Should GnosisDAO respond to the Hundred Finance exploit in the following manner?

fully agree! we grow together and most that lost funds are GNO holders too.

4 Likes

I wholeheartedly agree with this proposal and think it is needed to re-establish trust in the Gnosis chain itself as this exploit was a native token exploit on the chain and all projects used the same tokens for stablecoins, thus a fork was voted in favor and will take place.

This make the Gnosis loyal HND community that lost big in exploit feel helped and not blamed and abandoned for using and trusting this emerging new chain. I have come to know Gnosis before as it was xDai and used cowswap a lot on ETH mainnet, I have high perspective and hopes for Gnosis success and think a step like the one in this proposal will help achieve a strong user base to grow from. The seeds we plant today will give us the food we need tomorrow. Peace and love for Gnosis and HND shared community!

4 Likes

The conditions cannot be the same for both Agave and Hundred unfortunately, which is why there needs to be two proposals. Both proposals should aim to reimburse the projects in a sustainable way which means that the lending protocols need to be able to survive afterwards.

The suggestion to instead have Gnosis support with 56% compensation instead becomes a question of whether Hundred Finance is capable of reimbursing with and still being able to survive carrying those costs afterwards.

The fact that Gnosis will have a 25% share of Agave cannot be discarded as not counting towards supporting that protocol. Not only does it help AGVE financially right away, but it also ensures that Gnosis has an interest in the Agave’s future which again should be part of the goal of these proposals. Gnosis will however not be directly invested in Hundred so this benefit is not afforded to Hundred. This is also a reason why we cannot treat both approaches in the two proposals the same. The protocols are different in their stages of their maturity, exist under different conditions etc. so I think that comparing the percentages of support is in a way comparing apples to oranges anyways.

This considerably long(4 years) lockup time for the veHND tokens has also caught my eye and I agree. As a compromise I would suggest increasing the vGNO lockup to make both vGNO and veHND lockups more similar, for example making both have a lockup of two years(veHND decreased from 4, vGNO increased from 1). This is also better for gnosis in that it stabilizes GNO for longer, especially if you still linearly vest starting after 6 months.

Again I think so far voices generally agree that both lending protocols should be supported, but at the same time we cannot treat them exactly the same or else they would have been combined in a single proposal to start with, and one size usually does not fit all. I think the proposal is still fine given the different approaches, but would be very open to the change in lockup times.

4 Likes

Thank you very much for taking the time to reply, I am part of the Hundred team and would like to address some misconceptions:

a) HND tokens have all been minted, compensation for users would come from the dev fund which comprises 20M tokens vesting over 4 years. Approximately 2.5M has vested so far and we are very conservative with our spending so we have enough to cover this and the Meter compensation, but no more than that.

b) We are not paying out 50% of the Meter exploit, but 50% of the remaining amount that Meter did not cover with their compensation plan. This works out to circa 500k HND.

c) Our compensation is proposed in veHND bonds, these are freely tradable on the open market and can be redeemed for veHND. So an affected user can sell these bonds to a different user who wants veHND.

d) The pricing strategy is also more than reasonable in my opinion, and a similar strategy is employed by Agave (180 day average I believe).

These are minor points though, the crucial thing to consider is how different our proposal is in the method of compensation from Gnosis. Agave is suggesting 55% instantly credited to user accounts, while we are proposing 80% with a 6 month cliff, 6 month vest, and crucially with a way to earn APR during this vest, making it a lot more likely that users will retain some or all of their hGNO at the end of the vest. Personally I believe this is well worth the 45% premium (80/55), but it should be pretty clear that it is worth more than a 2% premium (56/55).

Further from that, the Agave proposal does not mention anywhere that the Gnosis DAO would own 25% of their protocol. If you are referring to Gnosis purchasing the AGVE tokens at auction and users being reimbursed that way, then of course we wouldn’t be opposed to doing the same too (swapping HND tokens for GNO and reimbursing users fully in hvGNO).

