Trust Setup for DAO investment into GoldCOMP

After careful consideration of the feedback received on the previous proposal regarding multisig concerns, the Goldenboys have decided to create a “Trust Setup.” Contract deployed here: TrustSetup | Address 0xb9259d9f2249eb7fb44140926bfd376b63c4925e | Etherscan

This framework defines a constrained set of actions that can only be executed with prior approval from Compound Governance through a process referred to as granting a “Phase”.

Let us provide a detailed breakdown:

What specific set of actions can the Goldenboys multisig initiate, and under what circumstances?
The multisig has the capability to execute the following actions:

Invest
Divest (including queuing a divestment and its completion)
Convert rewards into WETH
Update oracle fee (setter)
Before addressing the conditions under which each action can be triggered, it is important to note that the “Trust Setup” begins in a phase called NEUTRAL, during which the multisig does not possess any rights to initiate either investment or divestment.

Under what circumstances is a PHASE updated, and what are the implications of such an update?
As previously described, there are two actions that can only be enabled if Compound Governance grants the Goldenboys multisig the necessary permissions: invest and divest.

This process will be executed through the Timelock and requires calling the grantPhase(uint8) function. Setting the argument to 1 will enable the multisig to invest, while setting the argument to 2 will enable it to divest.

It is important to note that only the Compound Timelock has the absolute authority to change the PHASE.

How will the multisig safely handle each of the INVEST and DIVEST operations once the PHASE has been granted?

The “Trust Setup” is designed to ensure that the minOut for each action is protected by on-chain logic, thereby ensuring that trust is not solely dependent on the operational competence of the multisig but is also verifiable on-chain (see _ratioCompBpt(), _calcMinBpt(uint256) & _minCompOut(uint256). Furthermore, the architecture incorporates an additional slippage check to further safeguard these operations. This slippage check will be calculated off-chain by the Goldenboys multisig to prevent manipulation. Please refer to the following methods for further details: invest(uint256 _expectedMinBptOffchain) and commenceDivestment(uint256 _bptToDivest, uint256).

How are the rewards processed and to which destination are they sent?

Rewards are processed by the Goldenboys multisig, initially converting them into WETH. Subsequently, any bot can convert these WETH rewards into COMP tokens by referencing the COMP/WETH ratio provided by the Chainlink oracle. Upon completion of the swap, the resulting proceeds are sent atomically to the Comptroller, as hardcoded within the smart contract.

Proposal Overview

The goldCOMP DeFi vault created by the Golden Boys is an exciting new strategy designed to provide COMP holders yields on their COMP tokens. When a user places COMP into the goldCOMP vault, the depositor receives goldCOMP, a semi-liquid wrapped token representing their initial deposit. These goldCOMP tokens can be placed in a 99/1 Balancer pool , creating a passive income stream for COMP holders who plan to hold COMP for a long period of time. The depositor’s goldCOMP can be burnt to receive the initial COMP during regular withdrawal windows with no risk of slashing or penalty. GoldCOMP is an exciting investment opportunity for any COMP holder, aimed to enrich the Compound Finance ecosystem.

The proposal seeks a one year investment of 92,000 COMP of Treasury funds into the Trust Setup vault described above, to generate interest on 5% of treasury’s non-interest bearing COMP holdings.

Proposal Operations

Transfer 92,000 COMP to 0xb9259D9f2249eB7FB44140926BFd376B63c4925e
Call grantPhase(1) to ALLOW_INVESTMENT

3 Likes

Hi @Humpy ,

As discussed in your previous proposal we had concerns about the trustlessness of the prior setup and we feel as if this has not been entirely fixed with this proposal. When looking at TrustSetup we noticed 2 things:

  • Any form of withdrawal action (divest) is solely controlled by GoldenBoyzMultisig, meaning that the DAO cannot actually recall funds at any time under their own discretion. The DAO would first vote to initiate a PHASE update and then trust that the GoldenBoyzMultisig calls the relevant divest functions.

