[0IP-26] Restarting 0VIX on Polygon PoS

TL;DR

The community must vote on whether they approve the proposed method for restarting 0VIX PoS. As part of the proposal, the community must also decide what to do with ~$19.7k worth of protocol reserves. They can be slashed and therefore redistributed to affected users, or remain in the hands of the protocol.

Proposal:

The purpose of this proposal is to vote on the methodology and outcome of computations required to restart the markets affected by the 0VIX Protocol exploit of April 28th.

The proposal does not cover any topics related to further compensation for affected users which will be covered by a separate proposal.

Motivation:

Restarting the protocol is crucial as it determines the future of 0VIX. It impacts the user experience, trust, and reputation of the protocol, as well as the potential financial outcomes for users. The objective of this proposal is to decide on a fair and sustainable procedure for restarting the protocol that aligns with the goals and values of the 0VIX community.

Users should have the freedom to make their own decisions regarding their claims, which ensures transparency, flexibility, and empowers individual choice.

For an over collateralized lending market to be reopened safely, it must satisfy three fundamental protocol properties:

1. All user portfolios must be in an overcollateralized state where the amount of assets held as collateral is strictly greater than those borrowed.
2. Funds are either freely withdrawable or must earn real interest rates to incentivize borrowers to repay loans.
3. Incentives must be in place for liquidators to sanitize unhealthy borrower positions

A fundamental premise for reopening is a fair methodology for computing key variables, at the reopening block (“Optimized Methodology”). This proposal suggests a methodology that ensures fairness by satisfying the three properties above while simultaneously satisfying the following three user fairness rules:

A. Information Symmetry: Users that deposited funds and/or repaid loans after the pausing of contracts (by mistake or any other reason), should be reimbursed for those funds in full or as much as technically feasible. B. User Health: All borrower health factors should be as close as possible to what they were at contract pausing. C. Similar Portfolio: Relative asset exposure of user portfolios should be as close as possible to that which they had at contract pausing.

Details:

Reopening the lending market requires presenting a methodology for computing, at the reopening block, the following quantities for each asset type:

1. Every user’s outstanding loans
2. Every user’s available collateral
3. The available protocol reserves

These quantities are necessarily functions of the following protocol inputs:

1. The balance of underlying assets in each asset market at reopening (Sum of assets leftover at the soft-pause block, plus recuperated assets replenished into each market according to 0IP-21, minus funds withdrawn to reimburse users that repaid loans after the pausing block.)
2. The USD price of each asset at reopening
3. The average USD sell price of the recuperated GHST tokens as per 0IP-25
4. The snapshot of all user portfolio positions (alongside protocol reserves) as of the soft pause block
5. The oToken balances as of the hard pause block

What are the soft pause and hard pause blocks?

In the immediate aftermath of the exploit (Pausing markets requires the execution of multiple transactions – an example tx can be found here. Block height: 4205958), the 0VIX core team implemented an emergency upgrade to mitigate all further attempts by the exploiter to keep draining the protocol. As a result of the upgrades, no new funds could be deposited/borrowed on/from the protocol. This moment is referred to as the soft pause.

Due to an implementation accident, the MATIC market still allowed depositing funds (thus minting new oTokens). Furthermore, the high market utilization resulting from the attacker having borrowed close-to-all the funds on the protocol led to unrealistic interest rates across most markets which unfortunately lead a number of users (208 users in total) to repaying loans in an effort to protect collateral which simply didn’t exist anymore. To compensate for these complications another emergency upgrade was performed (block height: 42525154) which properly halted all new MATIC deposits and set all interest rates to zero.This moment is referred to as the hard pause. From this moment forward, the total outstanding oTokens in each market crystallized.

Why isn’t the exploit block used instead?

The exploit event (block height: 42054769) represents a moment in time when information about the consequences of the attack can be assumed to be maximally homogeneous. Aside from the attacker(s), nobody had any information advantage over anyone else. As such, it is reasonable to desire indexing all consequences to this last final moment of protocol pristineness. A number of technical problems arise however, due to user actions taking place in the 4812 blocks (2.6 hours) between exploit and soft pause, which are indistinguishable from regular protocol operations. Many users withdrew/borrowed funds which wouldn’t be recuperable even if their leftover funds on the protocol were slashed (in the majority of cases no such funds even exist). Many other users deposited funds and repaid loans. The actions are often interconnected whereby the funds deposited/repaid by one user were withdrawn/borrowed by others. Accounting for the regular intermixing of funds taking place between exploit and soft pause block is a complicated and ultimately futile task as it requires accounting for funds that simply are not deposited in the protocol anymore. On the other hand, following the soft pause, all funds can be straightforwardly accounted for and dealt with, albeit with some effort.