8 Likes

It seems you are trying to hide key points such as agave is asking for bluechips directly without any lock, whereas hundred finance is asking for GNO options that will be locked till six months and linearly unlocked within the next six months, also hundred finance is providing lending and yield on those GNO option tokens.
Agave proposal doesnt disclose that they are OTC selling their agave to gnosis at double the price.
Hundred finance do not have 90% of tokens still left to mint, the amount is being contributed from dev funds.

3 Likes

Additional to vfat’s reponse:

Apologies for the inconsistency between the text and image amounts within the proposal. If it is preferential, a moderator with the necessary privileges can correct the text of the original, replacing the numbers with those from the image, or grant this account the ability to do the same. We can, however, confirm here that the final calculation means that the following two items within the text:

  • HND tokens required for compensation: 985,520.67 HND
  • GNO tokens required for compensation: 14,865.54 GNO

Should instead be:

  • HND tokens required for compensation: 1,037,095 HND
  • GNO tokens required for compensation: 15,643 GNO
5 Likes

Thank you for your post! It is very important to get other opinions and questions, so we can discuss the issue and find a common ground. The whole purpose of this thread is to find a good solution for all the parties involved.

  1. As people already mentioned the gno will be illiquid and vested, so the users will have the illiquidity risk, whereas the Agave users will get their funds back and have instant liquidity. It is up to the debate how much the illiquidity bonus is worth, but it incentivizes the users to stay on the chain and commit to the long term success.

  2. Hundred uses a 30-day average for the prices and the crypto markets bottomed during that time. The users already took a hit with the rising prices + take on the risk of a future market dump. Agave users get the nominal value of the tokens at the time of the payout, this means the higher the prices go, the more the users will get paid. So the difference in the amount which is proposed by HND and AGAVE is not as big as it looks and it can even get smaller over time (if the market continues to pump).

I always feared that we will get issues with different proposals and therefore pushed for a unified proposal, but the point is that the protocols have different issues and different benefits, that is the reason why we see different proposals. In the end is it up to the DAO to find a good solution, we should be open to suggestions and adjust the proposal if it is necessary.

5 Likes

Excellent discourse here, I don’t think I can add better points so I won’t comment on details, however as a user of these protocols (and several others which have suffered exploits in the past), I feel it is important to brand reputations to find a workable compromise. I too was unaware of this longstanding potential for exploit, I feel it’s the fiduciary responsibility of the protocol that did know (Gnosis) to make sure that unmistakable and continual notice is provided to prospective partners and customers that the risk was not yet mitigated. Hundred has been growing rapidly but perhaps that community needs to focus a bit more on risk assessment / security planning. That’s expensive and slows growth down. Ultimately, splitting some of the burden now among many stakeholders costs both protocols (and all users of both protocols) in both coins and potentially the pace of progress, but that may better support long term objectives.

4 Likes

Very much in favor of fully compensating affected users in HND + vested GNO tokens. As stated above, it might result in a very long-term aligned mindset for these individuals, and generally send a very positive signal about the Gnosis ecosystem.

2 Likes

Thank you for the constructive responses.

A key question I posed that I didn’t see a response to was regarding the voting of the proposal by the Hundred finance DAO. GnosisDAO needs to understand the dependencies.

The suggestion to instead have Gnosis support with 56% compensation instead becomes a question of whether Hundred Finance is capable of reimbursing with and still being able to survive carrying those costs afterwards.

I look at this differently. I think a roughly 50/50 split for compensation reflects the responsibility of the exploit, and it is on the GnosisDAO and the protocols how to fund their respective share.

I don’t think it is the responsibility of the GnosisDAO to ensure lenders are compensated to 100% if the protocols are unable to find a way to fund their half.

I think the proposal to help Agave fund a chunk of their half is a pragmatic but reasonable solution, given the situation. GnosisDAO takes the risk of Agave but also gets the potential upside. A similar solution could work with Hundred finance.

b) We are not paying out 50% of the Meter exploit, but 50% of the remaining amount that Meter did not cover with their compensation plan. This works out to circa 500k HND.

