Our protocol was just released last month and we have been steadily building our TVL to $24M. We had $9M in deposits. We chose to build a core part of our protocol on Fuse and our users trusted us with it.
Unlike other pools, all of our collateral was deposited by individual users, we didn’t have any direct deposits from FRAX/FEI or other protocols. More than 1500 individual users are affected.
Obviously, our community is in favor of a full refund. We really appreciate the quick response from Rari and FEI and we are really encouraged by all the positivity coming from the TRIBE.
Our pool grew pretty quickly and became a top 10 pool on Rari. We plan to continue growing our protocol and our fuse pool deposits. Our community is watching this proposal closely and hoping for a favorable resolution.
As a long-term user of Fuse and a relatively new community member, I am pro full reimbursement. I believe that despite a full reimbursement having a short-term dilutive effect to the Tribe token price, the long-term benefits of covering all users in full in this unfortunate event is EV positive for Tribe (or at bear minimum, less EV negative than not doing a reimbursement at all or doing a reimbursement that leaves users feeling weary).
Key points for full reimbursement:
Given that the exploited pools remain unusable without reimbursing directly into the Fuse bad debt (as per said by Joey above), it seems unlikely that all the current managers would be interested in creating new pools in the future to replace the exploited and currently dormant pools if no full reimbursement is made. Likewise, it seems unlikely that all users, especially those of the institutional kind, would eagerly return to use Fuse pools if trust cannot be restored. The loss of trust of current users, supporters, partners and contributors would be very difficult, if not impossible to win back and that would in my mind eat much of the future growth and earnings potential of the ecosystem.
Despite saving money if not reimbursing in full, the DAO would likely have to a) significantly ramp up marketing spending to try to retain distrusted users and to sanitize the public perception of the protocol as a trustworthy companion and b) still likely lose some part of future protocol earnings due to lack of trust from the community. I am not certain that increased marketing spending combined with smaller expected future earnings would be less EV negative than the short-term dilution to the token price now from a full reimbursement. The effects of dilution now are much better known and predictable than the effects of negative externalities that would come out of no reimbursement/poor reimbursement.
Positive externalities such as positive publicity and retain of trust from full reimbursement can be self-reinforcing and although difficult to value, the network effects in the long-term can surely be EV positive. With the $50M reimbursement being ~16% of protocol equity and only ~8% of FEI PCV, I believe that the long-term benefits of retaining trust and having those network effects kick in are much more valuable for the future earnings of the Tribe community than the short-term dilution of at maximum the ~16% to the Tribe token value.
Trust is hard-earned, easily lost, and difficult to re-establish. to remain on a path of growth, I hope that we do the right decision and choose to retain the trust and companionship of our users and partners.
I totally get that and I probably phrased it wrong. I think using PCV, for this reason, was not previously decided by Tribe or Rari, and using the PCV as an insurance fund could set a dangerous precedent for future Fei adoption in the broader space.
However, given this shortcoming, I still feel in this case, repaying the bad loans is the best way forward. But in the future, this way of indirectly insuring Rari with PCV should be forbidden.
some things I’m considering:
1/ does a one-time reimbursement with an explicit policy of not reimbursing future hacks actually repair brand value? v unclear to me
2/ if the policy becomes to make-whole all exploits, how does that affect TRIBE valuation (~future PCV discounted minus EV of liabilities?) going forward
3/ if the policy becomes to make-whole all exploits, how does that affect blackhats’ ability to profit from future hacks? (e.g. can they short TRIBE pre-hack to get significant leverage on stealing funds?)
are these downsides larger or smaller than the brand hit from the hack?
In favor for a full refund. Rari and Tribe DAO are the same family now. I think the refund could be done using FEI. Issuing TRIBE in this low prices, will dilute more the current holders in a low valuation.
Build trust with partners (including other DAOs) and keep Fei peg safe is two high priorities imo. That’s why the discussion of hiring or building insurance for TRIBE products is important. While refund is important, it is also essential that TRIBE holders feel comfortable that PCV and FEI peg will not be in danger in case of future refunds.
it’s not an explicit policy of not reimbursing future hacks. Tribe DAO will not be providing any future insurance on Fuse until further discussions are had. There may be additional discussions regarding Fuse insurance. And the Fuse insurance, I think, should be KPI based. Directly linked with the revenue generated by fuse pool.