The relationship between oTokens and their underlying value in each market.

As detailed in the protocol documentation, oTokens are the fundamental unit for accounting what every user owns in each market. Consider the USDC asset market. At any given moment in time, the USDC market is defined by the following quantities:

1. Underlying assets which can be readily withdrawn or borrowed: (Q ^ USDC)
2. Outstanding loans owed by users to lenders: (L ^ USDC)
3. The total amount of oTokens held by all users in the market: (O ^ USDC total)
4. The total amount of oTokens held by each user j : (O ^ USDC j)
5. The protocol reserves: (P ^ USDC)

Given these quantities, the underlying collateral (C ^ USDC j) owned by a user j in that market is given by the following formula:

As explained in the previous sections, as of the hard pause block, all oToken amounts are fixed, as well as the total underlying assets as they are the sum of assets leftover at the soft-pause block, plus recuperated assets to be replenished into each market according to 0IP-21, minus funds withdrawn to reimburse users that repaid loans after the pausing blocks. The only degree of freedom is L, the outstanding loans owed by users to lenders in each market.

Upon choosing the loans each user must pay in each asset market, every other accounting aspect of the protocol is immediately derivable. As an example, let us assume that the above user j, only holds USDC as collateral and has one outstanding loan for some amount (L ^ MATIC j) of MATIC. Their net portfolio size would be:

Similarly, their loan-to-value ratio would be:

The loans each user must pay in each asset market at reopening define all other quantities related to the protocol and user positions.

Among these quantities derivable from the rescaling of the loans we note:

• Total collateral held in each asset market
• Total debt
• Net portfolio
• Loan-to-Value ratio
• Liquidation loan-to-value ratio
• Health factor

Satisfying User Conditions

Following the soft pause, 129 users collectively repaid the following asset amounts:

Token	Token Amounts
stMATIC	4282.934171
gDAI	266.092116
jEUR	5.518784
MAI	1746.687264
MATIC	1380.978785
USDC	8552.585799
USDT	15214.928002
DAI	3512.102243
ETH	1.220322
wstETH	1.213570
BTC	0.030460
MaticX	1773.509019

User Condition A is straightforward to satisfy by withdrawing all the above funds and airdropping them to the aforementioned 129 users. This reopening step, referred to as Operation 1, will revert the available underlying liquidity Q very close to its soft pause values. A further 79 users collectively deposited 7233.86 MATIC by minting oTokens between soft and hard pause blocks. Due to the sacredness of the oToken as a unit of account on the protocol, these user funds will not be withdrawn.

Following Operation 1, all funds and oTokens on the protocol will be reflective of the protocol’s state as of the soft pause block. Using the asset prices at the reopening block, as well as the average sell price of the recuperated funds, all quantities Q will be set across all markets. To satisfy User Condition B, it must solve an optimization problem seeking to assign loan amounts (L user ^ ASSET) to each user such that their new health factors are identical to the values (H user) they had at soft pause. This quantity is also unambiguous and can be queried from the blockchain. The MATIC funds deposited by the 79 users discussed above can be partially accounted for by boosting the soft pause health factor of all these users.

To satisfy User Condition C, it cannot be allowed for users to find themselves owing assets different from those they owed at soft pause. This constraint can be accommodated for by imposing that the new loan amounts be rescalings of the loan amounts owed at soft pause (shown below with a tilde ~). The unknowns thus become the rescaling factors (r user ^ ASSET) which also have the numerical property of being defined to be numbers between 0 and 1. The final formulation of the reopening optimization problem thus becomes:

In the above the asset collateral factors (l ^ ASSET) have also been introduced. For consistency, all quantities Q and L are to be interpreted in units of USD at the time of protocol reopening (consistent with USD being the unit of account on the protocol smart contracts). Prior to reopening the protocol (ideally as close as possible to the reopening block, and in coordination with 0IP-21’s market replenishment operations), this optimization problem must be solved and all user outstanding loans rescaled by the above (r user ^ ASSET) factors. Henceforth, this reopening step will be referred to as Operation 2.

