Should we stop the Mainnet GIVstreams of Univ3 Middle Fingers?7

This is a proposal to terminate the disproportionate mainnet GIVstreams allocated to 3 address who took advantage of information asymmetry & got huge earnings from providing one-tick liquidity in Univ3 rewards program.

Some Background

As you most likely remember, a couple of months after launch we learned an information asymmetry in our Univ3 pool. We designed the rewards program assuming that GIV rewards were distributed proportionally according to the amount of in-range liquidity provided, and later learned that significantly more rewards are given to LPs who provide concentrated liquidity. The highest rate of reward goes to in-range univ3 NFTs that are only 1-tick wide.

After learning this and learning of some addresses taking advantage of the Univ3 rewards program, the community voted to terminate the Univ3 rewards program. For more info check out this summary tweet thread, snapshot vote and original forum post.

The Data

@amin prepared a document to summarize some of the data from addresses (on Mainnet) who took advantage of the Univ3 rewards program. I am proposing to consider terminating the Mainnet GIVstream of 3 address according to the following criteria:

  • Earned over 100k of Mainnet GIV through univ3
  • Provided 1-tick liquidity on univ3
  • Didn’t earn significant rewards from other means on mainnet

Mainnet Token Distro Balance

The addresses & the amount of GIV in the token distro allocated to their addresses on mainnet as of March 15, 2022 are as follow:

Address Balance
0x213439b642dbb9d5ee7bafdafb1f33f9ab8b7e35 2,074,365 GIV
0xb66edbf805783e67a9b1039f7524e5009631c847 494,539 GIV
0x261f436676cfa456a8f086a850160e97550aea9c 153,704 GIV

Range of Positions

In this doc you can see the size of each univ3 position ever owned by each address under “Range of Positions Click to expand!”. A range of “60” means that the position was provided with only a 0.6% range around the current price - this is the smallest possible range one can provide (one-tick). A range of 120 is 2-ticks and so on. Here is a screenshot corresponding to the 1st address:

image

You can see that each of the aforementioned addresses created several univ3 NFTs that were only 1-tick wide.

GIV earned from other sources on Mainnet

For each address, you can also see the number of total allocations from the Mainnet Token Distro, and which of those came from other (non-uniswap) sources. Reviewing the data, you can see that the non-uniswap allocations for these 3 addresses were quite small.



You can see the start date of each address’s mainnet GIVstream in the following table:

Recipient Stream Start Time (GMT) From Transaction Hash
0x213439b642dbb9d5ee7bafdafb1f33f9ab8b7e35 December 24, 2021 18:26:56 Uniswap 0x66d4bae4fd88a13913dd071b4c33e8f38a665d57ad2a44f636d9b4feaec77362
0xb66edbf805783e67a9b1039f7524e5009631c847 January 9, 2022 5:36:15 Balancer 0x8ed0549cc07cb74b756e90918ce4342d8e37b711e10f815c4007dc156f3d5bed
0x261f436676cfa456a8f086a850160e97550aea9c February 1, 2022 10:18:25 Balancer 0x9ad15cac2d213020809d3608e11bf1a0239659bd4370f9d16731e979ff0edf35

Note: For reference, our team first became aware of the Univ3 one-tick issue around February 9, 2022.

Summary

All these addresses were on the profitable side of the information asymmetry: earning huge yields by interacting with the GIVeconomy predominately in this one way. They have already earned a significant amount of liquid GIV. This proposal is to consider ending the streaming portion earned on mainnet.

FYI (before you ask) - the reason we cannot end only the streams from one-tick Univ3 rewards earnings is because it is extremely difficult to determine how much GIV was earned from each individual NFT position. We could determine the total amount remaining in the token distro from univ3 rewards, but these users have already received generous amounts of liquid GIV from their exploits so I am proposing to end all rewards allocated to them in the token distro on mainnet.

Justification

  1. We setup the univ3 rewards program under incorrect assumptions, and in fact, allocated excessive rewards to this pool if you consider the rewards program mechanics. It should not have been so easy for just a few addresses to earn over 2.6 million GIV from farming rewards in just a few short months.

  2. The amount of GIV going to these addresses makes their total allocations on mainnet alone even higher than the total allocations of many of our long-term or top contributors. This is significant governance power in the hands of address who where exploiting the univ3 system.

