Locked $75k in Marketing & Comms Multi-sig Post Mortem

tldr: a proposal sent 75,000 USDC to a contract, intended to be relayed to the marketing/comms multi-sig, but the contract cannot relay ERC20 tokens and is non-upgradeable, so the funds are locked in the contract forever.
This failure was due to negligence by DXdao governance & REP holders and miscommunication & incorrect assumptions amongst contributors. Below is a recap of events and some quick lessons learned. Please add any additional details or questions below
.

Some Background

Some things that went wrong:

  1. DXdao governance failed to perform adequate diligence on a funding proposal, leading to the loss of $75,000. There was a missed opportunity in the 24 hour boosting phase as well as the 7 day voting period to verify the proposal and recognize the error.
  2. There was confusion on funding smart contract wallets after problems encountered after the Berlin hard fork. As a result, a relayer contract was used, even though it was not needed, because the proposal was to send an ERC-20 token. This was a miscommunication based on a series of incorrect assumptions.

Some things that should be done next time

  • More attention and scrutiny of all DXdao proposals on Alchemy
  • When using any new contract for the first time (ETH or ERC20), a small test transaction should be used before using large funds.
  • The specifics of the proposal execution should be included in the proposal text, ie “sending XXX to relayer to be sent to multi-sig”
  • Better understanding of how DXdao operates on-chain and explanations for how new tools & infrastructure work. More communication and verification of on-chain proposals.
6 Likes

In crypto, ‘boating accidents’ are not just an occurrence.
Juggling multiple teams with multiple products with bases on L1s, L2s, sidechains… they are pretty much inevitable.
I love the honesty and transparency.

This comes across as a lot of finger pointing at “the community” whilst those who screwed up remove themselves from any blame. Looking at the alchemy proposal there was one vote in favor of the proposal, without which the proposal wouldn’t have passed and $75k of investor’s money wouldn’t be lost.

Sorry but I see a massive lack of accountability from those actively involved in losing $75k of investor’s money:

No it was not. The 1st degree of culpability clearly lies with those contributors actively working on this proposal, which includes the creator of the proposal and those who voted for it, of which I only see one. You can take another step and put some blame on active contributors who could and should pay closer attention to all proposals, but that’s not entirely realistic especially, for the many contributors with limited tech understanding. Putting blame on unpaid REP holders at large is preposterous, especially when a lot of DXdao’s operations happen behind closed doors.

Instead of pointing at an imagined crowd, it would be helpful for those contributors actively involved in the mess-up to be held accountable and implement mechanisms to reduce the risk of this happening again.

As a first step, the proposal creator’s and the voter’s REP should be shaved by something like 25%, at the very least. This proposal passed with 1 vote, and the voter had more than 5% REP, which is a good chunk of total REP and above the supposed 4% cutoff.

End REP of Proposal Voter = 4% - 25% of 4% = 3%
End REP of Proposal Creator = 0.4% - 25% of 0.4% = 0.3%

Since it’s clear from the alchemy UI who made the proposal, in the name of transparency, it would also be helpful if this voter holding significant REP could step forward and identify themselves.

1 Like

It’s sad that this happened, but I believe it’s possible to blacklist the multi-sig address by USDC contract (requires some processing time by Circle). Then, Circle can mint USDC to the DAO’s treasury. We should discuss this possibility.

4 Likes

Great idea. This path should be pursued, instead of shrugging a $75k loss of investor’s money off like it was nothing.