What new security measures will be upgraded on reopening?

• Toxic liquidation measures (PoS and zkEVM)
• Toxicity Numbers as a new risk metric to assess how much of an asset is being actively used as collateral on lending markets versus how much liquidity is available to liquidate the collateral.
• EMA (Moving Averages) for onchain oracles (also available for zkEVM if required)
• On-Chain Circuit Breaker Integration (implementation in process)
• Real-Time On-Chain Monitoring and Security
• Advanced Asset Listing and Risk Scoring Process based on experience and best practices from risk scoring and credit underwriting in the traditional financial industry

To proactively address potential attempts at exploiting the oracle again, precautionary measures are being enacted. The custom oracle implementation introduces a certain level of risk, which has prompted the decision to maintain a partially paused status for the vGHST market. In this state, only repayment and withdrawal actions are to be authorized. These actions are further incentivized through a fixed high-interest borrow rate to encourage prompt repayment. Concurrently, the reserve factor has been raised to 100%, allowing the protocol to effectively capture the entire interest rate spread, which, in turn, encourages withdrawals. These two measures should rapidly phase out the market.

The gDAI markets also utilize a custom oracle implementation, although they do not present an equivalent level of risk. Consequently, integrating the Exponential Moving Average (EMA) into the gDAI market proves to be satisfactory. The integration of an EMA price calculation within the custom oracle implementation plays a crucial role in enhancing the oracle's capacity to withstand potential attacks and mitigate the impact of high volatility outliers. This, coupled with the pre-announced counter measures to toxic liquidation spirals, are expected to be sufficient for the safe reopening of the protocol.

What happens to the protocol reserves?

Following 0IP-19, the protocol slashed 734,998.437 USDC worth of reserves “earned” as proceeds of the liquidations executed by the attacker during the exploit. These reserves were effectively fictitious as the USDC market had been close-to-entirely drained by the attack. After subtracting the slashed amount, at soft pause, the protocol reserves stood at:

Asset	Supplied	USD Value
stMATIC	3310.8	$2,009.32
gDAI	890.75	$931.39
jEUR	960.9	$1,056.31
MAI	3840.91	$3,821.04
MATIC	5688.1	$3,896.35
USDC	6415.56	$6,415.64
USDT	6655.56	$6,657.49
DAI	4285.22	$4,285.19
ETH	2.74	$4,513.11
wstETH	0.14	$280.09
BTC	0.13	$3,928.56
MaticX	2132.33	$1,629.93
vGHST	19.88	$19.61

These quantities are not accounted for via oTokens, the protocol’s admin wallet simply holds these amounts as withdrawable allowances from each market. These amounts will have to be rescaled alongside every users’ outstanding loans. The rescaling amounts for the protocol reserve values can be computed in the same step as the optimization problem of Operation 2 by considering the protocol to be a user that only lends and assigning to it a fictitious oToken balance that is consistent with its reserves. Upon simulating a reopening at block height 46090000 (assuming a recuperated funds average GHSTUSD sell price of $0.90) the protocol reserves would amount to roughly ~$19.7k of real value.

As a secondary vote on this proposal the community must decide what to do with these funds. One option is to fully slash the protocol reserves thus redistributing the ~$19.7k worth of value to the users. The impact that this modest fund redistribution would have on the native asset balances in each market (following the same reopening simulation assumptions) can be estimated. Shown below are each market’s percentage boost.

Asset	Supplied
stMATIC	+0.65%
gDAI	+0.12%
jEUR	+0.12%
MAI	+0.27%
MATIC	+0.47%
USDC	+0.86%
USDT	+1.20%
DAI	+0.23%
ETH	+0.0002%
wstETH	+0.00004%
BTC	+0.000007%
MaticX	+0.20%
vGHST	+0.03%

Quorum Standards:

• 150k preVIX

Voting period:

• 5 days

Vote options:

• [Option A] Accept with slashing of reserves
• [Option B] Accept without slashing of reserves
• [Option C] Further discussion needed