BIP 78: Return Recoverable Tokens

Category: Recovery Phase

Scope: Return recoverable tokens to the wallets from which they were taken

Status: Pending

Objective:

Gain approval to return recoverable tokens to the wallets from which they were taken

Overview:

At the time of the exploit (more info), the attacker was able to successfully acquire tokens from a number of user wallets and was able to withdraw many of these for their underlying assets before bridging away from the Ethereum blockchain. In response, Badger paused all smart contracts, rendering the attacker unable to continue to withdraw additional tokens from users wallets. This effectively left some tokens “stuck” in the attacker wallets.

BIP 77 addresses the unpausing of the contracts and recovering of the “stuck” tokens, which will be sent into a smart contract controlled by the dev multisig (recovered.badger dao.eth).

This BIP seeks to gain approval to, once recovered, return the recovered tokens to the addresses from which they were taken.

Rff: Badger

Specifics:

Badger vault tokens (btokens) are fungible ERC20 tokens. In this particular exploit, on a per wallet basis, the stolen btoken was either withdrawn from completely or not at all. At no point were any btokens split or only partially withdrawn. This means that all recoverable bTokens can be definitively traced back to their pre-exploit owners.

You can see a more detailed analysis here:

Implementation:

Below is the full list of recoverable tokens and the addresses they would be returned to:

0x0d86A2fd448aD216692238a28d2753DEf5B1d853 bSlpBadgerWbtc -0.000075029477714286
0x0C1e99991dD2f7D374Bff13f9F52284CE6cfDAE5 bSlpBadgerWbtc -0.000087419825225610
0xFa5756494fEa34c83808CCb6626f6b7E66D46c4c bcrvRenWBTC -0.648724175999459000
0xE9B05bC1FA8684EE3e01460aac2e64C678b9dA5d bSlpBadgerWbtc -0.000116730245518366
0x7c2bE77574546b4513b4F30b6b1c5EA1C4AC8eFb bSlpBadgerWbtc -0.000117804041984872
0x9322C6CcbCE9fCC9BDC45fe2830704907330454D bSlpBadgerWbtc -0.000118626781242642
0x26b11a2497381ef5e28BcFCF881185791Ba11A5d bSlpBadgerWbtc -0.000128773473998937
0xb67620E8C9E19592b616942F895153e2dcF9CcB6 bcvxCRV -7814.344901059100000000
0x6Dce215F5D0209Bee096fb5147C423344D10553b bibbtc/sbtcCRV-f -0.846996854829162000
0xd65370c5565F2bEa121F3C22823233F98A4Be793 bibbtc/sbtcCRV-f -0.922370672269898000
0xCb0b3fbA44676Ae1Ade8dc211d43ded01f0513fa bibbtc/sbtcCRV-f -0.932371973276120000
0xA678abb7fA735b6A42C78214d6B150849c9570c4 bbveCVX-CVX-f -2086.680235476250000000
0xBfBAC9FDF2b937d88B7E97506B6c169dd0B03b24 bSlpBadgerWbtc -0.000156762272824640
0x4523b791292da89A9194B61bA4CD9d98f2af68E0 bibbtc/sbtcCRV-f -0.980763995807816000
0x0fd492cB2440074b9b5f16Dd008A972C55C60A49 bSlpBadgerWbtc -0.000159369109301692
0x5456B8CAEb4FA3E9795838832f41de0DD96c7912 bibbtc/sbtcCRV-f -0.991755891020704000
0x8b34f5931fD52f70661174486d66a973d50A2d83 bibbtc/sbtcCRV-f -0.995190186143696000
0x24d734a75166e66000C8d7f12A173e41358e3cc1 bibbtc/sbtcCRV-f -0.996706797720007000
0xA856E0cA37d3b64a137aD5d3e20C31843Fa9FB36 bibbtc/sbtcCRV-f -1.002561208691120000
0xfB62DF8935504b3f1C2b13B10aA9d8eE67e34690 bibbtc/sbtcCRV-f -1.003967036880300000
0x602a8f582b2e84A49f91899d6CdD36B825146637 bibbtc/sbtcCRV-f -1.025952855492390000
0x720b304e1f7F2ac7d1E60B03289B13a8A764F315 bSlpBadgerWbtc -0.000179089428661152
0x7759D0dbeAB2270Bea6F35679344d4D67B10cCE9 bibbtc/sbtcCRV-f -1.130674710437700000
0x18D1EB6F4a74aB1d4704ec1688d87047efDb83D5 bibbtc/sbtcCRV-f -1.148952007032990000
0xc0DAcf029bc8c4753dBfDf9aF8408D02bcA4e8B3 bfPmBTC/HBTC -1.147940822038800000
0x8F5db667276e9d805bF5aDb315374f8fa299699E bcvxCRV -12554.847609414800000000
0x785b70b908E1458bDAe818C03D7B8e6688B025E6 bSlpBadgerWbtc -0.000275879940990274
0xaAD747958F996B22F360fD1d0e3BA56eFD477C1f bSlpBadgerWbtc -0.000285933998224524
0x6B68b7652a32afF234C17796afcEA800d54e3428 bibbtc/sbtcCRV-f -2.003810122238030000
0x630CF545B04b6458faDC98654681456009f19478 bcrvRenWBTC -1.938782864727950000
0x2Ee8670d2b936985D5fb1EE968810c155D3bB9cA bimBTC -19.414395705173300000
0xDEF090607C0628Eb1c36bE11038e68e0d34d44d5 bSlpBadgerWbtc -0.000331797138485382
0x905DeFDEC5eB4f6Cd9d9ec4d4C52fc330EF2026B bveCVX -5000.001124879400000000
0x0716266cC5D3c443e30b0c4E9C72AFA33778E1de bcrv3crypto -81.342592237548500000
0xd87EcC6C74F486B044824a222326A96F696fCfA2 bveCVX -6985.618362681730000000
0x2Bf863a129Cd3FafFCFC6E7caA49588d446B2af3 bcrv3crypto -107.010951737997000000
0x0ECE7c1BfC9543B2cbeA8F5577d02E5f59a9f176 bfPmBTC/HBTC -3.967006087106280000
0xC255E0a1Be0A4B7B8Bf5EBE8d0Aba162CF75bae2 bSlpBadgerWbtc -0.000718292677040534
0x26A22514d3Ac0B05E2F4f04dF96EF302ba434cBE bcvxCRV -42537.289425938100000000
0x7Ed7888f3bF70ED07f94Fd7381D39476928331F7 bveCVX -10171.240584610900000000
0xB5cC3308C8E0F12fCCCa72e0fA3C8C20518c11e7 bveCVX -10868.760170822800000000
0xF2B8C142Edcf2f3Cc22665cCE863a7C9A3E9F156 bimBTC -49.749983579281600000
0x604eB5D4126E3318EC27721Bd5059307684F5C89 bcrv3crypto -168.645701159400000000
0xD50f649a2c9fD7AE88C223DA80e985D71DE45593 bveCVX -18042.519867472100000000
0xC610D02270c39a0581fE0137F5E93Ae5053D3c66 bSlpDiggWbtc -0.000000002506356308
0x0443180451b462bDC5E09Fc910712f10E90d8a62 bbveCVX-CVX-f -20247.466265437400000000
0xFaC01bF00180ff294915E840b4309B823b759F83 bcvxCRV -93582.000000000000000000
0xff4944F8809ec48d8aCc655ff83770cBd4C3A02a bcrvRenWSBTC -10.754238865403400000
0x1D8D739912AAE17819618e6e33580284C16785A9 bveCVX -25130.919014305900000000
0xee1F07F88934C2811E3DcAbdf438d975C3d62cd3 bcrvRenWSBTC -20.667204525632300000

