GIP-40: Should Gnosis DAO support a reimbursement plan to the Hundred Finance Community in the following manner?

Hundred Finance x Gnosis Chain Exploit Reimbursement Proposal Version 2

GIP: 40
title: Reimburse Hundred Finance users in exchange for HND
author: Hundred Finance
status: Draft
type: Meta
created: 2022-04-26

This proposal replaces a prior one available for viewing here.

Simple Summary

Funds stolen from Hundred Finance during the attack:

1022×312 29.5 KB

Reimbursement strategy:

• GnosisDAO covers 50% of the USD value lost using GNO, with a price calculated using the 180-day average price of the token ($376.242). These 8505 GNO are sent to a vesting contract with a six-month linear vest and a 6-month cliff.
• Hundred Finance carries out a 2.2m HND to GNO token swap with GnosisDAO for the purpose of raising funds to repay the remaining 50% of the USD value lost. The price of these 2.2m HND for the token exchange would be set using the 180-day average price of the token ($1.443). The 8505 GNO acquired from the token swap would then be added to the aforementioned vesting contract.
• A wrapped version of the 17010 GNO contained within the vesting contract would then be created that, in addition to being redeemable for the linearly vesting GNO once vesting commences, can be used as collateral on the Gnosis Chain deployment of the Hundred Finance application at a Loan-to-Value rate of 75%.
• This hvGNO (Hundred vested GNO) is the token that is distributed to victims, allowing them to receive reimbursement once vesting completes and a measure of liquidity throughout the vesting period. Additionally, the vesting process distributes any sell pressure on the GNO token across a period of six months.
• Through the ability to collateralize borrowing on the Hundred Finance protocol, these hvGNO would be liquidatable. Liquidations would be carried out by Hundred Finance, with the liquidation penalty set at 20%. Gnosis DAO would commit to repurchase the liquidated GNO at the discounted ETH price paid by Hundred at the point of liquidation.
• Kapartkey DAO will be responsible for co-managing the acquisition of assets acquired by Hundred Finance through the token swap and granting ETH in return for GNO acquired through liquidations.

Abstract

On March 15th, 2022, the Gnosis Chain deployment of the Hundred Finance lending platform was exploited. This exploit drained liquidity across all of Hundred Finance’s Gnosis Chain markets, resulting in a loss of the equivalent of around $6.4m USD in user funds (calculated using asset prices at the time of the attack). The exploit originated in a vulnerability in the Hundred Finance protocol to reetrancy by way of a non-standard hook in official yet legacy bridged tokens on Gnosis Chain. This hook enabled the calling of the token receiver on every regular transfer and transferFrom function of the ERC677 tokens, a risk factor inherited from the original version of the TokenBridge created prior to the Gnosis / xDAI merger. While an audit released in November of 2020 prompted the implementation of a fix in subsequently bridged tokens, the new implementation could not be applied to those previously bridged due to the token contracts being non-upgradable. As a result of the exploit experienced by Hundred Finance, which has also affected the Agave project and inflicted a similar loss of funds, on April 20th, 2022, Gnosis Chain carried out a hard fork to remove the vulnerability.

When Hundred Finance deployed on Gnosis Chain, the team was unaware of this inconsistency with mainnet standards. As a result, the ability to run code after a transfer (callAfterTransfer) was not mitigated during deployment. Despite the hard fork to address the vulnerability to reentrancy attack present in many of the official tokens used on Gnosis now having been carried out, the proposal that prompted it did not cover avenues of response to the losses already incurred. The Hundred Finance team seeks to put forward this new version of a previously raised proposal that similarly seeks to respond to the exploit on behalf of its affected users by implementing a reimbursement plan in which they and the Gnosis DAO work together to make whole those who have been adversely impacted. The intention here would be to better match the two projects’ abilities to meet the needs of those affected, while simultaneously building an ongoing relationship between Hundred Finance, its users and the Gnosis DAO. We believe this would, in the process of providing a resolution that satisfies all parties, encourage these unfortunate users’ continued participation in the Hundred Finance project and the Gnosis ecosystem as evermore projects and developers are drawn to the respective platforms.