Perhaps my data is wrong. Looking at the posts on your forum, my understanding was the total hack was for $2.144m (after some coins were returned), Meter package would cover ~$680k, and Hundred finance would compensate $1.1m. So 51.3% (1.1m/2.144m) covered by Hundred finance. Is that incorrect? As per https://forum.hundred.finance/t/hundred-finance-meter-exploit-compensation-response/69

I understand with prices moving significantly all of these calculations in $ are in constant flux. The point was at the time of the final decision post regarding compensation, Hundred finance was willing to cover 51% of the exploit, by the chosen TWAP calculations.

On the surface, the Meter exploit and the Gnosis one have some things in common, with both parties sharing responsibility. This would support a similar approx. 50/50 arrangement here.

c) Our compensation is proposed in veHND bonds, these are freely tradable on the open market and can be redeemed for veHND. So an affected user can sell these bonds to a different user who wants veHND.

I understand, and this portion is not really my business. My experience with these components of compensation is they’re often not very liquid, with few buyers and big discounts demanded.

d) The pricing strategy is also more than reasonable in my opinion, and a similar strategy is employed by Agave (180 day average I believe).

I have the same issue with both proposals, averaged prices are a good way to smooth things out but when there is significant short term change to the price, these cannot be ignored. Also excluding the post exploit price movements is not a good approach. The exploits have happened and the market is pricing how it now values the protocols. By including those periods into the average it takes the markets view of value both pre and post exploit.

Unfortunately for these proposals, since my last post, we’ve seen a big movement in the price of GNO, which also cannot be ignored, if we are denominating the compensation plans in $.

Agave is suggesting 55% instantly credited to user accounts, while we are proposing 80% with a 6 month cliff, 6 month vest

I think there is an important component you are missing.

The GNO from the treasury in the Agave proposal is to make the GNO depositors 100% whole (my understanding, I have sought confirmation on this), hence there is no need to lock because it’s to existing GNO depositors. They are just getting their assets back as if they were withdrawing from the protocol. I would not anticipate any abnormal selling pressure from this.

Which is different from someone who has deposited stablecoins being compensated in GNO, which probably would lead to a lot more selling pressure and need to be subject to a lock and vesting, as in your proposal.

It’s an important pragmatic element to protect short term price action but it’s far less important than the total $ leaving the GnosisDAO treasury.

Further from that, the Agave proposal does not mention anywhere that the Gnosis DAO would own 25% of their protocol.

Correct this is form the auction bit. We will take that stake if there are no other bidders. If market price is below the floor price we are guaranteeing, I think it’s likely we will end up with the full amount.

The 55/56 difference is just rounding. It’s stated as 55.6% in the Agave proposal, so I rounded up to 56%

Hundred uses a 30-day average for the prices and the crypto markets bottomed during that time. The users already took a hit with the rising prices + take on the risk of a future market dump. Agave users get the nominal value of the tokens at the time of the payout, this means the higher the prices go, the more the users will get paid. So the difference in the amount which is proposed by HND and AGAVE is not as big as it looks and it can even get smaller over time (if the market continues to pump).

Yes, and with the sharp market movements, unfortunately this needs to be looked at again in both proposals. Some denominated in coin and some in $ has made this a little messy.

Both GNO and HND have moved significantly since the exploit, and the boundaries for the averaged price currently excludes that, and that needs to be addressed.

2 Likes

I don’t agree. It was an ecosystem wide problem that is serious enough to call for a hard fork, so to say that the protocols need to pay up to 50% is unreasonable on that basis but also economically. Again, the resources required if the protocols are forced to cover more are exponentially more burdensome than what it is for Gnosis, due to the size, available resources and health of Gnosis which simpley cannot be compared to such small protocols. Even more, I think the point was missed that this was an ecosystem-wide problem going beyond the protocols whose main responsibility or lack thereof was trusting that the GC would function similar to mainnet which is what GC advertises. On the other hand the danger was known to GC but never got around to actually being changed until now after people were hurt. To say that both parties are 50/50 to blame is unacceptable, and to ask the same from both considering their differences is unjust and callous in my opinion.

