FeedProjects
Developers
Settings
🎉 A new chapter begins: Boardroom has joined Agora
Learn more
protocol logo
Explore / Projects
CoW DAO

Proposals

Members

Information

Create Proposal

CoW DAO

ProposalsMembersInformation
Proposal
Back to Proposals
closedEnded 3 years ago · Snapshot (Offchain)

CIP-22: Slashing of the Barter Solver (responsible for a hack causing CoW DAO a loss of 1 week fee accrual)

By 0x0385...279414
CIP: 22
title: Slashing of the Barter Solver
author: Anna
status: active
created: 2023-02-08

Simple Summary

On February 7th 2023, the Barter Solver was hacked, causing the CoW settlement contract to lose a total of $166,182.97 in funds (CoW Swap’s accrued fees of the last 7 days). The Barter Solver had been added to CoW DAO’s Solver Bonding Pool and was whitelisted 11 days prior to the incident. In line with CIP-7 it is CoW DAO’s responsibility to assess the damages caused and decide whether the bond should be slashed to make up for any incurred losses. In this case the hack and its cause and impact can clearly be identified, it is therefore proposed to slash CoW DAO’s Bonding Pool in the size of the funds drained by the hack in order to refund the CoW settlement contract.

It is important to note here that CoW DAO’s Bonding Pool was created with help of CoW DAO’s own funds. The rationale behind setting up CoW DAO’s own Bonding Pool was to reduce the entry barrier for new solvers. Solvers have to undergo a vetting process before being added. The Barter Solver has been collaborative since the occurrence of the hack and already made a transfer of 166,300 USDC to COW DAO’s Bonding Pool, covering the total amount proposed to be slashed in order to cover the incurred losses in the settlement contract.

Motivation / Rationale

CoW DAO is aware that the funds stored in the CoW settlement contract are exposed to some risks due to the nature of the solver competition: in order to ensure optimal execution, solvers are allowed to tap into the funds stored in the CoW settlement contract (called the “buffers”) to replace certain AMM interactions and thus save on gas, reduce execution risk and thus improve the overall user experience. In order to mitigate the risk of solvers exploiting their access to the buffers and thus causing financial losses to CoW DAO, solvers have to join a bonding pool before being allow-listed. This bonding pool mechanism was set up under CIP-7, which requires solvers to deposit $500,000 worth of cUSDC and 1.5M COW tokens as collateral. In the event of malicious behavior or a hack, it is CoW DAO’s responsibility to slash part of the solver bond to cover for the losses incurred.

A list of the events in order of occurrence:

  • The Barter Solver got whitelisted and added to the CoW Bonding Pool on Jan 27th (tx link)
  • Shortly after, the Barter Solver set an approval to a contract allowing arbitrary calls (tx link), allowing for anyone to use this approval to transferFrom
  • The Barter Solver noted security issues and therefore deployed a new contract which has no arbitrary execution code functionality built in (link), but didn’t clear the allowances set to the old contract
  • Feb 7th, a hacker exploited the old contract and drained about $166K in funds from the settlement contract. (link)
  • Feb 7th, the Nomev Team, which is responsible for the handling of the settlement contract delegated by and on behalf of CoW DAO, revoked all approvals from the old contract and denylisted the Barter Solver
  • Feb 7th, a few hours after the hack, the Barter Solver sent 166,300 USDC to the CoW Bonding Pool (tx link)

Based on the events and the collaboration of the Barter Solver in the aftermath of the hack, no malicious intent by the Barter Solver can be determined. However, due to the gross negligent failure of revoking previously set approvals by the Barter Solver, CoW DAO incurred financial losses of $166,183. It is therefore proposed to slash the bonding pool the Barter Solver is part of in the full amount of the funds lost in the hack and send those funds to the Solver Rewards Safe to cover the lack of fees withdrawn from that week.

Though now having occurred for the first time, it’s important to stress that this is an intended process. Decentralization is insured by a diverse set of solvers and there should explicitly not be an entity controlling and overseeing each solver’s strategies and blockchain interactions. The bonding pool and slashing set-up is the risk mitigation for letting every solver access the settlement contract, adding a lot of efficiency, in the interest of the users!