Motivation

The loss of funds experienced by those who supplied assets to the Hundred Finance lending markets on Gnosis Chain was substantial. A total of 72 accounts (that can be assumed to be under the management of a close-to-equal number of individuals) saw figures up to around $1.2m USD illegitimately taken. In some cases, these losses anecdotally represented large portions of personal net worth. Due to the anonymizing actions carried out during the attack (use of Tornado Cash and a resulting lack of data on the origins of the transactions, as well as other potentially identifying information), there currently exists no actionable avenues towards fund recovery. What is more, the manner of the exploit of Hundred Finance, as well as the simultaneous and similarly costly exploit suffered by Agave, could be argued to have adversely affected the development environment on Gnosis Chain. In light of this, the Hundred Finance team believes that mutual contribution of treasury assets to a solution that serves those accounts that lost funds due to the exploit and incentivizes an ongoing relationship between Hundred Finance and Gnosis Chain would demonstrate a best-possible outcome and contribute towards the positive appreciation (among both users and builders) of their mutual responses to the attack.

Specification

In this second version of Hundred Finance’s proposal we have sought to bring it closer in line with that submitted and passed on behalf of users of the similarly-affected project, Agave. We believe that this package goes as far as is possible to reimburse affected users, though we acknowledge Hundred Finance resources have been impacted when taking into account token price depreciation. Nevertheless, the objective is to distribute the contribution of both projects in a manner approximating 50:50.

• GnosisDAO would cover 50% of the USD value lost by contributing an amount of GNO, calculated using the 180-day average price of the token ($376.242). Using this figure at that of the USD value lost, 8505 GNO would be contributed by GnosisDAO and sent to a vesting contract with a six-month linear vest and a 6-month cliff.
• For their part, Hundred Finance would carry out a 2.2m HND token swap with GnosisDAO, receiving GNO for the purpose of raising funds to repay the remaining 50% of the USD value lost. The price of these 2.2m HND for the token exchange would be set using the 180-day average price of the token ($1.443). This would result in 8505 GNO being acquired that would then be added to the aforementioned vesting contract.

With 17010 GNO available to contribute to reimbursement, a wrapped version of these tokens named hvGNO (hundred vesting GNO) would be created that will have two purposes. Firstly, these hvGNO will be redeemable for the linearly vesting GNO once vesting commences. Secondly, they will be able to be used as collateral on the Gnosis Chain deployment of the Hundred Finance application. In this capacity the hvGNO will receive a Loan-to-Value rate of 75%, allowing, for example, $75 of stablecoins to be borrowed for every $100 worth of hvGNO.

This hvGNO is the token that is distributed to victims, allowing them to receive reimbursement once vesting completes, as well as a measure of liquidity throughout the vesting period. An additional advantage of this vesting approach is that it distributes any sell pressure on the 17010 GNO token across a period of six months.

Through hvGNO’s ability to be used in collateralized borrowing on the Hundred Finance protocol, these tokens would necessarily be liquidatable. Liquidations of hvGNO positions would be carried out by Hundred Finance, with the liquidation penalty set at the comparatively high 20% This high figure would be implemented to disincentivize intentional liquidation of positions. In cases where liquidations were to occur, Gnosis DAO would commit to repurchase the liquidated GNO at the discounted ETH price paid by Hundred at the point of liquidation. This would act as a mechanism to further reduce any sell-pressure being faced by the GNO token, as they would be returned to the DAO at a discount rather than being sold on the open market.

Kapartkey DAO would be responsible for co-managing the acquisition of assets acquired by Hundred Finance through the token swap and granting ETH in return for GNO acquired through liquidations.

