Reimbursement for four users affected by a ALE UI Bug

FiRM
1

Summary

This proposal seeks DAO approval to reimburse four users impacted by a UI bug in the Accelerated Leverage Engine (ALE) that resulted in sandwich attacks during their deleverage operations. The bug has been identified, and a fix implemented. We propose utilizing Treasury DOLA to reimburse these users for their documented losses, totaling approximately 21,898 DOLA.

Background

The ALE is a feature within FiRM designed to facilitate leveraging and deleveraging of collateral for users by performing multiple actions in a single transaction, including minting and burning DOLA without affecting the total supply. It enables users to flash mint DOLA for collateral purchases or debt repayments, reducing risks associated with multi-step transactions and improving efficiency. Despite its widespread use and adoption, a recent bug in the UI logic was identified that affected in some cases the minAmount parameter during deleverage operations. This issue exposed some users who didn’t take additional precautionary measures to MEV sandwich attacks.

Analysis

With the help of the Analytics Working Group, an investigation revealed that four transactions were affected by this bug, with a combined loss of $21,897 across four wallets but predominantly from one. The UI used for those cases displayed an incorrect minAmount during deleverage, creating conditions for MEV bots to execute sandwich attacks. The impacted users have been identified, and losses have been verified using on-chain data. Safeguards have been implemented to prevent similar incidents, including UI fixes and MEV protection recommendations. To reaffirm the DAO’s principles of accountability and user trust, we propose reimbursing these affected users from the DAO treasury.

On-Chain Actions

  1. Transfer 18,187.70 DOLA from DAO Treasury to 0x75E70dB620d5491f69526E22355236f65B46834E
  2. Transfer 2,959.38 DOLA from DAO Treasury to 0x9c0D1F4a029c46265831D120DeE9CDc72F0aB3C3
  3. Transfer 453.37 DOLA from DAO Treasury to 0x1e121993b4A8bC79D18A4C409dB84c100FFf25F5
  4. Transfer 298.03 DOLA from DAO Treasury to 0x154001A2F9f816389b2F6D9E07563cE0359D813D