Again I disagree with simply calling it at 50/50. If anything because GC was the underlying infrastructure that was the commonality among everything.

4 Likes

On the surface, the Meter exploit and the Gnosis one have some things in common, with both parties sharing responsibility. This would support a similar approx. 50/50 arrangement here.

Meter was 100% at fault and should have paid 100% of the losses, but they couldn’t afford to and decided to stiff Hundred’s users. We decided to contribute some HND to cover what we could of their shortfall.

This is a very different case, and I don’t think drawing parallels benefits the present discussion.

It’s an important pragmatic element to protect short term price action but it’s far less important than the total $ leaving the GnosisDAO treasury.

Do you contend that there is no benefit to the Gnosis DAO treasury to make the repayment in hvGNO (Hundred’s suggestion) vs directly in ETH (Agave’s)?

By including those periods into the average it takes the markets view of value both pre and post exploit.

We can use the 180 day average price (including post-exploit) like Agave is doing.

5 Likes

Thank you for the response!

I think this point is totally understandable, but I want the DAO to consider the following: Gnosis is a much bigger protocol than HND, has a much bigger Treasury than HND and is willing to spend 200 mil in ecosystem rewards. It is much easier for GNO to lift this burdern than it is for HND. Additionally HND can’t mint new tokens, the tokens are vested for over 4 years. So the protocol can only offer the amount of tokens mentioned in the proposal.

Of course we can also use the same auction mechanism for the HND tokens that we used for AGAVE. If we use a 180 average for the HND tokens, they generate a much more favorable $ amount.

In general we shouldn’t try to “blame” (for a lack of a better word) anyone for the hack. We shouldn’t point fingers at each other, main focus should be to try to find the best solution for everyone involved. I also hope that we find a solution that is fair for the users of all the protocols and doesn’t favor one protocol over the other.

Meter was 100% at fault here, the HND DAO and the team were willing to compensate the users, because they care about the users and prioritized long term growth over short term growth.

So what is your suggestion here? HND lost mostly stables, so the current market conditions are favorable for HND if you sell the bluechip assets for the stables. The DAO can reimburse and takes a smaller $ denominated hit.

3 Likes

I agree with you here and thanks for clearing up some points. Healthy conversation and consideration of all points in needed to reach a good solution for all. Peace

Thank you for your response.

I’m afraid I just disagree.

I’ve read the various posts and twitter feeds about the exploit and and that’s my conclusion. Several conditions needed to be met for the exploit to happen, and those were under the control of both Gnosis and the two lending protocols. If either parties had done a few things differently, it would not have happened; both could have independently prevented it.

There is obviously no right answer here, it’s a matter of how you look at it and weigh things out. A roughly even split responsibility feels about right to me.

There has to be a good rationale for why more of the burden should fall on GnosisDAO compared to the Agave proposal, apart from the relative size of the Treasuries. And I have yet to see one.

Whilst I can see there was disagreement about who was responsible for the Meter exploit, and am not familiar enough to comment on it, I can see that Hundred finance covered over 50% of the losses. In this situation, they would be covering less of it if it mirrored the Agave proposal: 44% .

The current plan with current market prices makes no sense.

At current prices, GnosisDAO would be covering Hundred finance losses at about 120%…

Given the market context, if it was down to me:

  1. I’d provide 56% of the stable balances in stables from our treasury; Hundred finance lenders get assets immediately in comparative form to what they deposited.
  2. Likewise, 56% for WETH & BTC lenders in WETH (denominated in WETH; BTC priced on proposal approved date using TBD average price); Hundred finance lenders of these assets are largely not negatively affected to market movements since the exploit (we’d have to revisit if BTC and ETH prices diverged significantly)
  • Our Treasury Ops can then rebalance as needed from GNO whilst minimising market impact. We do carry more short term GNO price risk though whilst our Treasury makeup has less stables.
  • There’d be no need to Hundred finance to worry about design and manage locking & vesting, and lenders wouldn’t have to carry GNO price risk for 6 to 12 months.
  • It becomes somewhat more comparable to the Agave plan in more lenders getting the asset they deposited (or correlated as for BTC depositors) and at the same 56% of coverage (in aggregate; Agave plan has a distinct approach for GNO depositors).
  • There is no need to worry about how to calculate an appropriate averaged price that takes into account recent sharp price movements (apart from relatively small amount of BTC)

It’s a simpler, cleaner solution that strips out much of the market risk.

