• © Goverland Inc. 2026
  • v1.0.8
  • Privacy Policy
  • Terms of Use
Malda: Remaining Funds VoteMalda: Remaining Funds Voteby0xfC64a8cCd51448E36b058f1C3a1DDd6C36A0696c0xfC64…696c

Extract & Redistribute Remaining Funds from Paused Deployment

Voting ended 8 months agoSucceeded

Summary

This proposal outlines a secure method to extract and redistribute the remaining ~$57k (valued at time of extraction, July 31st 10am UTC) in user funds from the currently paused Malda deployment. The goal is to return all remaining funds to affected users in a fair and secure way, before permanently deprecating the compromised deployment and preparing for a fresh relaunch following the Sherlock audit.

Proposed Method

To extract and redistribute the ~$57K in remaining protocol we propose using a controlled version of the original exploit path, combined with temporary whitelisting of the protocol multisig. This lets us safely recover the funds without needing to recreate attacker like contracts or use certain admin actions.

Steps:

  1. Rebalance assets from the extension chains to Linea
  2. In a single atomic batch transaction from the multisig:
    • a) Set the migrator to the multisig address using setMigrator() on each merc20Host contract to assign the multisig wallet as the authorized migrator
    • b) Limit via whitelist function access with the protocol to only the designated protocol multisig
    • c) Unpause the protocol
    • d) Mint large amount of fake collateral using mintMigration() (only callable by the new migrator)
    • e) Borrow all remaining protocol assets against the minted collateral
    • f) Pause the protocol immediately after extraction to ensure no one else can interact with the depreciated protocol
  3. Convert extracted assets to USDC for standardized redistribution
  4. Distribute recovered value to users via a claim page, based on their USD deposit value at the time of the extraction

Why Not Other Approaches?

  • Whitelisting non-attacker wallets would trigger a bank run, draining liquidity unevenly. This undermines fairness.
  • Pro-rata redistribution in original assets would require complex rebalancing. Converting funds to USDC ensures speed and simplicity.

Distribution & Voting

  • Vote live from July 31st to Aug 3rd
  • Eligible voters: affected users based on their USD position value at time of protocol pause
  • A claim page will be set up for users to claim their funds post-vote
  • Claiming will be in USDC on Linea

Why Do We Need a Vote?

  • ~$57K in remaining funds belong to the community
  • We need a safe and fair method to extract and return these funds
  • A governance vote lets the community decide how this is done

Next Steps if the Vote Passes

  1. Extraction and conversion of remaining assets (~$57K) within a few days
  2. A claim page will be deployed where affected users can withdraw their share in USDC
  3. The current (paused) Malda deployment will be permanently deprecated
  4. Focus will shift fully to finalizing security upgrades and relaunching the new deployment of Malda
  5. Parallel to this, we’ll continue building up the Voluntary Recovery Fund to help restore the ~$285K exploit impact through fundraising, airdrops and protocol revenue (more on this here)

Off-Chain Vote

For
66838858.82undefined 94.8%
Against
2745521.28undefined 3.9%
Abstain
934406.22undefined 1.3%
Download mobile app to vote

Timeline

Jul 31, 2025Proposal created
Jul 31, 2025Proposal vote started
Aug 03, 2025Proposal vote ended