Pool 0 Incident Fund Recovery Proposal
Late Monday night on August 24th, despite the threats, the team wanted to put forth our best effort and stayed up late to re-examine the code in search of a solution. Fortunately, we were able to formulate a new method to recover the locked funds from pool 0; however, this solution does not come without some risk. For this to succeed, we need the cooperation of the hacker while avoiding any further interference or attempts to manipulate the pool in the meantime. The method can be described as follows:
- To retrieve the funds, we will call the ‘addminter’ method using the vUSD & vETH governance key, starting Pool 0 again for another epoch.
- By doing so, the closed pool will restart, resulting in continued issuance of YFV. To eliminate the incentive of staying in the pool, we will call notifyRewardAmount(0), which essentially keeps the pool running but instead eliminates YFV issuance (sets it to 0).
- The risk here is that steps (1) and (2) must be done in the same block or at least within two consecutive blocks. Otherwise, a malicious actor may interfere by calling any operation such as ‘stake’, ‘getReward’, or ‘withdraw’ that would trigger the checkNextEpoch modifier, resulting in the minting of another 63k YFV epoch reward.. We estimate the risk of minting another 63k YFV for that pool is about 0.1%, in which case we would be forced to burn the entire pool and abandon retrieval.
We want the community to consider this proposed process carefully. We can act to minimize the risk, but must shut down the operation and completely burn the funds in the pool if malicious actors successfully mint more YFV.
Additionally, for your consideration we would like to draw your attention to a post by the miner in question in which he proposes certain actions in apology.
This proposal will be put to community vote. Voting “YES” will attempt this operation to rescue the funds (~$220K) left in Pool 0 by the miner/hacker. As per the miner’s proposal, there will also be an option to determine how much YFV he must burn. Voting “NO” will leave Pool 0 as is, effectively resulting in a burn of all funds left in the pool.
To mitigate the risk of Sybil attacks to rig off-chain voting, we decided to put the proposal on-chain. This means everyone who had a stake in the staking pool in the last period (and would have been affected by the timing reset attack) will be able to vote on this proposal. The proposal will be online after the completion of VIP-1 and will be open for voting for 3 days.
In the meantime, we are working closely with the community to transfer the current governance keys of vUSD and vETH to a multisig wallet under control of the community. Details will be provided as soon as possible.
Lastly, we wanted to give a shout out and thank you to certain Discord community members including but certainly not limited to @complexring, @thenoobnextdoor,@TQT, @dragonking11, @Kyle W, @Natoshi Sakamoto, @ElVaqueroGuapo, @Tkar, @Salocin, and @Lou for providing the team with valuable feedback.
We would like to highlight certain points and provide brief thoughts and responses on past events and how we would like to improve going forward.
Communication: We understand that there were mixed opinions from the community regarding the team’s responses to the community during initial launch issues as well as the recent incidents.
To give context, we are a small team (but not for long!) that was definitely blown away by the interest and volume directed toward our project within the first week. As the team is comprised mainly of developers, we were scrambling to improve and maintain the product as best we could. As a consequence, we initially lacked the bandwidth to provide timely updates.
We fully understand that responses such as “will do it when we return” or “will sort it out tomorrow” did little to address or reassure community concerns. We are committed to focusing on this in the days ahead, but sleep deprivation and the fact that English is not the first language of most team members hindered our response. We definitely did not mean to come across as disrespectful or callous.
Going forward, we hope to improve the quality of communication in the Discord and publish more frequent updates here on Medium.
Current UI: We are very happy to hear that feedback on the current user interface was generally very positive. Our initial goal was to provide an experience far better than that of past governance and yield farming projects. Nonetheless, we feel further improvements can be made. Look out for more options and updates soon. :)
Governance: Many points of feedback focused on governance. We intend going forward to put as many implementation decisions into the hands of the community as possible, and hope to offer significantly more customization and flexibility for votes and proposals than currently available in DeFi governance today. Some have also expressed a desire to see an audit. We have retained Arcadia Group and will publish the results and act on the recommendations as soon as we receive them.
Future Product Ideas: We enjoyed hearing a number of interesting ideas, including cooperation with other farming projects and applications of vETH and vUSD. Our present focus is Value Vaults, which focus on returning value to YFV holders. Please continue to post product recommendations and propose them in the governance channel.
That’s all for now. Thanks for your time and looking forward to the vote and for further feedback as we continue to iterate.