Harmony + AAVE

Reminds me of this:

Sources are sharing that FTX is raising money bit by bit and paying back institutional investors first. As soon as money comes in (we don’t know how) it is paid off to the highest profile accounts.

Well it did expose a large flaw in their protocol, the reliance on an oracle which mirrors the price of the “real” asset instead of the actual on-chain value of the bridged asset. Of course the automatic liquidation of all borrowing due to the fall in prices of 1assets would have been an issue all on it’s own. But I would argue it would have been more fair.
It does pose a question of how a lending should be set up, and what measures should be taken (if any) when a hack like this arises. It it was clearly something Aave had accounted for.
If you take the code is law direction, you could also say the people who over leveraged and borrowed against their 1assets did nothing wrong as they only exploited Aave’s flaw. And thereby fully blame Aave for the situation.

Anyway considering they are a multichain protocol, I think they should be grateful for this hack (considering it was so small for their part) Take it as a lesson learned, and rework their strategies for their protocol overall. And take their share of the blame together with Harmony and do a 50/50 split of the of the reimbursement.

2 Likes

So for me that what BDG has suggested makes sense and provide assets would come back if the reimbursement plan works fine. But looks like here is the issue, Harmony know this is not working and so don’t wanna provide anything.
Let’s take two month of token unlock and you have your 50m ONE that is already (when checking tokenomics) planned of the ecosystem.
Why the reimbursement is not working, do the math, 100m hack, $150k provided per month for partners to burn unpeged assets. 100m/150k = 666.6 months or 55.5years.

I would even say Harmony don’t care this at all because it’s not even 1% of the hack and they just wanna blame aave when they say the borrow was to long open. No answer to my question if Harmony has really reached out to their partners immediately after the hack…

Thing is thats not how it works.
A large amount of the 1asset tokens can be labeled as “toxic assets”. The people who sold after the hack caused the price of 1assets to decline. These tokens are being bought back and burned now. Eventually if people hold on to their 1assets, they will come into balance again, be bought back at market value.
This will not be a linear curve, it will be an exponential one. Where a large amount of tokens are burned now (over 1mill 1usdc already i believe) with less and less over time at a higher price.
Long story short, there is no need to reimburse 100mill

For instance,

We used 150k funding in round one and have removed about 1.4M in depegged assets from the ecosystem.

1 Like

So harmony could provide liquidity and know they recover it by the program and get back what they lend!?

Just wondering why AAVE user are so left out from everything and no one really cares to fix this!

Harmony had a 5m USD incentive program on AAVE, it started in April and should run 12months.

Months 1-3: 40%
Months 4-6: 30%
Months 7-9: 20%
Months 10-12: 10%

Month 1-3 are April, May June. Then the hack happened. That would mean 60% of the 5m USD have not been used, that’s 3m USD. Are they still around? Have they been provided at start to Aave?

1 Like

Not nessesarily. Because someone who took out a loan for One token against worthless 1usdc might have cashed out, and abandoned the wallet, leaving the loan locked in perpetuity unless one token price drop to the point of liquidation.

The best solution would be for Aave to snapshot current state, and figure out where/who/if reimbursement is needed. Change oracle to on chain data. Liquidate everything, and reimburse where needed.

1 Like

I mean read the message from Ernesto, if there is trust that the recovery plan work the deposit will be recoverable :man_shrugging:t3:

There are wallets with even millions inside, most don’t abandoned the wallet. Found even some owner of wallets with negative debt on social media.

Total agree on this, LINK was between hack and bridge reopening so low that this positions could have been liquidate easily and now bridge with an immense arbitrage opportunity out. But nope…

1 Like

I wasn’t saying this necessarily was the case, I havn’t done any analytics on it. I was just giving a hypothetical case of which funds would not be recoverable.
If an wallet had 1usdc supplied to Aave at the time of the bridge hack, they could max out borrowing on One token, and make their money back that way (more or less). This person will have no incentive to repay that One loan to get their 1usdc back even if it repegs. Thinking about it they wouldn’t even need to create a new wallet, as long as they don’t intend on using Aave again (and if they did, creating a new wallet takes seconds anyway)

Hello Harmony community, Ernesto from the BGD team here, currently engaged as a technical/development provider by the Aave DAO.

First a disclosure. BGD Labs, and myself in the capacity of representing BGD, are not decision-makers in the Aave ecosystem. This means that we contribute to all technical aspects of Aave due to our active engagement providing services, but the decisions are always made by the Aave community via governance. That includes this Harmony case, on which we provided a technical update of the situation post-exploit and then tried to support on the technical questions from both the Aave community and Harmony’s.

