RFP-53: Community Vote on Remediating Unlimited Approval Losses

Abstract

RFP-53 introduces a structured plan to address wallet-level losses resulting from unlimited token approvals exploited during the security breach on October 16, 2024. Unlike previous proposals focused on depositors, this proposal targets users whose wallets were drained via hijacked lending contracts exploiting open-ended token allowances.

RFP-53 asks the community to vote on whether the DAO should pursue remediation for this class of users. If approved, a follow-up proposal (RFP-54) will define the remediation terms, including funding, remediation periods, discounts, and implementation details.

RFP-53 proposes a two-stage process to determine whether the DAO supports addressing wallet-level losses from the exploit.

Motivation and Rationale

On October 16, 2024, Radiant suffered a sophisticated security breach, resulting in the loss of over $50 million in user deposits and the associated unclaimed locked dLP rewards (real yield from protocol fees). In addition to these losses, the hijacked lending contracts were able to drain funds directly from users’ wallets that had interacted with them in the past, with improper use of the unlimited allowances, leaving open-ended unlimited allowances. While the team collaborates with security experts and law enforcement authorities to retrieve funds, a plan, if ratified, is necessary to start addressing this class of unlimited allowance users and restore confidence.

Unlimited approvals are a longstanding risk in DeFi, often misunderstood or overlooked by users. This user class differs meaningfully from previous RFPs (e.g., RFP-47), which focused on depositors. Although users did grant these approvals, the DAO and ecosystem also enabled workflows and UX patterns that encouraged them.

To preserve integrity and enforce clarity in the DAO’s governance flow, the community will now vote on the foundational question first—Should the DAO remediate losses stemming from Unlimited Allowances?

If and only RFP-53 is approved, RFP-54 will be presented to the community.

RFP-53 & RFP-54 Decision Tree

After deliberating with the community and completing a survey with Feedback 104, this first-stage proposal (RFP-53) seeks only to determine whether the DAO shall remediate these losses at all. If approved, a follow-up proposal (RFP-54) will allow the community to decide how the remediation should be structured.

Remediation Goals

• Keep a record of losses for 2024, 2025, and possibly beyond.

• Merge all assets into a single stablecoin if voted for.

• Design claim contracts if voted for.

• Deploy Unlimited Allowances Claim Contracts in the Remediation Portal if voted for.

• Scope of remediation:

  The Radiant DAO, its partners, contracted security experts, law enforcement agencies, and many media outlets have done their persistent and level best since the hack date to keep the community and the public informed of the root causes, the progress made, and the immediate and necessary steps to address the risk of loss related to the use of unlimited allowance function of crypto wallets.

  However, the current data analysis scoped the 2024 exposure at $7.7M and the Q1 2025 exposure at $1.2M as of 3/31/25.

Key Terms

Claim Contract: A claim contract is a smart contract that allows users to securely claim assets or funds under predefined conditions.

Remediation Share: A remediation share in a claim contract represents a user’s proportional entitlement to the total amount of assets drained from users’ wallets based on their claim in %.

Specifications

Radiant DAO would deploy dedicated claim contracts on Arbitrum, enabling users to withdraw coins as the contracts are progressively capitalized.

Token Merges

To simplify the remediation effort and keep the number of claim contracts to a minimum, different assets will be dollarized and merged into a single stablecoin such as USDC.

Conversion Prices

Given the potentially lengthy remediation period, the DAO will organize the process into yearly phases based on a full calendar year. The conversion price will be the Volume Weighted Average Price (VWAP) for the given remediation period. The conversion itself will take place on the conversion effective date.

Withdrawal Mechanism

• The Remediation Claim Contracts would issue a %-based allocation based on the final tally of token merges.

• Capital injections would occur in multiple phases, and after each phase, the claim contract will allow users to withdraw assets proportionally to their share in a stablecoin.

Dust

1. Prior to merges, all balances below $1 will be classified as dust and set to zero. In these cases, balances under $1 are always treated as dust to simplify remediation efforts, reduce complexity, and streamline the process.

2. After merges, all balances below $10 will be classified as dust and set to zero. Retaining balances under $10 in the claim contracts would be gas-inefficient, as claims are repaid incrementally in small chunks. Balances below $10 would incur gas costs higher than the payouts received at each stage.

Repayment Schedule

Repayment could take many years. The Radiant DAO will make its best effort while balancing financial stability and ensuring ongoing operations. The repayment timeline would depend on various factors, including available resources, future revenue streams, and the outcome of this proposal. The Radiant DAO is committed to maintaining transparency throughout this process and will provide regular updates to all stakeholders regarding progress and any changes to the repayment schedule.

Remediation Portal

An easy-to-use interface will be provided to users to review and verify on-chain information, and follow the remediation process and status.

Remediation Portal Deployment Phases

Phase 1: A view-only UI, where users can check their balances by copy-pasting their wallet address into a field. After copy-pasting the user’s wallet address, the following is available:

• See their post-merge balances.

  Phase 2: Unlimited Allowances Claim contracts will become available.

• Wallet connection will be enabled.

• Claim contracts will be deployed and will be available in the Remediation Portal.

Hacked Fund Recovery

If hacked funds are partially recovered, the coins will be returned proportionally based on contract TVL into the RFP-47 claim contracts.

If sufficient hacked funds are recovered, the claim contracts outlined in this RFP will be repaid next. Any remaining funds will be held in reserve to address additional losses as specified RFP-53. Regardless of whether you are part of the RFP-47 Claim Contract group or the RFP-53 Unlimited Approvals user group, the recovered coins from the hack will be returned to all user groups in sequence, to the maximum of their pre-hack balances minus any amounts already distributed or voted upon.

Steps to Implement

User Asset Database

• Generate a continuous snapshot of users’ wallet assets drained by the hijacked lending contracts on Arbitrum and BNB Chain for the year of 2024, 2025, and possibly beyond.

• Develop a methodology to ensure 100% data accuracy.

• Build a Web2 database from the snapshot.
  Then depending on Vote:
  Merging all tokens into a stablecoin based on the merge logic.

• Develop an off-chain user interface (UI) that allows individuals to verify their claims, show post-merge assets, and show pricing data.

Contract Deployment

• Deploy claim contracts on Arbitrum.

• Add the ‘Unlimited Allowance Remediation Contracts’ to the Radiant Remediation Portal.

Cost Analysis

• Delays in the depositor remediation timeline.

• Direct remediation costs (up to $7.7M in 2024, $1.2M in Q1.2025, possibly more based on RFP-54).

• Potential diversion of DAO funds from growth initiatives.

• Long-term repayment obligations if phased over years.

• Build, test, audit, and deploy Unlimited Allowances section in Remediation Portal.

• Build, test, audit, and deploy new Unlimited Allowances claim contracts.

• Cover ongoing costs for management, support, and infrastructure.

• Data analysis and validation to ensure accurate Unlimited Allowances losses.

---

✅ Voting

Question: Shall the Radiant Capital DAO Remediate Losses Related to Unlimited Allowances?

Options:

✅ FOR – Proceed with developing remediation options (RFP-54 to follow)

❌ AGAINST – Do not remediate; end process here

⚪ ABSTAIN – No position, but contributes to quorum

If RFP-53 is Approved → Proceed with RFP-54: Framework for Unlimited Approval Loss Remediation

---

These links lead to Google Documents with possible personal information exposure. Use a temporary Google account or access the document in a private browser tab.

Addendum 1: Notice to users

Unlimited Allowance Loss Balance Checker Pages (2024, 2025.Q1)