Scope: Reinstate rembadger Position
A victim inadvertently converted remBadger into Badger. The real intent was to move the remBadger tokens, and the victim would like to reinstate their original remBadger position.
901.3502818045444124 rembadger https://etherscan.io/tx/0xdca840ee62f3f01c04925e5092b57ebb1bc4bde9e6641a3c67717cfa0dffb821
1 rembadger https://etherscan.io/tx/0x6814c5fa36d7fbdf68bf0e732b2f3513c011c01737d1fecfea2e3aebcfc21676
As approved in BIP 80, Badger DAO created the rembadger Sett vault that was approved by community governance to distribute 2M Badger tokens to this vault over 2 years. The vault doesn’t allow for deposits but only withdrawals. Once you withdraw your underlying Badger tokens from the vault you forfeit the future Badger distributions to that vault.
The process to reinstate the victims original rembadger position is for the dev multisig to upgrade the vault contract to allow for the whitelisted wallet to deposit Badger tokens as a 1 time option in exchange for 902.3502818045444124 rembadger.
- Yes: Reinstate the victims rembadger position
- No: Don’t reinstate the victims rembadger position
What is unclear in this proposal is the amount of BADGER that is expected of the party to deposit. Would it be the amount they received in exchange for those two transactions (291,205.47565909771759218 + 323.076923076 = 291,528.552582 BADGER)
Or would it be the current amount that would equate to 902.3502818045444124 (333.58889365 * 902.3502818045444124 = 301,014.032192 BADGER)
What is unclear to me and not answered in this BIP at all: how could this happen? You cannot accidently withdraw from this vault, there’s a HUGE BIG WARNING message which you need to confirm which explains exactly that this is a one-way transaction:
This either doesnt tell the whole story or is disingenious. Maybe the remBadger holder needed the funds for something else (the withdrawal ‘incident’ was weeks ago), but now s/he wants back in for the favourable terms?
Unless there’s a good explanation how this can be an accident, I dont think Badger devs should spend time to fix this. And that fat warning message makes it curently hard to believe how this can be an accident. But maybe there’s a more convincing story to this?
So here is my thoughts on this:
From an economics point of view, restoring withdrawn remBADGER from any user slows down the rate at which other victims are payed back, and with such a large amount also reduce a real chance that Badger could pay back the full amount before emitting all the tokens which would be a big win. The economist in me says no.
However, then there is principal. The restitution happened in the first place based on a general belief that the DAO should do what it can to help Badgers recover from their loss. The exploit in the first place affected a small number of people, and yet we came together as a community to make them, even at considerable cost to all BADGER HODLers. I question if this situation is any different.
There seems to be a lot of no votes here. I think this BIP should go to snapshot and the HODLers should decide. Based on the sentiment, I think it’d perhaps be more likely to pass, if some sort of middle ground could be negotiated. Could some % of the remBADGER be restored? This would leave everyone else to be paid back a bit quicker, and provide the DAO with some chance to end the program with a complete payback early. At the same time, it doesn’t leave our remBADGER megawhale HODLing megabags of BADGER and BTC and perhaps feeling the desire/having clear reason to rage quit and never come back.
BIP-86: Change and ratify Badger Council membership ratified a new BADGER council, which I believe to now be made up of intelligent and thoughtful members of the team and community who care both about the economics of the protocol and the principals of the DAO.
I suggest, if at all possible, that the HODLer requesting re-deposit of their remBADGER get in touch with the council, work out some governance, and then bring it to an up/down snapshot to decide. I also propose that we only do one such snapshot, to encourage all parties to come up with a balanced proposal up front, and to help us get over this and move on with BUIDLing.
Unless there’s a good explanation how this can be an accident, I don’t think Badger devs should spend time to fix this. And that fat warning message makes it currently hard to believe how this can be an accident. But maybe there’s a more convincing story to this?
