective of the extent of their injury, will be entitled to a claim. Such is the nature of protection measures - they’re designed to mitigate, not nullify, the potential damage.

Similarly, even though the major flaws were managed swiftly, some of the users have suffered. They may not amount to a significant number or their losses might not be substantial, but they were affected nonetheless.

Considering this incident as a shortfall event is recognizing those minor yet impactful “bruises” that some of the users endured. By denying them the rightful compensation that have been promised under the governance rules, you compromise not just on the safety measures you promised but on the very principles this decentralized environment is built upon - equity, fairness, and transparency.

I vote for NAY because funds lost are not related to the vulnerability, but too much risk taken on health factor before the incident and I prefer to let the safety bag in a real case funds lost in case of hack.

1 Like

ok, but i couldn’t withdraw my usdc/dai/crv for days and days meaning i couldn’t use it to buy anything

that a is a huge lose to me

1 Like