  • The goldCOMP vault that funds are deposited into delegates the deposited COMP’s governance rights to the GoldenBoyzMultisig. The requested 92k COMP is more VP than most active delegates at the moment. @humpy yourself alone retains 96k in COMP + assuming any of these addresses are related as described in Cylon’s security notice that’s ~417k COMP which is enough to pass quorum and pose significant threats to governance. So even if the DAO wanted to withdraw funds there is a possibility that it gets voted down.

Unfortunately, due to the above concerns, we are not in favour of this proposal. But we do appreciate the efforts that have gone into creating the TrustSetup

8 Likes

Please note that a follow-up proposal from the Golden Boys, Proposal 279, was recently submitted and will begin its voting phase in less than two days.

While the Golden Boys have attempted to address community concerns with a “Trusted Setup” detailed in this forum post , there are still many concerns with this approach as detailed by @WintermuteGovernance. We agree with these concerns and do not believe this approach sufficiently addressed the core issue with the COMP tokens being delegated without any clawback mechanisms or oversight from the DAO.

OpenZeppelin also shares @WintermuteGovernance’s concern that the large amount of COMP being requested would constitute a governance attack risk. We also remind community members that there is still nearly 230K of COMP delegated from a ByBit withdrawal source which may be aligned with the Golden Boys proposals, even though they have not yet shown any activity in voting. More on that in our prior governance security notice.

If the community wishes to vote against this proposal, we urge ALL governance delegates to be prepared to vote on Proposal 279 in case a large number of new delegate votes come into play.

7 Likes

The Compound Growth team is evaluating similar liquidity initiatives. Security concerns aside, From our early analysis there are much better POL opportunities available leveraging partnerships from emerging chains and dexes available. Most of these opportunities we are evaluating are starting at 15-20% APR and some as high as 40% APR. More information will become available as we push out the different case studies.

@Humpy happy to have a chat and discuss however much higher yield opportunities are available than 5%.

2 Likes

A new security notice update has been posted concerning the new submission from the Golden Boys, Proposal 289.

Given that this new proposal does not address the community concerns that led to the defeat of the last two proposals and has actually increased the amount of COMP being requested, it is fair to say that @Humpy and the Golden Boys are operating in bad faith. Their attempt to push through a proposal to take a large chunk of the Compound treasury without adequate protections appears to be a malicious attempt to steal funds from the protocol.

In my personal opinion, the actions of @Humpy and the Golden Boys can be considered a governance attack if they persist in their attempts to take funds from the protocol in clear opposition to the will of all other Compound DAO delegates’. I kindly request that they cancel their current proposal immediately and desist from future proposals. Otherwise, I will advise the DAO on options to restrict their ability to submit proposals going forward for the sake of the protocol’s security.

4 Likes

Thanks for the great work @cylon and @WintermuteGovernance - Three attempts without increased communication and moving further from voter consensus is highly concerning and should be addressed directly, and broadly. Given quorum related reruns are concerning but currently commonplace toward operational continuity, should we limit beyond the first rerun (2nd attempt), or perhaps categorically ban reruns of proposals voted down, as opposed to simply failing quorum? Please continue to tag and leverage the GSWG tasked with addressing these and related challenges (cc: StableLab @Doo_StableLab, Arana Digital @AranaDigital, & PGov @PGov):

I’ve explored this some in another context. While some DAOs require successful temp-checks ahead of the on-chain vote, what would you recommend @cylon toward an actionable updated general policy to prevent repetitive or ongoing misaligned proposal attempts from going to vote?

@Humpy - In the interest of ensuring I’m not misunderstanding intent, I would engage positively should you or your team take a pause to join or host a community call to increase alignment on your proposal. Along with others I ask that you please consider cancelling your proposal until such time greater parity can be found. I believe this would go a long way toward increasing your ongoing efficacy in advancing proposals successfully, and mitigate any further undue burden to delegates and direct voters through what currently is being construed as a gross misuse of our community’s intended voting procedures.

3 Likes

‘Steal funds’ is a wrongful & misleading phrase, especially coming from compound’s risk specialist. Requested investment goes through a Trust Setup with a constraint set of actions that doesn’t permit stealing/diverting of funds.

On that note, I’d like to thank all holders who voted for our proposal.