ETH PoW Updates

TLDR: The community multisig front-ran a black-hat and drained cETH on ETH PoW for 186.6k ETHW worth about $680k

On September 15th 2022, the Ethereum merge happened and ETH PoW diverged from Ethereum. The Compound community decided that it would not maintain the Compound protocol on ETH Pow—there have been no oracle updates and no monitoring of any activity on the protocol.

This past Saturday, I noticed that an unknown individual created a proposal to transfer the timelock admin to their own EOA. They managed to pass this proposal prior to anyone noticing it–effectively taking complete control over the protocol. I notified various community members while I started searching for a way to front-run the black-hat.

Prior to the ETH Merge, we paused borrowing on the cETH market via borrow caps as suggested by @monet-supply . This pause was lifted shortly after on ETH mainnet but remained on ETH PoW. The community multisig took advantage of this on ETH PoW. We sourced 347 million USDC for about $300 to use as collateral, then atomically raised the borrow cap, borrowed all the capital left, and lowered the borrow cap. This is the tx. The black-hat actor drained the ETHW held in the timelock and cUSDCv3 for a total of 9,138 ETHW.

I’d like to applaud the community multisig for managing to come together over the holiday and save community assets.

Please discuss below what should be done with these assets.

Great work @arr00!

In my opinion, the rescued ETHPOW should be controlled by the Timelock on POS Ethereum and the community can decide what to do with it. We can keep it where it is (ETHPOW pause guardian address?) while the community discusses because it is safe there.

Are there options to bridge it, or is it stuck on ETHPOW? Can we think of and detail some options for the community and list them out here?

I also think that Arr00 should take a 10% white hat rescue fee.

I second this suggestion to bridge assets to the PoS Ethereum Timelock and award Arr00 a finder’s fee.

The community can also consider using an Aera vault by Gauntlet to divest the ETHPoW into other more long-term assets.

ETHPoW has relatively limited infrastructure built up and as such bridging abilities and on-chain liquidity are minimal. I think we should look for an OTC partner to convert it to mainnet ETH or USDC.

Just a quick update here. There are a few leads for OTC firms that would take this but all require a legal entity to sell the assets. As of now the DAO has no legal entity. Any ideas for how to move forward here would be greatly appreciated.

To the question about OTC conversion needs, perhaps one of the DAO’s service providers would be willing to facilitate? Perhaps Questbook’s legal entity, or that of another provider like Alphagrowth, might be in a position to take on this role.

I am supportive of the bounty to arr00 for recovering the ETHW. Beyond that, I am of two minds:

(1) Reserving a small fraction (say 10%) of the converted ETH for Compound community governance maintenance would be convenient, albeit potentially controversial. It would be nice to be able to periodically reimburse @arr00 for comp.vote gas and myself for the costs of keeping the forum online (recall the forum went offline for a few weeks while we navigated a handover to community stewardship) without needing to pass an on-chain proposal or apply for a grant through Questbook. This ETH to be managed by a community multisig for expedience, with an expectation of public reporting around its use. The clear downside is that accountability is only enforced socially, so it is a less accountable solution than a Questbook grant or on-chain proposal.

(2) There is a decent case to be made that the recovered and converted ETH should be the property of the depositors who held their ETHW in Compound on the PoW fork. Even though most of them were likely not going to bother recovering their ETHW – and even though it was about to be stolen via governance takeover on the PoW fork regardless – it would be a respectable gesture, and good for the community’s reputation, to return a significant fraction of the ETH to these addresses pro rata.

There are costs associated with (2), both in terms of labor and gas, to distribute this ETH. The gas could be paid as a global haircut on the recovery, and the labor could be compensated either by the same source or by a CGP grant.

The Compound growth program is mandated to service Compound’s growth and help in ventures that positively impact the community. We also have a legal entity for AlphaGrowth that could be instrumental in facilitating the relationship with OTC partners. We will start engaging some potential partners and update the community here on the options to go forward.

For the assets, Once we have identified the partners to work with, we will consult the community on the logistics, distribution and execution. I support the 10% fee to Arr00 for their work to safeguard the community interests.

Thank you @sharp for allowing the community to swap this asset. We will go forward with using the AlphaGrowth legal entity to swap it via wintermute. There are two open questions which are up to the DAO to decide. Should we swap to USDC or ETH? Should we create a symbolic governance proposal to get approval from the DAO to move these funds? I’ll put two polls below to gauge sentiment.

Should ETHW be swapped to USDC or ETH?

Should there be a symbolic goverance proposal to approve the swap and 10% white-hat bounty?

I’ve posted a proposal on snapshot. Go vote!