I would like to clarify certain aspects of the communication between BGD and the Harmony community (not only BGD):

  • Post-exploit, nobody from the Harmony side really contacted anybody from Aave, until we reached out. This is remarkable because we had a channel of communication opened that we used for technical questions regarding the Harmony network and the Aave protocol.
  • Given that the Aave community was asking about solutions, we tried to check out with the Harmony team (not really sure about the structure, maybe it was representatives of some Harmony foundation) which plans they had in mind. This is pretty natural in our opinion, given that the exploit happened on the Harmony infrastructure.
    After some waiting, the Harmony team commented with us the intention of covering the loss over multiple years (I think it was the first iteration of the plan published on this forum). Even if potentially a solution, we pointed out that given how the Aave protocol works, introducing that kind of vesting component on “dynamic” user positions would be challenging, if the intention was to keep the Aave v3 Harmony operational.
  • Soon after, I assume because of the dismantling of a good part of the Harmony team/foundation, we got introduced to the Harmony Recovery One members, as they were supposed to try to move forward with a new recovery proposal. Again, we tried to explain the situation from a technical perspective, and we arrive at the point of the message shared by @Pioneer : deposit of ONE could in good part solve the situation for Aave in regards to the consistency of the liquidity protocol in Harmony, boiling down to if the assets would recover the backing or not. To be clear, no solution is perfect from a technical point of view, but after thinking extensively about it, seemed the most realistic.
    To insist on the point of my message, the question of “will Aave continue being a partner of Harmony?” is out of context of the conversation, because me & BGD have exactly 0 say on Aave “partners” or any type of decision.

Now, some extra clarifications:

Aave didn’t decide or showed an intention of wanting anything. The proposed solution from BGD is something for both the Harmony and Aave community to evaluate, mainly Harmony.

There was no internal issue that we are aware of within the Aave ecosystem. The Aave Safety Module is officially covering v2 versions of the Aave protocol until the Aave governance decides differently. The Harmony team, same as all others where Aave v3 was deployed submitted a request to do it to the Aave governance, there is not really an internal issue.

I’m not sure if it is appropriate to evaluate how big of a problem the Aave community thinks the Harmony situation is. From the BGD side, I can say that we have spent good resources on it, just trying our best to provide information and technical solutions for the parties involved. Until the Recovery One team got involved, nobody from Harmony really participated in the Aave governance forum discussion, which is pretty strange, given that the exploit has happened on Harmony’s infrastructure.

Something extra to clarify too is that the Aave protocol itself didn’t really benefit anyhow of the Harmony deployment: it was something proposed by the Harmony community, Aave governance approved it, and this was supposed to benefit users of the Harmony network, having access to a protocol like Aave. Obviously, I think the Aave community was expecting (same as with every other network), reliable infrastructure.




As a conclusion, I think the only way forward is for Harmony community members (or representatives of the team, but not sure if they are even active anymore) to pro-actively try to propose something to the Aave community, not to anybody in private, but on governance.aave.com, the same thing as we suggested from BGD since the start.

5 Likes

Well let’s put something together

1 Like

Thanks for giving some answers and speaking here. That Harmony didn’t informed Aave over the direct channel is not good, this was one of the points I was always criticised in the past. Nothing changed with communication. To sad…

Your Idea with a deposit would be a great solution for all, but for this we need the Harmony Team and you can see how active they are…

I’m wondering Harmony had a 5m USD incentive program for AAVE. Did you got those 5m infront or did you had to ask for refill the rewards? In theory 60% should be still left because this program was only 3 Month runing and not as promised 12m

1 Like

@eboado, thank you very much for coming here and communicating with us. I am personally very grateful for the clarifications and information because we lack it from Harmony side. Your contribution is highly appreciated!

1 Like

It is important to clarify that the Harmony team was completely in charge of defining and managing the LM program started on Aave v3 Harmony. Similar to other teams are in charge of the same for networks like Avalanche, Polygon, or Optimism (only on Aave v2 Ethereum was different, as the Aave governance does it).
So from our side, we are not really aware of those aspects more than the users. The program was activated only for the ONE asset on Aave, not sure about the duration intended, as that is fully configurable.
The only thing in which we participated was to, post-exploit, let the Harmony team that probably could be a good idea to stop the program given the situation, as it was still running even post-exploit. But the decision was always on them.

3 Likes

So who is “Harmony Team” on this forum?

2 Likes

Could somebody explain why Total borrowing/Total lending is increasing on Aave?

Because of the APY, alink lend still have 1039%

Well, why weren’t the debts liquidated as soon as they depegged? As in, somebody put in USDC, borrowed out ONE. When USDC depegged, it should have been liquidated for ONE, but wasn’t, which is the reason I and countless others can’t withdraw our ONE. The depeg is definitely Harmony’s fault, but not liquidating assets is AAVE’s. Do you know/can you explain why the depegged assets weren’t liquidated?

1 Like

Because of the oracle who gives USDC still the value of $1

1 Like

Any update at all for that?
We are waiting since more than 6 monthes for solutions from both aave and harmony…