The Gro core team recommends a compensation fund of 180k vesting $GRO (worth around $1.8m) from the Gro DAO treasury to compensate Vault users due to downside from any users who left the protocol early. This would be a 4.3% recovery from total funds lost and 3x the amount lost from early exits.
In addition, affected Vault users can expect a separate airdrop from the $CREAM recently received by Gro DAO. This will be announced in the coming days.
Vault is designed to absorb losses to protect PWRD. During the CREAM exploit this mechanism worked effectively.
However, losses were not realised by CREAM themselves since there are still funds in their contract. This meant that Gro didn’t realise those losses, and Vault users protected other Vault users who withdrew before losses were realised. As Gro community member instadappfan123 put it: “I opted to shield PWRD holders from losses, not other vault owners”.
The core team recommends allocating 180,000 GRO from the Gro DAO treasury for this part of the loss as vesting GRO.
There will be a further airdrop from the $CREAM recently received by Gro DAO, and this will be announced in the coming days.
This is a short summary of the CREAM hack. You can read more about it on twitter here.
- On Wednesday 27th October, CREAM finance was hacked and lost ~$130mn. Unfortunately, Gro protocol had 2 of its 7 strategies allocated into CREAM at the time of attack, totalling $9.24m (15% of TVL).
- Because the CREAM losses were not realised on CREAM’s side, Gro protocol could not automatically account for the loss, and required manual intervention to assess and realise it.
- Before the loss was realised, some Vault users withdrew their funds quickly, to avoid sharing the Vault downside.
- The core team took action to prevent further front-running as described in the timeline above. The value of the funds withdrawn from the protocol in this time period was $2.95m, meaning the remaining Vault users had an additional 1.4% loss.
- Since the exploit, $782k has been recovered by the Gro team and redistributed to Vault holders.
In addition, CREAM confirmed it would release 1,453,415 $CREAM governance tokens and the Gro team has recovered a share of these.
Proposal to use $GRO to compensate Vault holders for extra losses suffered by other Vault holders leaving
We propose Gro DAO airdrops $GRO worth 3x the value of front-running losses to affected users.
3x multiple is a proposal, and the team is seeking feedback from the community on whether this is good, too high or too low.
- $605k (1.4%) additional losses were shared between remaining Vault holders
- We propose Gro DAO provide 3x this nominal value as an airdrop to affected users
- The airdrop would be delivered through the rewards centre (as with other airdrops)
- 3x nominal value is proposed to acknowledge that users may want to leave before vest completed, and that a governance token is more volatile than a stablecoin
- This is to compensate Vault users for losses suffered due to front-running by other Vault users
- This amounts to a 4.3% recovery for affected users
- $782k has been recovered by GRO from CREAM contracts directly into Vault strategies
- Recently CREAM confirmed it would release 1,453,415 $CREAM governance tokens and the Gro team has recovered a share of these
- Proceeds from this and any other recovery will be delivered to affected Vault users through a retroactive airdrop. The exact details are currently being finalised.
- In addition, the CREAM hacker paid $9mn to Yearn, which Yearn forwarded to CREAM
- Further funds recovered directly from CREAM contracts will be distributed to current Vault holders as they are recovered
Although the protocol worked as designed in protecting PWRD, Vault users should not be able to frontrun each other. This is the result of a corner case where losses aren’t realised, but there is a human understanding that there will be losses in the future.
These scenarios may always need human intervention when there is no data to show an unrealised loss.
The core team is considering solutions for how to automate more aspects of the protocol and loss realisation.