  3. All parties still get lots of rewards. We would not be touching GIVstream on Gnosis Chain, or all liquid GIV they already received from these streams that have been flowing now for months. Any streaming rewards earned from GIVbacks, GIVdrop or the GIVfarm on Gnosis chain will remain the same. We are only proposing to stop the excessive streams on mainnet which were predominately earned from univ3 exploits.

If we let hackers or bad actors exploit our systems and get away with it, more people will look to exploit us. Because of the GIVstream, we have an opportunity to terminate unreasonable rewards gleaned from exploitation. It is the responsibility of our community to decide how to proceed, and which behaviours we wish to reward.

I am proposing to terminate these three mainnet GIVstreams because I believe it is in the best long-term interest of Giveth, $GIV and the GIVeconomy.

I suggest that we use this recovered GIV for rewards for mainnet liquidity mining.

Should we terminate the mainnet GIVstreams of these three Univ3 one-tickers?

  • Yes
  • Sort of, I have another suggestion
  • No
  • Abstain

0 voters

Add: Bounty for the user who brought this to our attention!

It is thanks to one user (name kept private from this forum post) that we discovered this issue in the first place. They noticed they were not getting the right rewards for full-range liquidity & started asking questions. They did some research and experimentation and discovered the biggest one-ticker )the first address) that led to use eventually turning off the rewards program. This was hugely helpful information and I think that this kind of support from our community members should be rewarded. I am additionally proposing to reward this user with a bounty of 50,000 GIV liquid from the GIVgarden.

Should we create a 50k GIV bounty for the user who brought this to our attention?

  • Yes
  • Sort of, I have another suggestion
  • No
  • Abstain

0 voters

Major praise to @amin @griff @cotabe for helping me get this post to the finish line.

2 Likes

The #GIVfarm Giveth and the Giveth Community Taketh away.

I am in 100% full support of this proposal, and think we should reallocate these ill-gotten gains to liquidity mining on other pools mainnet… like the Angel Vault and the Rari pool we will launch to get it.

I also think that user deserves a nice fat reward, and 50k in liquid $GIV sounds right. They had to do a lot of convincing to get us to understand the issue, when we were initially very dismissive… long story short. Hero.

I think both moves send a signal that will turn grey hats into white hats instead of black hats.

If we don’t cut these streams, it shows that we are a great crypto community to try to exploit.

If we give out a fat reward, it shows we are a great crypto community to report exploits too.

this is the way doge

7 Likes

Gardens, vote, done. Let’s do it!

Hello, Giveth DAO Team –

I wanted to reach out with an amendment to this proposal for the DAO to consider.

I am the user who initially discovered and reported the 1-Tick problem, and I see that my wallet address is the last and smallest one on the proposed suspend list.

So I wanted to take a moment to provide some additional background on the issue, because I think there is a substantial difference in the way I have approached the V3 Liquidity pool versus the accounts that were methodically abusing it, and I would like to ask the DAO to consider removing my wallet from the list.

For starters, one of the criteria for selecting the addresses was that they “Didn’t earn significant rewards from other means” beyond V3 staking. In truth, I’ve been staking GIV over on the Gnosis chain since the end of November, just after launch. So I was involved well before February, even though it may not be obvious just by looking at the mainnet transaction records.

But in February I noticed that the Uniswap and Balancer pools on mainnet were advertising 3000-4000% rewards, so I moved my GIV over to mainnet for the 6x higher returns. I tried Balancer first, but its returns dropped that same day, so I switched to Uniswap.

The following chart shows how the next two months played out. I have sorted my transactions by date order, because it makes the story much clearer.

DISCOVERY PHASE
After I first staked in the Uniswap pool on Feb 1, I noticed that I was getting significantly lower returns than I had been making over in Gnosis staking, and that started me digging into whether I had done something wrong when placing my initial stake. I reached out to the GIV team to see if there was a problem or known bug, and I also tried re-staking differently to see if that fixed it.

After about a week of back and forth, and after looking at the V3 pool and the transactions in it, I discovered an account that was stacking liquidity on 1 tick, and thereby appeared to be capturing the vast majority of the liquidity rewards. (It was the 0x213439b642dbb9d5ee7bafdafb1f33f9ab8b7e35 account that is currently at the top of the proposed suspend list.)