I thought the policy should’t been make-whole all exploits, the FEI’s peg still priority for TribeDAO, therefore an Insurance is important in the furture.
To sum up my take on the crisis. At the moment Tribe customers, both present and future/potential, are asking themselves questions:
what happened? how was it possible given multiple security audits? what’s going on inside the DAO?
what now? I entrusted you my capital, did you deserve that trust?
what next? how does your culture work? can I entrust you my capital ever again?
And they’re closely following DAO’s actions right now.
Ironically, Tribe DAO as well as DeFi at large, turns out to be in the trust business. It’s just that trust here concerns technical and organisational/cultural reliability. Tribe’s primary product is a stablecoin, a trust-driven financial vehicle.
IMO, now Tribe is in the not-so-optimistic mode from the outsider viewpoint.
The path forward is to win back trust of both present and future customers, their confidence that they can entrust their capital to Tribe DAO. It’s not easy especially given competition. To address questions above:
100% transparency about circumstances that led to the exploit. It was not a hack, it was a dev’s mistake as a result of negligence apparently enabled by the broken internal culture, which the perpetrator has taken advantage of. Full-scale assumption of responsibility by the DAO and devs in particular. Yes, we fucked up, no question about that.
Full reimbursement, no question asked. It’s part of responsibility assumption and winning back trust. Possible sources: PCV, Treasury, minted Fei, dev’s own equity, some combination of these. Support the idea to infuse liquidity directly into the affected pools.
Open and independent review of the organisational and cultural issues that led to this crisis. Preferably nominate an ad hoc commission. You can hardly investigate your own problems on your own. + Introduction of a dedicated PCV (Treasury) buffer/insurance mechanism to cover up for (possible) future non-market losses. E.g: an insurance pool, where funds could be staked for insurance premium, such that these funds could be used as a collateral in a crisis like the current one. Now Tribe has to prove to future customers that they can entrust it their millions of $ again.
Yes, there’re good possible outcomes. It’s not too late to reverse things. But have no illusions, there’re bad outcomes as well. And the reality will depend on the choices the DAO makes.
As an inspiration/reference here is an interview of Ben Horowitz, a legendary a16z cofounder, discussing ways of handling culture and crisis at places like Facebook, WeWork and Boeing (the B737 MAX crisis):
I also recommend his books on the importance of organisational culture and ways to handle crisis:
I would like to see how much revenue TRIBE is making from RARI as a product. While our reputation as TRIBE matters, so does making sound business decisions. Is putting 50 Million into a product offered by TRIBE (because that is essentially what Rari is now) worth it from an ROI perspective ? We already swallowed 10 million in the merger , did we get 10 million in value?
If fuse is generating a solid ROI then we should definitely do a full reimbursement.
If it’s so so then we need to look at the future growth potential of the product.
While I agree that doing a full reimbursement is the best brand image move for TRIBE, but with two hacks on RARI Fuse pools in just over a year it might make TRIBE appear to be a bad operator if we pile more money in and another hack happens down the road. Reputation is everything.
Yes, it is important to do some KPI calculation, but according to the current situation, we can do a simple math, and full reimbursement is definatively the best choice, otherwise antoher 20m PCV stucked in the fuse pool, also lost all our reputation.
reimburement could save addationly 20M PCV and continue all the work.
Personally, I think the best option currently is sell some small portion of PCV, and do the reimbursement ASAP.
By doing this, we can lift another 20M stucked PCV currently in the fuse pool. and restart the fuse pool, and focus attention to the xTribe and Turbo things.
Things should been done step by step, the top priority of courese is resume the function of Fuse pool, and then fine audits about code, only then we could talk about explict insurance policy.
According to many tech explaination of the exploit above, Fuse Pool is a fork of compound, a long time tested protocol, the only bug result to current exploit is a “stupid” change of the original Compound code. After fix it, and audit it, the safety level should be aligned with Compound.
