The Tally Newsletter, Issue 10

December 15, 2020

Dec 15, 2020

Welcome back for issue 10 of the Tally Newsletter, a publication focused on all things decentralized governance. We’ll keep you updated on key proposals, procedural changes, newly launched voting systems, shifting power dynamics, and anything else you need to know to be an informed citizen.

This week, we cover:

Nexus Mutual founder Hugh Karp’s wallet hacked
Compound’s failed compensation proposal
Uniswap team launches Sybil identity solution
Maker automates debt ceiling management

NXM Tokens Stolen in Hack

TL;DR: Nexus Mutual founder Hugh Karp lost $8 million in a targeted attack, despite using a hardware wallet.

Yesterday, Nexus Mutual founder Hugh Karp fell victim to a targeted hack, resulting in the loss of 370,000 NXM tokens (roughly $8 million at current prices). The attacker had compromised his computer, allowing them to substitute a fraudulent transfer in place of a regular transaction being performed.

Nexus Mutual 🐢 @NexusMutual

Initial investigation: A targeted personal attack on Hugh. Hugh's using a hardware wallet. The attacker gained remote access to his computer & modified the metamask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address.

While many people assume hardware wallets guarantee safety, this case demonstrates the potential pitfalls for high value uses. Hardware wallets typically show full transaction details for simple ETH or token transfers. But smart contract interactions only show call data on the device, making them nearly impossible to verify effectively. This incident may call into question security practices followed by other prominent token holders and governance delegates.

banteg @bantg

This Metamask phishing attack is scary. Imagine double checking the raw calldata on Ledger by hand every time. For example, this is an annotated Uniswap trade, the argument order in the ABI encoding differs from what you could see in the contract.

Apart from technical ingenuity, this hack was also unique due to the transfer and KYC restrictions placed on the NXM token itself. The hacker completed the mutual’s KYC process recently, but one can assume they provided false identity details to avoid further suspicion.

Nexus Mutual 🐢 @NexusMutual

The attacker completed KYC 11 days ago and then switched membership to a new address on Friday December 3rd. The mutual is not impacted; the pool of funds and all systems are safe. Our investigation is ongoing to identify the attacker and how they operated.

While Hugh has offered a $300,000 bounty for return of the lost funds, it appears that some of the stolen funds were already sold via 1inch Exchange, with further recovery in doubt.

Compound Votes Down Compensation Proposal

TL;DR: Compound proposal 32 has been rejected by voters, but the community may support a revised compensation scheme.

Recently defeated proposal 32 may have been Compound’s most contentious vote yet.

On Thanksgiving day (November , the Compound protocol experienced a wave of DAI market liquidations. This was caused by an isolated price spike on Coinbase, the exchange supplying Compound’s price oracle data. In total, over $80 million in loans were liquidated, resulting in over $6 million in liquidation penalties assessed against borrowers.

While the system ultimately performed as expected, impacted users were upset at being liquidated based on an inaccurate market price. The price traded as high as $1.30 per DAI on Coinbase, despite prevailing market rates never exceeding $1.05 during the period in question.

Anonymous forum user “kybx86” proposed to distribute COMP tokens to affected accounts to offset their 8% liquidation penalty. While this proposal initially seemed fair enough, two large stablecoin farming operations were responsible for over 60% of liquidated debt, and would receive most of the compensation.

José Baredes @josebaredes

The debate around the Compound proposal 32 would be solved a lot quicker if the proposer kybx86 would reveal their AUM instead of hiding behind an alias. I wouldn’t be surprised if it was in the 10s of millions. What do you think? @rleshner @maxcwolff @jmflatow @cjliu49

Many were also uncomfortable with the moral hazard issues involved in compensating the riskiest users, or the potential for unclear precedents when departing from “code is law” interpretations.

