After 3 years of being deployed and used successfully our DEX protocol (DefiPlaza) suffered an exploit, which resulted in all funds getting drained from the contract. The attacker was front-run, leading to the sum of 62.5 ETH ending up with the Lido Execution Rewards Vault. We have contacted the front runner and they promptly returned their profits from the transaction to the DefiPlaza team. However, the bulk of the missing funds now sit with the Lido stakers. Please refer to our post mortem for more details.
Obviously we understand that none of this is Lidoâs fault, yet as it is a side effect of the Lido implemententation we appeal to the Lido community to help us recover some or all of the funds that were taken from our community. Given that Lido is a permissionless protocol, our only available recourse is to ask the DAO to facilitate a return of as much of the lost funds as possible. From a technical perspective, we are not entirely sure what the options available for that are as we are not intimately familiar with the details of how Lido is implemented. Weâre open to suggestions on what to put into the final proposal on this front.
Weâre aware of the previous discussions here and here around a similar situation with Sushi. That proposal nearly passed but ultimately failed to meet quorum. Thus, we believe this new situation warrants another look at how the DAO wants to deal with incoming funds originating from smart contract exploits.
Thanks for your consideration and feedback.
Team DefiPlaza
I would defer to my comments here and here. Even though no official policy on how to handle mev exploits has been ratified by the DAO to dateâmostly from a lack of motivated individual to push for itâall of the arguments from previous discussions still apply:
95% of these funds are not the DAOâs to command but belong to stakers and node operators.
The other 5% the DAO has received as a service fee for processing the block and is no more obligated to return the fee than a subway operator is obligated to return a train ticket bought by a bank robber.
In order for Ethereum to be neutral infrastructure, it is important that validators and node operators act as close to âdumb pipesâ as possibles. They more discretion they exert today, the more discretion they will be asked to exert in the future.
If Lido DAO agreed to arbitrate any MEV transactions, it would open it up to demands to arbitrate all MEV transactions, down to a single DEX user getting sandwiched. This violates not only the previous principle, but also goes against the DAOâs singular focus on security and governance minimization.
So while I am very sorry about your loss and sympathize with the proposal from a personal perspective, actually acting on it would set a negative precedent and lead to a bad outcome for Lido and Ethereum on a systemic level.
Thanks for chiming in here as well as in the Sushi thread.
Though I full well understand that both the DAO and the node operators/stakers have only come into possession of these funds as a side effect of how the Ethereum bribe system works, I also believe that doesnât absolve them from a certain duty of care.
To use your subway operator analogy⌠If that operator which normally charges $0.50 for a ticket accepted $200k to clear a cart for a group of bank robbers, I would very much expect that they would be held accountable for that. Seems from the Sushi proposal that thereâs plenty of people in the Lido community who agree that stolen funds shouldnât be kept as well.
Though I realize itâs mighty inconvenient, I donât see what the negative precedent would be. Nor the bad outcome for Lido / Ethereum on a systemic level. This is not Ethereum Classic.
Since the original DAO hack and subsequent rollback, I believe that the argument that code is law even in the face of illegal activity is objectively rejected by this ecosystem.
Just like Sushi did, I would make the argument that this is not MEV as normal front running is not illegal. These are proceeds from a hack. The front runner already returned their part without question, as they donât want any part of that. Again, I realise that Lido didnât ask for this to happen and itâs just a side effect of how everything is implemented. But that doesnât change the fact that the only parties in possession of stolen funds are Lido DAO / stakers / node runners.
Ironically, had the original attack gone through the attacker wouldâve sent all the funds to their EOA. Which very well might have given us the opportunity to negotatiate with the attacker for the fundsâ return (yes that is conjecture and weâll never know for sure). But it is a really strange world in which a project is better off having their funds taken by a hacker than having it end up with one of the most reputable parties on Ethereum. That canât be rightâŚ?
I take the view the funds were not âtransfered to Lido due to an exploitâ. An exploit unfortunately took place between two parties with no connection to the Lido protocol. As a result of a tip the hacker paid to validate this transaction, a validator participating in the Lido protocol received MEV fees. The proposal is technically requesting that Lido DAO compensate, out of its accumulated stETH, 62.5 ETH.
Not having set a precedent that Lido should or should not arbitrate these types of disputes, means that requests like these will likely continue to come in, which would end up setting a precedent. The precedent in question is that Lido DAO is in a position to arbitrate grievances between two or more parties in transactions where Lido the protocol played no role â for that matter, not even technically âvalidating activitiesâ, as those were performed by participants that use the Lido protocol, not the DAO or stETH in and of itself.
Steakhouse will vote to reject accordingly, to maintain the DAOâs neutrality in similar cases now and in the future. We look forward to a state of minimized governance when such votes might not even be possible.
I regret that the hack took place at all and fully sympathize on a personal level.