Abstract
On March 15th, 2022, the Gnosis Chain deployment of the lending platform, Hundred Finance, was exploited. This exploit drained liquidity across all of Hundred Finance’s Gnosis Chain markets, resulting in a loss of the equivalent of around $6.1m USD in user funds. The exploit originated in a vulnerability in the Hundred Finance protocol to reetrancy by way of a non-standard hook in official yet legacy bridged tokens on Gnosis Chain. This hook calls the token receiver on every regular transfer and transferFrom function of the ERC677 tokens, a risk factor inherited from the original version of the TokenBridge created prior to the Gnosis / xDAI merger. While an audit released in November of 2020 prompted the implementation of a fix in subsequently bridged tokens, the new implementation could not be applied to those previously bridged due to the token contracts being non-upgradable. When Hundred Finance deployed on Gnosis Chain, the team was unaware of this non-consistency with mainnet standards and thus the ability to run code after a transfer (callAfterTransfer) was not mitigated. Despite there being a proposal currently under discussion to perform a hardfork to fully address the vulnerability to reentrancy attack present in many of the official tokens still used on Gnosis, it does not cover potential avenues of response to the losses already incurred. Therefore, the Hundred Finance team seeks to put forward a proposal responding to the exploit on behalf of its affected users, in which they and the Gnosis DAO work together to provide amelioration to those who have been adversely impacted. The intention would be to simultaneously build an ongoing relationship between Hundred Finance, its users and the Gnosis DAO, distributing vested versions of the GNO and HND tokens commensurate with the losses suffered. We believe this would, in the process of making them whole, incentivize these unfortunate individuals’ continued participation in the Gnosis ecosystem as evermore projects and developers are drawn to the platform.
Motivation
The loss of funds experienced by those who supplied assets to the Hundred Finance lending markets on Gnosis Chain has been substantial. A total of 72 accounts (that can be assumed to be under the management of a close-to-equal number of individuals) saw figures ranging up to around $1.2m USD illegitimately taken. In some cases, these losses anecdotally represented large portions of personal net worth. Due to the anonymizing actions carried out during the attack (use of Tornado cash and a resulting lack of data on the origins of the transactions, as well as other potentially identifying information), there currently exists no actionable avenues towards fund recovery. What is more, the manner of the exploit of Hundred Finance, as well as the simultaneous and similarly costly exploit suffered by Agave.finance, could be argued to have adversely affected the development environment. In light of this, the Hundred Finance team believes that a jointly carried out release of treasury assets to those accounts that lost funds due to the exploit would demonstrate good faith towards people who have suffered, while also contributing towards the positive appreciation (among both users and builders) of the response of Hundred Finance and the Gnosis DAO, and, by extension, the Gnosis Chain itself.
Specification
Hundred Finance proposes that they and Gnosis DAO respond to the losses faced by users through the distribution of vested versions of their respective native tokens to the extent that the total amounts distributed according to 30-day average prices pre-exploit match the total losses incurred in USD. Due to the disparity in the availability and amount of treasury assets held by the two entities, it is proposed that the value distributed be split disproportionately, with Hundred Finance contributing the maximum it could realistically afford, 20% of the lost value in its own HND token, and the Gnosis DAO contributing 80% by way of the GNO token. In order to mitigate unwarranted sell-pressure created by such a distribution of treasury funds, it is suggested that specially-created vested versions of each token be used in the distribution. We thus propose the following on a per-token basis:
veHND Bonds
In the case of HND, bonds representative of the veHND token (a locked and governance/utility-enabled version of HND) would be granted to those affected by the hack. Unlike the standard 4-year locked veHND they would be redeemable for (the veHND token contract does not allow the token to be moved), these bonds would be tradable and thus provide a means of their holders exiting their positions should a buyer be found willing to purchase them in order to carry out a locked veHND redemption. The precise number of veHND granted to those affected would be established using a 30-day average of the HND price prior to the incident, after which they would be distributed proportional to the loss endured and equivalent with their assets’ USD value at the time of the exploit (minus the value of any borrowed funds outstanding).
- HND 30-day average price: $ 1.234
- HND tokens required for compensation: 985,520.67 HND
hvGNO Token
GNO tokens granted to those who suffered losses in the exploit would be locked in a specially-created vesting contract with a 6-month cliff and a 6-month vest. This would create a vested GNO ERC20-equivalent token (vGNO) that could then be distributed proportionally to the users’ accounts. A Hundred Finance market could then be created able to collateralize these vGNO tokens, allowing victims to supply the vGNO to receive hvGNO, and in the process gain a measure of liquidity through loans taken out in other assets that the protocol has available. Through being collateralized on the Hundred Finance protocol and used to borrow assets, these vGNO would be liquidatable if their Loan-to-Value ratio were breached, an action carried out using a mechanism managed by Hundred Finance.
- GNO 30-day average price: $ 327.221
- GNO tokens required for compensation: 14,865.54 GNO
Rationale
The rationale behind taking the above approach to rectifying the loss of funds experienced by Hundred Finance users would be the reduction of sell pressure that might otherwise run counter to the interests of holders of HND and GNO that have not suffered losses, combined with a desire to grant those impacted some functional liquidity and governance say during the vesting period. Releasing the generic versions of these assets over months and years would allow affected users to experience a degree of restitution and this proposal’s motivations to be met, while not hampering future efforts to develop and build by the two projects.