An SVG of an eye

Proposal overview

Bounty to Hacxyk for fallback oracle misconfiguration

Executed

Executed on 

Jul 11, 2022

Simple Summary

This proposal releases the 50'000 USDC pre-approved by the Aave community on forum and Snapshot to the Hacxyc team, for their finding concerning a misconfiguration on Aave v3 fallback oracle.

Abstract

During the past month of April, the security firm Hacxyk disclosed to the Aave community a misconfiguration on the fallback oracle used for Aave v3 pools across markets. This disclosure was analysed from a technical perspective and a bounty proposed to the Aave community to approve HERE. After having support in both forum and Snapshot, this on-chain proposal will release the pre-approved 50'000 USDC to Hacxyk.

Relevant links

Implementation

This proposal exclusively releases 50'000 USDC from the Aave V2 Ethereum collector, to the Ethereum account provided by the Hacxyk team.

The implementation can be found on https://github.com/bgd-labs/aip-hacxyk-bug-bounty/blob/main/src/contracts/PayloadBountyHacxykFallbackOracle.sol

Simple tests can be found on https://github.com/bgd-labs/aip-hacxyk-bug-bounty/blob/main/test/PayloadBountyHacxykFallbackOracle.t.sol

Target Contracts

PayloadBountyHacxykFallbackOracle = https://etherscan.io/address/0xF4294973B7E6F6C411dD8A388592E7c7D32F2486#code

Copyright

Copyright and related rights waived via CC0.

Your voting info

Voting results

YAE

362,190

AAVE

100.00%

NAY

0

AAVE

0%

Top 10 addresses

Votes

State
Executed

Executed on 

Jul 11, 2022
Quorum
Reached
Current votes

Required

362.19K

320.00K

Differential
Reached
Current differential

Required

362.19K

80,000.00

Total voting power

16,000,000

Proposal details

Created

Block

7 Jul 2022, 14:26 UTC +00:00

15095971

Started

Block

7 Jul 2022, 14:26 UTC +00:00

15095971

Ended

Block

10 Jul 2022, 17:06 UTC +00:00

15115171

Executed

11 Jul 2022, 16:13 UTC +00:00

Author

BGD Labs (@bgdlabs)