After the tokens are recovered, they would be sent directly to their owners without the need to claim them by the recipients.

Vote:

Return recoverable tokens to the wallets from which they were taken
  • Yes, return the funds
  • No, hold them in the multi-sig and decide later

0 voters

1 Like

I can’t actually vote on snapshot due to being a pioneer and having my Badger in Arbitrum. But just to signal my support anyway. It is horrible and frustrating not having a vote even when I hold the governance token.

1 Like

Why not return proportionate amounts to wallets based on the total amount of each asset recovered? Returning all or nothing seems unfair.

3 Likes

These tokens can be traced back to their original holders. The DAO managed to recover them and can return them to their original owners. I don’t think that the DAO should be the arbiter in stolen fund redistribution.

More specifically, even though this is a small percentage of the total loss it covers 40% of the users. That’s because the hackers stripped large wallets first. If the DAO decided to distribute losses equally then it would act like an inverse Robin Hood.

There will be a different BIP discussing reimbursement of the remaining accounts.

3 Likes

Should we also take the funds of people that signed the transaction but did not have their funds transferred out of their wallets?

1 Like

fair point, I didn’t consider that.

1 Like

I’m changing my vote to yes. This situation is less perfect than I originally thought.

1 Like

I was surprised to hear that there were assets recoverable in this way. With that being the case, and knowing who owned the assets, returning them seems reasonable and prudent.

Socialising these assets was another option but given the determination of who owned them that isn’t something that should or could have been done.

Great work team.

1 Like

Being biased here, if we vote yes on this I’m getting my hacked funds back.

I don’t understand the NO votes. It’s like saying that the lucky ones that did not got hacked too should share the losses…

It’s an easy choice; if my wallet isn’t on the list, why would I vote yes?

My wallet is not on the list. But nevertheless I voted yes. I know, what pain they are feeling.

Many thanks to badgers. My wallet is on the table.

Great community way to support all users What has been lost should be returned and it was. Now the next step to compensate all the other non-returnable losses