Overview

Category: Recovery Phase

Scope: Reactivate all Badger Smart Contracts to enable recoverable funds to be transferred from the attackers wallets to the DAO recovered funds multi sig.

Status: Pending

TL;DR:

The approval of BIP-76 has allowed for the upgrading of the protocol smart contracts. BIP-77 will not be enacted until actions described in BIP-76 have completed. The next step in the process of fund recovery is the reactivation of all smart contracts to facilitate the proposed rescue.

BIP-77 will focus on the approval of the following actions:

• Reactivate the protocol smart contracts
• Execute the stolen funds recovery scripts
• Develop clarity on multisig permissions within the DAO (specifically, the dev multisig)

Specifics

Snapshot voting will be ranked choice voting for the three given poll options.

The passing of BIP-77 would enable the following actions and set the following precedents:

Actions

• Vaults operations reactivated (withdraw, disable, transfers enabled)
• Stolen recoverable funds removed from the attackers wallets and returned to the DAO recovered funds multisig

Governance Precedents

• The dev multisig may unpause contracts when deemed appropriate without the need to bring said action to a forum, or BIP for execution

The inclusion of the governance precedent is intended to facilitate more rapid reinstatement of systems in the future and to clarify language which in previous proposals left a gray area for interpretation. Due to this gray area the unpausing of contracts has gone through the governance process. This would not be the case in the future if for any reason contracts are once again paused should this item be approved.

Why Unpause

Unpausing the vault contracts will allow the protocol to resume normal operations. This will allow users to withdraw funds, deposit funds, and continue to interact with the protocol as before. Additionally, the recovery of the funds is predicated on the unpausing of the vaults.

Funds Recovery

The outstanding funds that are recoverable from the attacker will be taken and transferred to a DAO owned multisig. These funds will then be distributed to users as according to the governance decision by governance in a future BIP.

Multisig Permissions

As per BIP-33 (Forum Discussion) the War Room multisig has permissions in a 1/n fashion to pause contracts.

The only right this war room has is to execute an emergency contract pause. Nothing else, including unpausing. The purpose of this is to be able to stop any vulnerability as quickly as possible.

This means that no single person in a 1/n manner may arbitrarily unpause contracts. The same BIP also outlines the actions the Dev multisig may take.

The dev multisig maintains contract upgradability rights, can set key parameters to all products, controls the treasury, and manages all permissions.

Given this statement, it should be explicitly stated and agreed upon that the unpausing of the vaults or protocol contracts in any future situations – that the Dev multisig has the capacity to take this action (unpause) without a multi day delay for governance to allow for unpausing.

Let’s get building badgers

For clarity from the original post

• Vaults operations reactivated (withdraw, disable, transfers enabled)

This bullet point should read

• Vaults operations reactivated (withdraw, deposit, transfers enabled)

Lets goooo! Great job team.
I think its healthy for the community to know when contracts will be unpaused at least 12-24 ahead of time.

I support this proposal

Totally agree - I don’t think it needs to go to forum or have voting to unpause, the council can make the decision, but notification ideally on the main page of the web app (rather than buried in discord/forum) would be helpful and transparent.