Source: Tally governance app

Ultimately, the proposal was defeated by a wide margin. But this likely reflects concern about this proposal’s specific implementation, rather than general opposition to compensating users. Delegate and synthetix founder Kain Warwick also observed that compensating users can help align incentives and build a culture of skin in the game governance.

kain.eth @kaiynne

However, there are risks, and liquidations due to anomalous prices are foremost among these. The reason I voted yes is that I want to ensure there is skin in the game for all COMP holders, so they are hyper aware that the funds on deposit are at risk, and they are responsible.

Sybil Platform Supports Decentralized Identity

TL;DR: The Uniswap team has released a tool allowing delegates to link their address with their off chain identity.

Uniswap Protocol 🦄 @UniswapProtocol

👥 Introducing Sybil.org, a governance tool for discovering Uniswap and Compound delegates! 📜 Sybil maps on-chain addresses to digital identities, while avoiding on-chain transactions and user signups 🦄 Verify and discover delegates now! uniswap.org/blog/sybil/

Earlier today, the team behind the Uniswap decentralized exchange released a new platform for delegate identity. Sybil allows users to seamlessly link their voting address to social profiles (currently Twitter, but other integrations such as Github may follow in the future).

Compound’s governance dashboard is a current leader in delegate identity, with clear labeling of most prominent voters and delegates. But the process of claiming an address is far from scalable, relying on the Compound Labs team to manually add user data to their interface. In addition to scalability issues, this mechanism is also centralized and potentially vulnerable to manipulation (either by website maintainers or users impersonating delegates).

🤖 Leshner @rleshner

🦄Verifying myself as a @UniswapProtocol #UNIDelegate on Sybil🏛️ sybil.org/#/delegates/un… addr:0x88FB3D509fC49B515BFEb04e23f53ba339563981 sig:0x4f22b39be26b328cd36bb87e4e8a8e6891bcd8e17b7d460f2887f8aa4d0aa0cf5ddcbbf0bd2a64d666c1b709383b81daee3690a27fe96e7bc435e2255ff1153c1b

sybil.orgSybil

Sybil’s onboarding flow avoids these issues by having new users sign a message from their wallet to confirm ownership, and then post the signature hash publicly to link their social account. In many ways this is similar to the 3Box solution discussed in last week’s newsletter, but with a specific focus on Compound and Uniswap governance systems instead of Snapshot voting.

This innovation fits in line with Uniswap’s previous contribution to decentralized curation via token lists. By eschewing central control over data and content, the Uniswap team can support the ecosystem’s need for reliable data, without thorny liability issues that come with direct control.

MakerDAO Implements Debt Ceiling Controller

TL;DR: The ETH-B debt ceiling will now be managed by an autonomous controller, helping to eliminate low level governance decisions.

Up until now, all of MakerDAO’s collateral assets have had their maximum debt exposure manually controlled by governance. The debt ceiling parameters help MakerDAO balance overall risk between assets, but also play a key role in limiting losses from short term volatility.

Due to Maker’s one hour oracle delay, sharp price falls can sometimes be exploited to take out undercollateralized loans. This is a particular concern for Maker’s ETH-B vault, which requires only 130% minimum collateral ratio to borrow funds. In this case, a fall of ~25% or more in 1 hour would be enough to cause system losses.

The recently approved debt ceiling instant access module helps maintain a reasonable debt ceiling and limit risk, without requiring continuous governance voting. Instead of setting the debt ceiling directly, governance approved a maximum debt ceiling (50 million DAI) and target available borrowing capacity (5 million DAI). Any user can poke the system to update the debt ceiling if available borrowing capacity is above or below target, with a 6 hour cooldown period to prevent excessive increases.

While this system is currently only used for ETH-B, Maker governance is planning on extending it to other collateral types to further automate low level governance management and reduce voter fatigue.

That’s all for this weeks’ updates. Thanks for joining us, and we look forward to having you back next week!

Be sure to check out the Tally governance app, and join us on Discord for the latest updates!

Anything we missed? New developments or protocols you’d like to see covered? Drop us a line at newsletter@withtally.com

Best,

Nate, Tally

The Tally Newsletter