Given the facts of the matter, the Barter Solver is free to rejoin the pool in case this proposal passes and the reimbursement process of both the CoW settlement contract and the CoW Bonding Pool is completed.

Specification

  1. Withdraw all USDC from Compound
  2. Claim COMP rewards
  3. Slash the CoW Bonding Pool by sending 166,183 USDC to the Solver Rewards Safe to refund the losses incurred by the hack.
  4. Reinstantiate the bonding pool using 500k USDC (including 166,300 USDC compensation received from the Barter Solver), by depositing to Compound v2. This ensures that the requirements of CIP-7 are met and sufficient funding is available in the CoW Bonding Pool for the continuous operation of its participating solvers.
  5. Send all remaining funds in the bonding pool safe (generated from bonding pool yield) to the treasury management safe: 3.4k USDC, and 41.4 COMP

Safe Transaction Data

{
  "version": "1.0",
  "chainId": "1",
  "createdAt": 1676629079000,
  "meta": {
    "createdFromSafeAddress": "0xcA771eda0c70aA7d053aB1B25004559B918FE662"
  },
  "transactions": [
    {
      "to": "0x5d4020b9261F01B6f8a45db929704b0Ad6F5e9E6",
      "value": "0",
      "data": "0x6a76120200000000000000000000000040a2accbd92bca938b02010e17a5b8929b49130d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000140000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000004848d80ff0a0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000042f0039aa39c021dfbae8fac545936693ac917d5e756300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024db006a750000000000000000000000000000000000000000000000000007dcaa770f325c003d9819210a31b4961b30ef54be2aed79b9c9cd3b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000841c3db2e00000000000000000000000005d4020b9261f01b6f8a45db929704b0ad6f5e9e60000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000100000000000000000000000039aa39c021dfbae8fac545936693ac917d5e756300a0b86991c6218b36c1d19d4a2e9eb0ce3606eb4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044a9059cbb000000000000000000000000a03be496e67ec29bc62f01a428683d7f9c20493000000000000000000000000000000000000000000000000000000026b14757c000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044095ea7b300000000000000000000000039aa39c021dfbae8fac545936693ac917d5e7563000000000000000000000000000000000000000000000000000000746a5288000039aa39c021dfbae8fac545936693ac917d5e756300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024a0712d68000000000000000000000000000000000000000000000000000000746a52880000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb4800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044a9059cbb000000000000000000000000616de58c011f8736fa20c7ae5352f7f6fb9f066900000000000000000000000000000000000000000000000000000000cc6e6c6200c00e94cb662c3520282e6f5717214004a7f2688800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044a9059cbb000000000000000000000000616de58c011f8736fa20c7ae5352f7f6fb9f06690000000000000000000000000000000000000000000000023ee31eb50b15fa640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000041000000000000000000000000ca771eda0c70aa7d053ab1b25004559b918fe66200000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000"
    }
  ]
}

Tenderly Simulation

Link to Tenderly simulation

Continue Reading
Connect Wallet to Add Note
0
Votes 501
VoterCast PowerVote & Rationale
0xF7AC...D6EAf5
14.286M

For

0xa86f...471E82
14.286M

For

0x57C2...a2D52f
4M

For

0x9Dbc...21C199
3.571M

For

0x21e6...1EcbC5
3.571M

For

SHOW MORE
VOTE POWER
0
Connect Wallet
Proposal Status
  • Fri February 17 2023, 11:57 amVoting Period Starts
  • Fri February 24 2023, 11:57 amEnd Voting Period
Current Results

1-For

47.034M

99.9%

2-Against

29,223.937

0.06%

3-Abstain

18,521.321

0.04%
DocumentationBrandingContact Us
Home
This Project is Currently Disabled

If you would like to enable it, please checkout below.

Boardroom Subscription

Sign up for an individual subscription (access all projects on the platform)

Subscribe
Enable Project

Enable the entire project for every user

Enable Project
Contact Us