In a recent proposal from TribeDAO, a DeFi decentralized organization with Rari Capital as a part of its ecosystem, has agreed to return funds to all affected customers in the wake of yet another exploit that cost Rari Capital $80 million in May.
TribeDAO, consisting of Midas Capital, Rari Capital, Fei Protocol, and Volt Protocol, took the decision to vote on Sunday to reimburse hack victims.
Governance initially decided that victims of the hack would be compensated fully. However, a disputed second vote was then held by Fei, who declared that it would end TribeDAO operations and stood against full payback, opting for partial reimbursement.
Following backlash against Fei’s proposed partial refund scheme, another Snapshot vote in favor of full repayment was approved. The latest fourth vote, approved and carried out on Sunday, promised to reimburse victims of the attack the remainder of the funds.
In a September 23 Twitter post, Fei founder Joey Santoro announced that all addresses that saw turmoil would see reimbursement, further adding, “Hacks are brutal for everyone involved, and this has weighed on myself and the community for many months now. This positive closure gives us an opportunity to reflect and take away lessons for DeFi.”
Over $80 Million Stolen
In late April, several Rari Capital pools suffered an attack from a hacker exploiting a reentrancy vulnerability in Rari’s Fuse lending protocol; according to the blockchain security auditor, Block Sec.
The attack ended up erasing more than $80 million from protocol pools. Rari Capital admitted the breach and halted all borrowing globally to avoid further damages. Shortly after the halt, Fei protocol, a Liquidity-as-a-Service protocol that had merged with Rari and became its ecosystem partner, offered the attacker 10 million of the stolen funds in the hopes of seeing the return for the rest of the funds. But to no avail.
The hack came one year after the protocol suffered from a hack that cost users 10.4 million.
Overwhelming Majority Vote
Proposal TIP-121b: Rari Fuse Hack Payment passed with a 99% majority vote to pay individuals affected by the hack. In the proposal, TribeDAO details how a trustless smart contract would be used to enable users to return cTokens from affected Fuse pools to exchange for FEI tokens equal to each address’s “effective losses” from the 24-hour period preceding the DAO vote on the Fuse Hack Payment.
DAOs and smart contracts involved will be able to exchange cTokens from impacted pools, claiming DAI as the payment method. For the purpose of determining the overall bad debt, the prices of non-dollar pegged assets would utilize a 7-day Time Weighted Average Price ending at that exact block.
The total amount to be paid is approximately 12.68 million FEI and 26.6 million DAI, totaling 39.5 million dollars in value.
The proposal is the latest of a series of governance proposals regarding the Rari fuse hack, with a few more governance decisions regarding this matter planned to take place over the next few weeks.