I reported this discovery to the GIV team on Feb 9, and then tested the theory to see if staking 1 tick resulted in maximized rewards. It did.

STAKING PHASE
Now that we knew what the problem was, I set up my staking aiming for 5-10 ticks of liquidity. That was concentrated enough to get good rewards, but not so concentrated as to feel like it was being unfair to other users. Meanwhile, the GIV team tried to see if they could discourage the 1-tick users by periodically buying & selling to move the tick. Unfortunately, by the end of the month it became apparent that it wasn’t scaring away the 1-tick users.

THE ANNOUNCEMENT
On March 2, an announcement was posted on the Giveth Forums explaining the problem, and suggesting that we should close the V3 pool.

DOGFIGHT PHASE
Now that the 1-tick trick was widely known, the V3 pool became much more chaotic. More accounts began staking concentrated liquidity, and the tick point began to move much more wildly.

At this point, I had to decide whether to pull out of the pool entirely, or to compete more aggressively with the 1-tick users. Since by now it felt like I was in a personal battle with the 1-tick whales, I decided to fight fire with fire, trying to keep them from monopolizing all the pool rewards.

This was the only time in the process when I did any significant amount of 1- and 2-tick bidding.

WRAP-UP PHASE
Things finally calmed down in the last week. With the end in sight, the number of staking accounts declined as funds were withdrawn from the pool. That made it feasible to dilute the remaining liquidity over a wider range again.

CONCLUSION
I hope this extensive post-mortem convinces you that I approached this situation from a very different perspective than the 1-tick whales. They attacked the V3 pool early on and monopolized the liquidity from the shadows. I kept the GIV team informed as I explored the problem, then tried to be a good pool participant after I diagnosed the problem and shared my results with the team.

I also feel it’s important to note that most of my GIVStream rewards were earned without using any 1-tick tricks at all. As of March 3, prior to doing any 1-tick staking in the Dogfight, I had already accumulated 99,600 tokens in my GIVstream through ordinary moderately-concentrated liquidity.

With that in mind, I would respectfully ask the DAO to remove my wallet address from the “Suspend” list, so that I can continue to harvest my GIVstream over the next 5 years. My current plan it just to harvest the stream every 3-4 weeks if gas is cheap, and deposit the earned GIV into the Balancer pool.

Thank you for your consideration, and I will abide by the DAO’s decision without complaint.

3 Likes

Thanks for your thoughtfully written summary @JHGrove3 - you were really instrumental in helping us resolve this vulnerability. I have some thoughts/comments:

This is a bit of an error in my writing. I really meant “didn’t earn significant rewards from other means on mainnet” The proposal as-is, would only stop mainnet GIVstreams, will not have anything to do with Gnosis Chain earnings or GIVstream. The point is that these address earned the vast majority of their allocated mainnet GIV from the univ3 rewards program.

The univ3 pool rewards program was designed under incorrect assumptions, leading us to offer WAY too much GIV as rewards. Amounts that are not reasonable, not justified, not sustainable. 12,000%+ APRs… if I had known that was possible before launch, I would have pushed hard to lower total rewards significantly, and also ensured that it was widely known that concentrated liquidity led to higher APRs.

The huge rewards earned from concentrated liquidity on Univ3 were earned as a result of our mistake in designing the pool. The proposal to end mainnet streams is also a proposal to even things out more, because the amounts earned are not really fair to the broader community.

Since liquidity of 2-ticks meant half the rewards, 3-ticks meant 1/3 of the rewards. We decided to make the criteria only include addresses that got rewards from 1-tick liquidity… 2-tick and 3-tick liquidity could have been considered as well, but it’s sort of like eating our mistakes a little… we have to draw a line somewhere.

Since the third address is yours, it would unfortunately mean losing the 150k streaming over 5 years… but separately I’m proposing the 50k liquid GIV bounty as a reward for helping us discover the issue… which you could use to earn a yield and build up your stream again. The 50k is imo a reward earned for a big contribution to the community. The stream 150k is GIV gained because of a mistake we made setting up the program.

Trying my best to set a line each and make a fair proposal, all things considered.


Anyway, I am very open to hearing the opinions of other community members.

1 Like

From the vote so far, I consider one thing is very clear.

The community wants to stop the Mainnet GIV streams to the Middle Fingers.

