Statement on 0VIX Exploit and Next Steps

In late March, the Polygon DeFi project 0VIX listed vGHST as an asset on its protocol. This was not an official collaboration between Gotchi Vault and 0VIX, and the only liquidity provided for vGHST on 0VIX came from community members. Early on in the listing process, the Vault Managers answered questions from 0VIX about how our vGHST contract functions, and pointed them towards the code for the oracle that was previously deployed for vGHST’s use on Qidao. The Vault Managers were not asked to nor did they review 0VIX’s implementation of this oracle logic in their contracts. Ultimately, 0VIX decided that vGHST could not be listed as a collateral, but could be borrowed by users backed by other collateral. At the time, the Vault Managers expressed serious concerns that this would only allow 0VIX users to short vGHST/GHST, and would have no benefit for the vGHST project.

Two days ago, an exploiter took advantage of the way 0VIX integrated the vGHST pricing function into 0VIX and the uncapped amount of risk from this new asset (along with the fact that 0VIX smart contracts allow for funds to be deposited, borrowed, and liquidated in a single transaction) and was able to extract several million dollars of 0VIX user funds from the protocol. Although security professionals are still breaking down the exploit, our understanding is that one of the first steps taken by the exploiter was to leverage borrow a large amount of vGHST on 0VIX, then borrow a large amount of GHST from Aave and send it to the vGHST contract, effectively raising the price of vGHST by 70% (the vGHST contract calculates the conversion of vGHST to GHST by tallying the sum of how much GHST is sitting in the contract and how much wapGHST (wrapped-Aave-Polygon-GHST, a separate ERC-20 token) is staked on Aavegotchi’s farming contract earning GLTR). Having raised the price of his own debt, the exploiter was able to liquidate himself, making off with the borrowed funds and his initial collateral. The exploiter then market bought a large amount of GHST to repay the Aave flashloans, essentially depositing his exploited funds into the Aavegotchi DAO LP and withdrawing GHST.

So what funds were left where after this exploit? A large amount of 0VIX user funds were left sitting in the GHST LP, as GHST had been swapped to repay flash loans. A large amount of Aave flash loan GHST was left sitting in the vGHST contract, roughly 800k GHST. And the remaining 0VIX user funds were used to repay additional flash loans taken out, with any excess extracted as profit by the exploiter. Our understanding is that all vGHST was drained from the 0VIX contract, and that there are currently about 200,000 vGHST worth of deposits on 0VIX that do not have liquidity to withdraw.

Almost immediately, market participants began selling into the extreme price spike (GHST went from ~$1.12 to ~$2.50) that the GHST purchase caused, extracting the entire amount of exploit funds from the GHST LP within 2 hours.Additionally, some vGHST users, seeing that the value of their vGHST had increased, began withdrawing their vGHST for GHST. The way the vGHST withdrawal function works is it first withdraws funds that are simply sitting in the vGHST contract, to maximize the funds that are staked for GLTR at the Aavegotchi farm. Very quickly, users extracted the bulk of the excess GHST that was received in the exploit; there is currently 34,000 GHST sitting in the vGHST contract. All user funds from pre-exploit are still safe, roughly 2.3m wapGHST. We should again reiterate that the 2.3m wapGHST are user deposits that pre-dated this exploit; the 34,000 GHST are remaining funds left from the exploit.

Prior to this exploit, the Vault Managers did not have the ability to pause withdrawals; our top priority has always been to ensure that user funds always remain safe and available. At the insistence of the 0VIX team, we reluctantly upgraded the contract to pause withdrawals, and have spent the past day and a half digging into the exploit and assessing next options to put forward to the DAO. Unfortunately, we have not arrived at an internal consensus of the best next steps.

0VIX wants us to withdraw funds from the vGHST contract to bring the GHST/vGHST ratio down to where it was pre-exploit, and give them those funds to partially reimburse their users. Pre-exploit, the ratio was roughly 1 vGHST = 1.04 GHST. Now, the ratio is 1 vGHST = 1.78 GHST. Bringing the ratio back to pre-exploit levels would entail withdrawing nearly 1m GHST from the contract. As noted above, this would be taken almost entirely out of pre-exploit wapGHST funds, as the Aave flash loan GHST that was deposited to the contract is mostly gone, and would lead to an additional extraction of approximately $1 million from the Aavegotchi DAO-owned GHST LP if 0VIX sells these funds.

The Vault Managers have identified the following points of potential concern:

1. As noted above, our top priority has always been ensuring the safety of user funds. We are equally motivated to protect the integrity of our own smart contracts, and the decentralized nature of this project. User funds (the staked wapGHST) have never been directly withdrawn before outside of the usual enter-exit functions. There is no precedent for this in our project, and the Vault Managers are not comfortable making this decision unilaterally. A step of this nature should come from the DAO.

2. In the complex world of DeFi, it is unclear that the GHST that was deposited to the vGHST contract should be returned to 0VIX. These funds were initially an Aave flash loan, which was paid off with GHST extracted from the Aavegotchi DAO GHST LP. 0VIX users lost stable coins and vGHST; at this point, the vGHST contract is left holding mostly wapGHST, a different token.

3. GHST was never a product offered on 0VIX. For 0VIX to refund users using the GHST, they would necessarily have to either market sell it or otherwise extract value from the Aavegotchi ecosystem, leaving the Aavegotchi DAO footing the entire bill (since the exploit funds have long since been extracted from the GHST LP).

4. Removing the funds at this point could have unintended consequences for vGHST users, as it would result in a 40% drop in price of the vGHST token. Some users actually entered the vGHST contract between when the exploit occurred and when we paused the contract; these users would lose 40% of the value of their minted vGHST. We are also concerned that vGHST holders at Qidao could be liquidated as a result of dropping the price like this.

5. We are concerned what the impact would be to the GHST token of 0VIX selling GHST token to repay their users their lost funds. 0VIX has indicated that they would not market sell it all immediately

With all this in mind, the Vault Managers see a few options for the DAO to consider and are putting this forward as an emergency vote. The Vault Managers are not taking a position on which option is the best choice, as we are internally conflicted:

1. Withdraw a sufficient amount of user-deposited wapGHST from the vGHST contract to bring the GHST/vGHST ratio back to pre-exploit levels and send the excess funds to 0VIX

2. Do option 1, but rather then sending the excess funds entirely to 0VIX, send 200k vGHST to 0VIX to make their vGHST depositors whole and send remaining amount to the Aavegotchi DAO liquidity multisig to replace the GHST that was extracted from the LP, which would effectively allow the Aavegotchi DAO to decide what to do with the funds.

3. Do nothing, unpause the vGHST contract

We are posting this as an emergency 48 hour snapshot for DAO consideration. vGHST withdrawals will remain paused in the interim