Institutional BADGER investors use Fireblocks which is an alternative program to access our smart contracts. This warning was a feature in our app.badger.com UI, not the smart contract.
In general people transacting millions of dollars in value on ETH should hire experts to build and verify their transactions or take the time to do so themselves every time. So one could say this is no real excuse, but that kind of holds true for many of the recipients of the initial restitution as well. Badgers clearly look out for each other. No matter how large or small they may be.
I don’t think there’s anything disingenuous about this BIP. The blockchain is a cold/hard place where once something is done it is done. DAO governance exists, in part, to help mitigate that a bit from time to time. Just like the original restitution that is what we are seeing now.
Badger manages a half billion dollars…so then why didn’t the Badger team invest money in preventing this type of attack? Which team member was irresponsible and allowed the hacker access to the front-end initially? He/she was never identified in the post-mortem. And how exactly is this being remedied, since Badger has not offered any prescriptions to prevent this from occurring again in the future. Recall, no Badger team members had BTC stolen, but they are entirely responsible for the front-end failure which led to this hack and subsequent BIPS to remedy the situation. Acting as if there is some sort of moral high ground here is ridiculous. There would have been no hack were it not for a Badger core team member allowing intiial access. And to propose this goes to Badger Council? This circumvents the normal protocol for every BIP done so far. Why the sudden change? Why would any team member consider this a viable option?
I was suggesting that the council accept some feedback in RFF, and speak with the involved parties and perhaps change a contentious BIP before moving it to snapshot to take community sentiment into account. This is exactly what we’ve done for all of the recent BIPS, including the bveCVX restructure, the recent emissions BIP and the recent council BIP. Of course the final decision here must be made by a snapshot of all BADGER HODLers.
I’m not taking any moral high-ground ser, just trying to think about this from all sides. I’m on vacation right now so I’m not going to take the time to find all the podcasts about how to DeFi Safely that we have done since the exploit, but they exist.
We’ve also retained DeFI infosec experts Halborn to help us totally rebuild our frontend infrastructure and conduct a full infosec audit on it. Further, we’ve open-sourced our UI so anyone can review our code and practices or fork it and build one of their own. We are working to ensure that anyone can build a Badger UI with hopes that eventually, some day, there is no need for an official Badger UI.
The question here is not about the past, it is about how to handle this situation. I welcome any feedback you have on how it should be handled.
The opinions here are my own, there is no “team” with a unified point of view on this topic, no different from our community. I just try to hear/consider all sides.
so let me get this straight.
we spent MONTHS trying to define the rules of BIP-80, by going back and forth, we then had a vote and an outcome where the rules were clearly explicit for everyone - especially for the party representing 40% or so of the total hack.
Now “somehow” the biggest whale screws up and claim “they didn’t know”? and of course they discussed this privately with the team WITHOUT using proper governance protocols (bringing the discussion to Discord, commenting here, not even writing up this proposal and letting Spada write it up himself for them).
I understand where you come from though. You didn’t lose a penny from the hack, so if this whale leaves Badger the TVL collapses and possibly the Badger token takes a hit, so yea you only have downside and not clear upside - you clearly don’t care if the whale gets back his remBadger since it doesn’t dilute yours at all.
I wonder what type of publicity for Badger DAO would come out if this were to pass…
I don’t personally have an opinion on this matter and I will not vote. It would be better for the DAO’s finances by a long shot for this BIP not to pass.
In the end this is a DAO, governance decisions are up to the Token Holders, most of whom are in my position are are not really effected by this. It is completely valid for someone to bring this matter to governance, and whatever is voted on will be the decision.
Your argument that this is a change to what was laid out in BIP-80, which is set in stone and should not be changed is somewhat valid. BADGER has a history of adjusting BIPs with time, but remBADGER is a different kind of promise and decision and did have an incredible amount of work put into it. We should be very very careful changing the conditions if we are going to do so.
I was just trying to suggest that a compromise could be possible.
