Bounty to Hacxyk for fallback oracle misconfiguration
This proposal releases the 50'000 USDC pre-approved by the Aave community on forum and Snapshot to the Hacxyc team, for their finding concerning a misconfiguration on Aave v3 fallback oracle.
During the past month of April, the security firm Hacxyk disclosed to the Aave community a misconfiguration on the fallback oracle used for Aave v3 pools across markets. This disclosure was analysed from a technical perspective and a bounty proposed to the Aave community to approve HERE. After having support in both forum and Snapshot, this on-chain proposal will release the pre-approved 50'000 USDC to Hacxyk.
Governance discussion: https://governance.aave.com/t/bgd-proposal-for-bounty-fallback-oracle-misconfiguration/8421
This proposal exclusively releases 50'000 USDC from the Aave V2 Ethereum collector, to the Ethereum account provided by the Hacxyk team.
The implementation can be found on https://github.com/bgd-labs/aip-hacxyk-bug-bounty/blob/main/src/contracts/PayloadBountyHacxykFallbackOracle.sol
Simple tests can be found on https://github.com/bgd-labs/aip-hacxyk-bug-bounty/blob/main/test/PayloadBountyHacxykFallbackOracle.t.sol
PayloadBountyHacxykFallbackOracle = https://etherscan.io/address/0xF4294973B7E6F6C411dD8A388592E7c7D32F2486#code
Copyright and related rights waived via CC0.
Your voting info