Marked to market today that would be a loss of Treasury assets of $3.65m vs $7.9m for the current proposed Hundred finance plan (or vs $5.12m using the pricing strategy in the current proposal). Downside for GnosisDAO is we carry the extra price risk for GNO.

I am pretty sure most of GnosisDAO would agree that a 6 month + 6 month lock & vest to protect GNO selling pressure and the potential for some to hold on to their GNO post vesting is not worth $4.25m - which is one of the rationale posted here for why 56% for Agave vs 80% for hundred finance (and with this solution we get to manage that risk, and can control it better).

The remaining 46% would be the responsibility of Hundred finance DAO, but GnosisDAO could be open to discussions about taking a small position in Hundred finance to help with that (but that would be part of a separate proposal in order to not slow the passage of this proposal).

There’s probably a flaw with this I’ve missed, and my analysis is back of a napkin so may contain errors, so please do check & critique.

In short you want us to use the exact same compensation plan as Agave. Thank you for your suggestion, I don’t see any point continuing a cyclical argument. If Gnosis DAO would prefer to use non-GNO treasury assets for compensation then of course we should take that into account.

3 Likes

I agree, if the DAO prefers the AGAVE proposal, it makes no sense to continue to debate it. Gno_star is just 1 opinion though and we don’t know what the other people think, so it might be a good solution to do a strawpoll or something similar to check the sentiment of the DAO and which solution they prefer.

Would it be acceptable for the DAO to offer GNO LM rewards for the effected HND users? The Agave approach wouldn’t cover the full amount for HND users and users could make up some of the missing % over a longer period of time.

2 Likes

Thinking a little more about this after rereading all the comments and digging a little more.

I’d also vote for a proposal with GNO only, if it was based on a better pricing approach and the premium was limited to max of 10% over and above the Agora proposal for the distribution* and locking/vesting (which would make GnosisDAO contribution to approx 61%).

Hundred finance is currently proposing a 43% premium vs Agave (in % share terms, it is higher is in $ terms with current market prices).

*The distribution value would be more compelling if it wasn’t going to so few wallets (72).

Can see a good reason why GnosisDAO might prefer to use GNO. Would like to hear from other GnosisDAO community members on their thinking about using different Treasury assets, advantages and disadvantages, and any views on associated lock/vest premium for the structure Hundred finance is proposing.

Also still no response on the process question I’ve asked about twice how this proposal works with Hundred finance DAO governance? Does Hundred finance DAO need to vote on this proposal and will it be stuck to (see below)? If so, when will that happen so we can plan accordingly?

I looked into this a little further and spotted a governance red flag :triangular_flag_on_post: with Hundred finance. I had previously seen there was a vote for compensation for the Meter exploit by Hundred finance DAO, but what I had not noticed was that the DAO voted NO to compensation but did not meet a very high and unrealistic quorum bar, and then the team decided to override the DAOs decision and provide 51% compensation. This is a worrying development.

With this in mind, I feel before voting and entrusting them with a significant amount of funds, we should be confident we can understand and trust the Hundred finance DAO governance process around this proposal. We have be able to trust that Hundred finance will stick to the conditions that GnosisDAO and their own DAO approves.

We should not vote on any proposal until this is clarified. We are in the land of funny money and it can be easy to lose sight that this is a significant amount of money, and a lot of trust involved. I’m sure the Hundred finance team is good but we should not blindly trust.

Is the Hundred finance team doxxed to the Gnosis leadership? That would be reassuring, and good for peace of mind.