Rationale

The rationale for pursuing this proposal has several components. Firstly, it solidifies for the communities of both Gnosis and Hundred Finance that the two platforms are committed to working together in the interests of their shared users through the forwarding of a reimbursement plan that makes them whole. While the token swap entails a large portion of HNDs circulating supply going to one body (over 17%), it will conclude a situation that has negatively impacted a subset of Hundred Finance’s users and allow for the redeployment of the application on Gnosis Chain. This would grant a clean slate and allow for the continued adoption of the chain by Hundred Finance’s users from other networks. At the same time, it would allow for the completion of a tripartite process of amelioration that has followed the exploit, including the hardfork, GIP-34 and the potential passing of this Hundred Finance proposal.

The reasoning behind using the hvGNO specification laid out above is that it would effectively reimburse funds lost by Hundred Finance users while spreading any sell-pressure that might be exerted over the course of a 1-year total vesting period. At the same time, however, users would be able to obtain liquidity from borrowing against their vesting position and participate as active users of the Gnosis ecosystem. The approach to any positions that might be liquidated during the vesting period is also such that it would not contribute to GNO sell-pressure, as these assets would, in effect, be repurchased for a 20% discount against the market price.

Future

Following the completion of the hard fork that removed the vulnerability of certain tokens on Gnosis Chain to reentrancy, Hundred Finance will be able to begin the process of redeployment. This deployment will rejoin the project’s growing suite within a network of EVM-compatible blockchains, of which Gnosis Chain is a key player. Moving forward, security will play an integral role within Hundred Finance’s growth strategy, with emphasis put on our bug bounty collaboration with Immunefy, mitigation processes in instances of unusual market activity and robust launch procedures designed to ensure the contract deployment is not met by unforeseen platform variables.

As an affected user I strongly support the proposal, I hope HND users get the same treatment as Agave users.

Also an affected user here, however my bias is reduced as I also have a vested interest in Gnosis (had been using it before it was even called Gnosis Chain and have some GNO locked for a year).

Strongly support this proposal, which is arguably better than the first version. Hoping this proposal will seem fair to Gnosis governance participants and that it can go to governance soon, will be voting myself with my small bag of GNO.

Only point I can mention, is that hopefully the hvGNO will also be entitled to governance right in the future, should this proposal pass ? Will probably need another proposal for this tho.

Congratulations to both the Gnosis and the Hundred team for coming up with solutions to this problem and thanks to the members involved for keeping affected users up to date.

WAGMI <3

I am very happy with this solution hope that it gets enough support to pass. As a Gnosis supporter I would be very happy with the solution put forward, even more so if the hvGNO would also have voting rights as psychoanalyst mentioned.

Makes sense. If we’re considering giving out incentives to build on Gnosis, may as well take care of the 1st pioneers.

Agave has been taken care of. Now Hundred will. This will send the right message to builders.

Let’s pass this, buidl, and move on.

Actually this is a better solution than the first one and feels like all parties would benefit from it. In one year overall market should be in a better place and meanwhile Gnosis chain will continue to develop and the victims will be invested in it and be able to use these tokens as stated. Hope it passes and we move on to building more cool stuff.

I support this proposal as a Gnosis user and staker. It makes me feel safer keeping my stacks on Gnosis Chain. This proposal has also directly resulted in me moving a larger proportion of my funds to Gnosis Chain.

Huge fan of this version; very excited for the novel vGNO solution with Hundred. Feels like great chance to make people partially whole and could be interesting tech for future needs on the chain.

Thanks for this proposal!

We are in a very early stage of the Gnosis Chain so it’s critical to build trust among our devs and users. The conditions presented are comparable to Agave’s proposal (GIP-34) so I also support GIP-40 as an exceptional case.

GIP-40 Summary:
The reimbursement is shared 50-50 by the Gnosisdao and Hundred Finance.

• One half would be distributed to users in hvGNO (hundred vested GNO), a 1-year vesting GNO token which can be used as collateral, provided by the Gnosisdao
• The other half, also hvGNO, results from a treasury tokenswap GNO-HND at 180d ma
• hvGNO can be liquidated OTC by the Gnosisdao’s treasury at a 20% discount to minimize GNO selling pressure