πŸ‘»Aave: Enable Borrowing of DPI

Voting Recommendation by (Discord: Raho#0007)

Summary:

This proposal is to reinstate borrowing of Defi Pulse Index on Aave markets. Aave, in an act of caution (AIP-44), disabled the borrowing of Defi Pulse Index following the xSushi attacks on CREAM Finance (Cream Finance attack:https://governance.aave.com/t/analysis-of-xsushis-incident/6335).

In response to the vulnerabilities on CREAM finance, Aave temporarily disabled the borrowing of DPI. The temporary disabling of DPI was intended to last until there was a full understanding of what exactly happened with CREAM Finance. This information has been released and can be seen in the link provided above.

DPI is an index token, that gives holders exposure to the top Defi protocol governance tokens, wrapped into one token (DPI). (More on DPI here:https://www.indexcoop.com/defi-pulse-index-dpi)

After analyzing the vulnerabilities of xSushi, it is clear that DPI is not vulnerable to the same sort of attack, and is considered to be β€˜completely safe’. Details listed in the snapshot proposal are quoted below.

xSUSHI is vulnerable because SUSHI can be donated to the xSUSHI contract to inflate its value. It is the ability for SUSHI to inflate the xSUSHI value that made the Cream exploit possible. For DPI, this same attack is not possible. This is because Index Coop has its own internal accounting system, which prevents the underlying components from being sent to the contract to inflate its price. The DPI Chainlink oracle uses this internal accounting system to calculate the value of DPI (sum of all parts), ensuring that the DPI price cannot be manipulated in any way.

Due to the fact that DPI borrowing was disabled purely as a cautionary act, the information needed to assess the vulnerability is now available. This information shows that DPI is safe.

Due to the complexity of this issue, I would like to pose a third option in the voting process which is β€˜Abstain’, if the Rabbithole community is not comfortable making this vote. The reason I added the choice to abstain is due to the fact that some may not have the technical background (I don’t!) and therefore may not be comfortable voting for or against this.

Recommendation:

I recommend that the Rabbithole community vote yes to Aave opening up borrowing of DPI. It appears that the vulnerability that xSushi was exposed to - is not possible for the DPI token. For this reason, I believe it is okay to return to business as usual in terms of DPI!

Proposal: https://snapshot.org/#/aave.eth/proposal/0x5adefddde07014cd22a6f783ce62c9bbbc22854348da5753c46fa459fa045b0a

Open Questions:

Feedback:

Execution Status: Executed

Vote: Yes

Community Vote

  • 24Y

  • 1N

Pod Vote

  • 24Y

  • 1N

PreviousAave: Enable UMA as Collateral on v2/v3NextAave: Consolidate Aave V1, V2 & AMM Reserve Factors, Purchase CVX and Deploy to Earn Yield

Last updated