And many affected capital in this exploits belong to partners, who build protocl base on fuse pool, it’s less likely to abandon their choice considering the unique feature of Fuse pool.
Of cource, future insurance is important, but the most critical problem we face now is solving the fuse pool problem, future insurance should been talked later when communities are confidence with fuse’s saftey.
We have a lot of thoughts on the current state of affairs, and think that comments by users in this thread so far generally sum up well our feelings on why it is best to move forward with a full reimbursement ASAP, to protect faith in the brand, make the pools usable/closeable, and avoid any further potential hiccups from unhappy users might pursue real-world actions which would further hinder the teams operations.
A few things we’d note:
Moving forward there should be explicit commentary relating to TRIBE/FEI/PCV responsibility for such exploits/hacks. If the community has voted that the protocol will not be responsible for fuse moving forward, or only x% amount of value would goto cover issues based on abc, this would be much better and acceptable as users would know the risks of what they are getting into. So basically we dont think reimbursement should be a given in the future.
We are super supportive of reduced number of pools supported by fuse. In our mind, fuse should ONLY be whitelisted verified pools which somehow support FEI/TRIBE ecosystem. For instance, all supported core pools should be ones that must support FEI/TRIBE, in fact have a preference for FEI over other stables, which will effectively require pool users to rely more on FEI stablecoin as opposed to others, driving value to the protocol and swap fees to fei/stable pairs. We would be happy to do this in 0xb1 Kitchen sink, even divert FODL supply incentives to FEI only instead of USDC/DAI etc–> and in fact ADD to these rewards (few million more FODL).
2b) If FEI becomes the standard required on fuse to enable independent operators to propose pools, all the better for FEI/TRIBE.
The good will built up by reimbursement will put TRIBE on another level compared to other stablecoins, and breed faith from institutional providers. If FEI/TRIBE is viewed as the first decentralized stablecoin issuer to “do it right”, even if further issues may not be covered, it will show a level of professionalism and trust that is second to none in the space.
Those of us who would be made whole will definitely be not only prone to continue and increase usage of Fuse, but also likely come into the Tribe community as long term believers/supporters (and potentially use FEI much more as described in above point). Word of mouth is one of the most important facets of the ecosystem, and those of us made whole by Fei/Tribe community you can be sure will be vocal about it–> forever.
We personally commit 0xb1 devs resources and connections to reviewing code updates for Fuse on an ongoing basis. We have extensive experience with borrow/lend platforms and have never had security issues with the platforms we have built.
While not reimbursing may have the effect of not diluting Tribe equity in some peoples views, we believe the risk of angered users taking real-world action against Fei labs in some way shape or form will end up being even worse for the protocol than reimbursing, and create more hinderance to the team continuing good work and development than reducing PCV by < 20%. Remember, even if such real-world actions are not in the end fruitful on the angry users’ part, they will absolutely cause headaches and delays to standard operations. NO ONE WANTS THAT.
Even before knowing the outcome of this forum proposal or seeing a final governance proposal, 0xb1 team has begun buying TRIBE. As a good faith action. If full reimbursement is made, we plan to work closely with the Rari/Fei/Tribe team to make Kitchen Sink pool one of the future verified and supported pools long term, focus on rewarding usage of Fei over other stables, including tribe as collateral, and spend more time and resources helping the product grow in the direction determined by the team and community.
We think it is incredibly lucky that PCV has enough behind it to even consider reimbursement without a > 50% hit to its equity/backing. Few protocols have been in such a position before. This only strengthens our belief that doing “the right thing” and moving forward with full reimbursement will reverberate throughout the ecosystem and put tribe/fei in a category of its own, while still limiting future responsibility by explicitly stating user born risks vs protocol born risks from the outset of launch of the next iteration of Fuse pools.
We are open and available to discuss anything we’ve said, further expand thoughts, and discuss how the 0xb1 & Fodl ecosystems can get further involved in supporting Rari, Fei, Tribe, and their goals.
