Proposal for partial compensation from ACA treasury of users affected by Starlay Exploit on Acala EVM

Treasury
4mos ago
3 Comments
Proposed
  • Content
  • AI Summary
Reply
Up 1
Share
  • Metadata
  • Timeline1
Comments

Adam Steeber here (posting from my business wallet - verified Kusama identity here). I am the second signatory on the beneficiary multisig.

I can confirm that I've been working with the submitter here and we have come to a contractual agreement regarding the distribution of these funds.

Steeber Solutions LLC shall be legally responsible for the distribution of the Treasury funds. This distribution is as follows:

  • 10% to the Steeber Solutions Acala account 256ixYC9YMyLTza1bT52Jy4K8yjBjD46qrbxbB2XkTq8h7rg
  • 90% to the affected users, each receiving a share equal to their share of the total loss

Here's a breakdown of the distribution of this Treasury spend. Shares are based on the USD values found in the spreadsheet provided by Starlay. The Acala-to-EVM account mapping comes from this chain query: api.query.evmAccounts.accounts.entries();. Notice there are 4 EVM accounts entitled to a share of this spend who have not binded their Acala accounts to their EVMs, though their shares are relatively insignificant. The following is the encoded call hash that you can derive by batching balances.transferKeepAlive of the shares (down to the planck) to their respective recipients, in order from largest to smallest, using utility.batchAll() (omitting the 10% share to Steeber Solutions and the 4 accounts without a binding):

0x1f25eb1cf4c6a14c048c603dfdbabc9677316b74ae03fd17425c6425d226515e

Edited

Reply
Up 2

Regarding this proposal, I have the following views:

  • The 10% commission fee is unreasonable and should be canceled to ensure that more funds can directly compensate the affected users.

  • The multisig address cannot fully guarantee the safety and transparency of the funds. It is recommended to increase transparency measures and oversight mechanisms during the compensation process to ensure that the funds are safely and fairly distributed to the affected users.

  • Acala, Astar and Starlay have already provided compensation. Further extracting funds from the treasury might harm the interests of Acala holders to some extent. I think we should use the treasury funds more cautiously, ensuring that these funds are used for the broader development and improvement of the ecosystem. This approach will create a positive cycle, rather than compensating for every hack incident in the ecosystem. If that were the case, Ethereum should compensate for all hack incidents within the Ethereum ecosystem, but is that the reality?

Reply
Up