I also agree that this BIP would be a lot more likely to pass if the HODLer in question showed up and spoke for themselves. I don’t find it a problem that they asked Spada, who is our BizDev lead, to post this on governance for them. Anonymity, however feigned it may be in this case, is something we should support as a DAO.
In the future I would prefer such requests go through the Badger Council which is duly elected and made up mostly of community members outside the core team, but we’re still hashing out the future of our governance and this happened when it did.
I represent the entity that is asking to have its remBadger position reinstated in this proposal.
This was a human error involving one member of the team, and while we understand that it may hard to believe that it was a mistake, that’s what it was.
Had we really needed the funds for something else as you suggest, it would have made more sense for us to withdraw some of our deposits in Badger rather than claiming remBadger and sacrificing a steady stream of future rewards.
We did not sell any of the claimed Badger nor did we we use it to vote for any BIPs.
While this did happen several weeks ago, we notified the Badger team immediately to explore our options to unwind the transactions and learned this could only be done through a BIP. We then spent some time socializing the idea of a BIP with community members we had gotten to know during the restitution process and ultimately decided to move forward with a BIP asking that our remBadger position be reinstated.
Yes, the Badger team will need to spend some time on this, but we don’t think this is an unreasonable ask given the size of our LP position in Badger.
Mazzi, I’m guessing you’re a remBadger holder too?
I try not to look at this from a fear/greed perspective, but from one that considers the position of all impacted parties. I love aphorisms, and here’s one:
- “It’s possible to never transgress a single law and still be a complete bastard.” ~Hermann Hesse
We can follow the rules strictly and feel good saying we did. But that doesn’t make it right. It’s easy to be critical because Celsius is a big company, and we all like to stick it to ‘the man’. But how would we react if this were somebody’s life savings? Somebody we knew? Most of us with more compassion for the circumstance. It’s a do-unto-others kinda thing. I don’t believe in tailoring the solution to whether or not we ‘like’ the party on which we’re deliberating.
Re-instating their position puts us all in no-worse of a position than we were in before this was brought to light.
ps. @bruce614, I pitty the poor intern
I spent many hours helping to craft the restitution to help return the funds lost during the December 2021 exploit. It is all but too ironic that upgrading your security allowed for a new path of risk to emerge. The fact is in DeFi we are all given individually and collectively tremendous power. The mistake of a handful of users can lead to outsized impact to the many and the many can create outcomes that heavily impact a few.
In this particular case the mistake of literally one entity is now impacting the entire DAO. This mistake is hard for many to digest because although the solution may appear simple to fix from your perspective, in DeFi code is law and law is coded. You literally broke the law and now are asking in front of the DAO’s court for an exemption without even a written warning. What precedent does this set?
This is a learning moment for the community. To reevaluate the process in which the DAO is governed. Because were you not the DAO’s large LP tyrant but instead its large LP partner then there could be literally coded exemptions to the DAO’s laws allowing you to bipass certain clauses because of the value the DAO gives towards its partnerships.
Many members of the community are active in governance past and present. They played a pivotal role in constructing the restitution program and knew the program inside and out, including the consequences of withdrawing from remBadger, which was a fundamental aspect of why the program was chosen for restitution. Yet, you were absent or sending messages in the wind. If you did play a role in restitution none of those intentions or actions can be found in the forum or discord. So, your mistake of withdrawing the funds, to those that worked so hard (literally losing sleep) to build a restitution for you, felt insulting. Even more insulting was the path chosen for this BIP.
There is a way forward in which animosity is avoided and the DAO and you can exist as a harmonious partner willing to forgive each other for mistakes of the past, present and future. That will not happen with veiled whispers in the shadows.
Come by and say hello.
This is an ETC moment for Badger.
I wonder why that one member of the team decided to do the withdraw. And, why there were not enough checks and balances in place to prevent something like that. Like requiring at least two people to approve that transaction. Seems prudent for large sums of money.