welcome back to the Tally newsletter, your weekly source for DAO governance insights. i'm coolhorsegirl and i’m so happy to be here. 🟣

risk, risk, risk. we’re talking Curve hack, the associated Aave situation, and the practical effects of ineffective risk management. believe it or not, there’s one positive—increased decentralization of the protocol.

also, Arbitrum has not one, but TWO proposals live. Compound is considering adding MatixX and Nouns fork may be going live, too. let’s get into it 👇

🤿 deep dive: risk management who?

last, the defi AND DAO community was shaken by a significant security breach. Curve suffered a hack resulting in a loss of approximately $62m. the situation further intensified as michael egorov, the founder, faced the potential liquidation of a $60 million+ position on Aave, raising concerns about a broader defi meltdown.

let’s break it down: egorov put ~305m CRV into Aave and borrowed ~63.2M USDT against it. this meant that he could use CRV to buy liquid assets, like a house in melbourne, without driving down the price of CRV. liquidation would be triggered at a CRV price of ~$0.3188. if that happened, Aave would be stuck with debt and AAVE stakers would have to cover the shortfall.

it makes you think—is it on the Aave DAO or on you as an AAVE holder to research who Aave is allowing to take out loans (irresponsible founders, cough cough)? it’s led to some deeper conversations about the role of governance in lending protocols, too.

the root cause of the hack was traced back to an issue in the Vyper—Curve’s version of Solidity—compiler. several pools, including crv/eth, aleth/eth, mseth/eth, and peth/eth, were compromised. additionally, the Arbitrum tricrypto pool was flagged as potentially vulnerable, with Curve urging users to exit. gnarly.

however, amidst the drama, there's a silver lining. the incident has inadvertently led to a more decentralized ownership of Curve, with founder and VC tokens being sold to 3rd parties. defi protocols and aligned founders are now in the picture.

and lucky, the hacker has already returned ~50m after Curve sent the hacker a message telling them they could keep 10% if they returned the rest. maybe we got lucky this time, but regardless, the Curve AND Aave situation is a vivid reminder to DAOs to proactively manage risk.

⌛️ onchain proposals

onchain DAOs are decentralized autonomous organizations that operate entirely on the blockchain, using smart contracts and other blockchain-based technologies for its operations and decision-making processes. Tally believes that true DAOs operate onchain.

💙 Arbitrum

AIP-3 [Non-Constitutional] Fund the Grants Framework Proposal Milestone 1

summary: this proposal requests 3,360,000 ARB (0.07% of the total treasury) to fund the first of three milestones in a comprehensive plan to build an Arbitrum DAO pluralistic grants grogram. at the end of milestone 1, pluralistic labs will have delivered: DAO native workshops, the grants program, and the grants program report.

voting ends: august 14th

AIP 4: Update Security Council Election Start Date to Ensure Time for Security Audit

summary: change the security council’s election start date from a “hard” annual september 15th to a more flexible date to ensure enough time to complete the audit before start.

voting ends: august 18th

🟩 Compound

Add MaticX as Collateral to USDCv3 Polygon Market

summary: using parameters from Gauntlet, this proposal would add MaticX to Compound. big: there is 20m+ MaticX on Polygon that haven't been deployed on defi yet.

voting ends: august 11th

🟡 NounsDAO

Nouns DAO V3 upgrade, including Nouns Fork (edit)

Summary: this proposal upgrades the Nouns DAO logic contract to v3, with 5 key changes: (1) proposal editing, (2) propose by signatures, (3) objection-only period, (4) votes snapshot after voting delay, and (5) Nouns fork.

Voting ends: august 12th

📝 what we’re reading & listening to

📄 ”Rollups-as-a-Service Are Going to Zero” by Neel Somani

ignore the clickbait-y headline; this is a solid deep dive on rollup economics and exploration of shared sequencer endgames

🐦 “introducing SEAL911” by samczsun

a new telegram bot called SEAL911, solving the hardest part of responsible disclosure: finding the right person to talk to

🐦 “Wake up honey! Governance is broken, again” by ivangbi

after the Curve hack and associated Aave situation, people are questioning the role of governance in lending protocols; this thread takes an “it’s not all bad” approach important to weighing the costs and benefits to DAO governance

💫 DAO talk: risk management has left the chat | DT weekly ep. 49

🤭 meme of the week

Tally is LIVE on Base! launching today, you can bridge your DAO to or build your DAO on base. we’re keen to see the first base DAO up on Tally!

~ coolhorsegirl 🐴

p.s.- cookies in kensington gardens, nothing better than a mid-summer day in the sun with the king’s swans. did you know all the swans in london legally belong to the head of the royal family?