Sincere appreciation to @JHGrove3 for helping us discover the issue. I think he is bringing some good points.

I believe in the spirit of sending a signal

A point I agree with…

I would love to know what would sound fair to @JHGrove3, who in contrast with the other two accounts engaged with the community and helped us spot the problem and hence fix it.

I think @karmaticacid criteria are fair and changing those criteria would be complicated to find agreements… Especially because it is a quite complex topic. But we might find a solution that feels fair to all parts.

1 Like

Based on something Karmaticacid wrote, I have a proposal that might bring my account in line with everyone else’s.

The comment was:

… We decided to make the criteria only include addresses that got rewards from 1-tick liquidity… 2-tick and 3-tick liquidity could have been considered as well, but it’s sort of like eating our mistakes a little… we have to draw a line somewhere.

In particular, because my project started off as an analysis of the V3 staking rewards and trying to figure out how the rewards were calculated, I kept records about each of the stakes I placed and how many rewards they accrued over time.

I went back and reviewed my records, looking for all the 1-tick stakes that were placed after we had identified the root of the problem. I made a list of what each of those stakes earned – to the wallet and to the reservoir – and here is what I found:

image

So perhaps the solution is that we deduct 27,448 from my reservoir balance, which would negate all the 1-tick earnings.

@amin is it easy/possible to deduct and amount from the token distro balance? Or is it only possible to do all or nothing?

See the comment above.

Ok, speaking to @amin, it is not possible to reduce the amount in the token distro. It is all or nothing.

Really appreciate your support in identifying the issue @JHGrove3 :pray:

I support the 50k GIV bounty for your contributions as well as ending the stream.

If you can provide data showing that the amount of liquidity you provided in February deserves more rewards, I would be open to reconsidering, but from some quick chain analysis, the 150k GIV you earned in February on mainnet appears mostly attributed to the issues with our UniV3 farm rather than an equitable reward for providing liquidity. This is just from a quick review, so please let me know if I’m missing something. I appreciate all the data and context you’ve shared so far :purple_heart:

2 Likes

Upon looking at the doc again… those 3 mentioned addresses are also the only ones who took advantage of 2, 3 & 4 tick liquidity. The min range of others is 5… meaning 1/5th of the rewards.

Considering this, I feel even more strongly that we should end the streams of these 3 addresses. The rewards for the small range were just way too high, and these are the only 3 address seemingly playing these games and taking advantage of it.

I think it is important to for us to create objective criteria and stick to it. These addresses were playing the game and gleaned rewards disproportionately higher than the value-add to the community.

The value-add of helping us discover this issue is a separate topic, and I think should be rewarded with a liquidty GIV bountry of 50k.

1 Like

I definitely consider you a hero JHGrove! This is why you should be rewarded a fat bug bounty.

But the rewards that were given to 0x261f…ea9c were drastically outsized for the amount of value being provided.

It was a horrible oversight to launch this UniV3 program, and I take that on as my own failure. It was my responsibility to research this and I failed and we launched a badly designed farm.

Our UniV3 rewards, over incentivized concentrated liquidity, and while 0x261f…ea9c may have only earned a fraction of your rewards from 1-tick positions, 0x261f…ea9c had a lot of concentrated liquidity such that you earned over 100k worth of rewards from UniV3.

0x261f…ea9c had
6 - 1 tick positions
2 - 2 tick positions
2 - 3 tick positions
2 - 4 tick positions
2 - 5 tick positions
2 - 6 tick positions
2 - 7 tick positions
2 - 9 tick positions
3 - larger positions

I don’t think it makes sense to give 0x261f…ea9c a pass, I think it makes sense for us to protect our protocol and zero out the addresses that were taking advantage of our flawed system and benefitted greatly for doing so… no matter who owns the addresses or what the state of mind of the address holder was.

And it also makes sense for us to give you a fat bug bounty reward for telling us about the flaw. With 50k Liquid GIV you will be able to get a lot of rewards and it will be fair.

I just don’t think it is right to judge an address by who owns it. I consider you a Giveth team member, and I know you weren’t maliciously participating in this program. It was a wild ride, and there is no perfect solution, but we took objective measures to find these 3 addresses as the primary addresses that used expertise to game this poorly designed program, and i don’t think it would be right to change the results because awesome Givethers held the address.

3 Likes

The snapshot vote is live: Snapshot