Welcome back for issue 18 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen.
This week, we cover:
Compound’s proposed cUNI upgrade to rescue funds
Yearn reimbursing hack victims with MakerDAO vault
Plus, brief updates from around the ecosystem.
Compound Votes on Proposal 37 to Upgrade cUNI
TL;DR: The proposal includes a cUNI contract upgrade adds a sweep function to rescue lost funds, along with non-binding procedures for future use.
While the proposal was prompted by a particular user’s $700,000 loss, the solution will allow for periodic rescue operations by adding a sweep function to the cUNI contract. Any unexpected funds can be transferred to Compound’s timelock, where a governance proposal can then distribute the assets to their rightful owners.
Given the overhead and coordination costs of submitting proposals, Arr00 laid out suggested procedures for claiming that will help reduce the strain on governance. Proposals to rescue lost funds would be held only once every 6 months, and a 10% commission will be charged on the recovered amount. Users would also need to manually request recovery within 6 months of loss, with any unclaimed funds becoming the property of the Compound community.
Including non-code elements and procedures in the proposal represents a novel form of governance for Compound. Proposals are typically just executable code, effecting direct changes to the protocol without reference to procedures or standards.
While there are no technical imperatives to follow along with the suggested process, over time these non-technical standards can develop into strong precedents that help governance build social consensus.
Yearn Uses Newly Funded Treasury to Reimburse Hack Victims
TL;DR: Rather than selling YFI outright, Yearn is borrowing funds from MakerDAO to cover reimbursement.
The past week has seen a whirlwind of activity in the Yearn community and ecosystem. And in typical crypto industry fashion, it may have all started with a snub on Twitter.
Some among the Yearn community were unhappy with the recently launched StakeDAO project, which had forked key Yearn vaults and other infrastructure despite StakeDAO’s founder consistently disparaging attempts to fork Curve.
Just 5 hours later, Yearn experienced an exploit on the yDAI savings vault resulting in a loss of $11 million, with the hacker themselves earning roughly $3 million in profit.
To their credit, Yearn responded quickly and managed to patch the vulnerability within minutes of discovery. This prevented potential loss of the entire vault’s funds, which would have amounted to $35 million in total.
Almost immediately after patching the issue, discussion turned to the question of responsibility and restitution. Some considered compensation to be a form of moral hazard, as insurance coverage was available from several decentralized providers including the Yearn ecosystem’s own Cover Protocol.
There were also potential issues of governance authorization, as Yearn had not taken an explicit stance on protocol insurance in the past. But despite this lack of clarity, Yearn quickly confirmed they would compensate users for their loss.
They also received help from an unlikely source, as Tether operators froze over $1 million in USDT belonging to the hacker. It’s unclear exactly how the funds can be returned to a decentralized, non-KYCed entity like Yearn, but this demonstrates the potential benefits of using centralized services.
yearn.finance @iearnfinanceWe have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.
While a portion of lost funds will likely be restored through Tether’s help, the remaining $10 million needed to be covered by Yearn itself. The challenge was how to make users whole quickly and efficiently, without the market impact and loss of potential upside from large YFI sales.
Yearn settled on using the treasury’s YFI to open a credit line with MakerDAO. MakerDAO’s lending capacity is not constrained by asset supply (as is the case with secondary lenders such as Compound or Aave), which gives much greater flexibility to set lower and more stable interest rates. Yearn also has whitelisted access to Maker’s oracles, which allows for safety features to manage position leverage and avoid liquidation during the oracle delay period.
With the support of the recently approved treasury resources, Yearn was able to organize and resolve the hack within just 5 days. Compared with other protocols such as Harvest and Pickle that are still recovering from months old exploits, Yearn’s quick action may give users more confidence in their products.
Going forward, Yearn may benefit from greater clarity around user risks. Vaults will purchase insurance coverage automatically, with premiums paid out directly from yields. While users will still be able to opt out of coverage, the opt in by default user flow should make responsibility much more clear in the case of future losses.
Nexus Mutual Bot 🐢 @NexusMutualBot💸 New Claim Accepted! 💸 🎫 Claim ID: 80 💳 Cover ID: 759 💼 Project: yearn finance 💲 Claim Amount (USD): $77,863.00 💰 Claim Amount (ETH/DAI): 50.0 ETH More info: https://t.co/KNTAmwiKjw
Aave AIP-9 approves staking liquidity pool tokens in insurance module:
Indexed Finance considers additional component assets:
Defi user makes theft allegations against Armor insurance protocol:
Armor protocol responds:
PieDAO publishes manifesto:
Wyoming may allow DAOs to register:
Curve pulls the plug on new pool due to technical risk:
Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at email@example.com