Recompensation Plan for SSIP and SSRP LPs

Scope: To propose a recompensation plan to restore all pre-security incident LP positions.

Summary: In response to the security incident on November 14th concerning the UNO Risk investment dApp, we propose a reestablishment of the pre-event status of all LP positions. This restoration will maintain balanced token economics via a time-bound burn event.

What Happened?

Uno Re’s SSIP and SSRP capacity pools were exploited on 14th November; the malicious actor altered the claimsAssessor role to an attacker-controlled EOA, which was consequently used to call the policyClaim function on the vaults to drain them.

Consequently, a total of 32.4M $UNO, 127.9K $USDC, 59.3K $USDT, and 18.4 $ETH were misplaced.

Since the security incident, our focus and urgency have been placed on continuously tracing the misappropriated funds, reaching out to the CEXs, wallet providers, and Mixers involved in the laundering of these funds to freeze the exploiter accounts.

For a more detailed look into the (ongoing) effort, please refer to this constantly updated tweet thread and our Post-Mortem report.

The Administration of the proposed restoration:

The three standout options for the restoration of these positions can be:

1. Via Airdrop of UNO, USDC, USDT, ETH tokens on both ETH and BSC networks directly for all users 1:1 for the complete exploited amount
2. Via restoration of positions in the re-deployed v2 contracts (read more about the changes here) along with pending rewards accumulated on their positions from the time of the exploits till the date of redeployment.
3. Via a Claim dashboard Merkle for claiming $UNO tokens directly - Unclaimed Tokens get migrated to Option 2 automatically

This proposal leaves room for the rest of the UNO DAO members to suggest other possible means of administration for up to 1 week. Please note all current pending rewards on non-harvested positions will also be returned 1:1 on all the above options.

Compensation Plan for SSIP and SSRP stakers [Option 2]:

We proposed to allocate a portion of the current protocol treasury - of USD value of 230k - to acquire 155k USDT, 32.3k USDC, and 18.4 ETH, which will then be further used to create respective SSIP positions on both ETH and BSC sides and distribute the SSIP LP tokens 1:1 with their previous holdings. These funds will then be used to restore capacity and the LP positions of every staker as they stood pre-event.

The 32.4M token holdings for SSIP and SSRP $UNO capacity vault holders will be distributed as SSIP and SSRP LP tokens, respectively, 1:1 with their previous holdings per the exploit block timestamp. This will be compensated from the currently unreleased tokenomics tranches. The 32.4M UNO tokens will be taken from our current total max releasable supply as per tokenomics, which is around 207M as per tokenomics schedule.

It will be split as shown below:

1. 16M UNO tokens from the team supply tranche
2. 8M UNO tokens from the Reinsurance cell / Liquidity tranche
3. 6.77M Tokens from Acquisitions tranche
4. 1.63M Tokens from Treasury tranche

It is worth noting that the Reinsurance Cell / Liquidity tranche was designed into $UNO Tokenomics to act as the final backstop for any black swan events (such as this one). For the utilizations from Acquisitions and Treasury tranches, if the majority of DAO members wish to utilize the same from other tokenomics tranches, then kindly raise the same in discourse.

Still - in accordance with our practice of being conservative and overly cautious with regards to tokenomics - to bring parity back to our low emission and maintain a deflationary token model, we additionally propose to burn 64.8M $UNO (twice the exploited amount in UNO, to account for damage caused) from the total supply, from all tranches. The proposed token utilization from various tokenomics tranches is as follows:

1. Team - 4.8M UNO tokens
2. Community Incentive & Rewards - 6.8M UNO tokens
3. Advisory, Legal & PR - 4.08M UNO tokens
4. Operational Expenses - 6.4M tokens
5. Marketing Expenses - 11.2M tokens
6. Acquisitions - 1.63M tokens
7. Reinsurance Cell / Liquidity - 26.53M tokens
8. Treasury - 3.36M tokens.

As such, our updated Total supply will become ~320M tokens.

The Logistics of the proposed restoration:

If this proposal passes, the following actions will be executed:

1. A total of 64.8M $UNO tokens will be burnt within 48 hours of proposal passage
2. The development of patched v2 contracts will be initiated and will be sent out for audit - the timeline for this is expected to be around 3-4 weeks, however please note that this is an educated estimate.
3. At this point, the new deployment and restoration of all SSIP and SSRP positions will take place; the protocol will resume normal operations, and each user will be able to freely withdraw / keep participating in the protocol as they see fit.
4. The UNO Guardian is multisig members and will be elected.

Recompensation Positions Snapshot

If you’ve been affected by the security incident, please check the below sheet; locate your address and check if the numbers are valid and correct (especially if you managed to withdraw something).

ssrp-ssip-holders

1600×687 329 KB

(If you had previously submitted a request via our discord tickets, your positions will be considered on a case-by-case basis for transactions done post exploit block number. This will be added to a separate data sheet.)

For the Active Insurance Policy Holders:

For current insurance policyholders who have active policies with us, kindly verify your policies in the spreadsheet attached; if you find your wallet below, please create a ticket on our discord server, and we will either pause for 4-6 weeks (to account for v2 redeployment) or else arrange an alternate coverage policy for you with one of our partners.

ssrp-ssip-holders and active policies.

1600×375 281 KB

What Happens if We Recover the Funds?

A portion of the recovered funds will be used to replenish the treasury assets, and a significant majority of the recovered funds (after accounting for the success fee for our contracted recovery experts) will be allocated towards a pool that will be used to buyback and burn $UNO tokens from the CS. This plan will also be put to vote via a partial DAO process; veUNO holders will be responsible for deciding whether to use these funds as such or propose their ideas for the same (f.e.incentivisation of vault liquidity, etc.).

Please note that this proposal is just in the RFC stage; after incorporating feedback and suggestions from the community, the finalised proposal will be put up for voting in 1 week.

Amazing work by the Team, Solid statement

Great to see the plans. I would be ok with option 2, where we basically continue where we left off. If you airdrop directly into people’s wallets, as in option 1, that can cause some to decide not to continue to stake anymore, which is not ideal perhaps. It would be very good, and bullish for the project overall, if you can state on socials at some point, that all accounts have been reset to where we were before.

Thanks for the great proposal, another testament of the quality and professionalism of this project team.

My preference would be the dashboard-with-default-option, assuming this allows us to specify a target wallet address- because this gives us some flexibility in reorganizing our tokens. This also has some interesting implications because you decouple past history from the new wallet and it will be a fresh airdrop, after a hack.

Fantastic work on the proposal team. Option 2 looks the most sensible and from feedback, it seems like community are happy with it. I got my veUNO ready to vote, I’m sure the community wouldn’t mind if voting starts earlier! Possibly tomorrow if the team is ready

I personally would also vote for option 2 given it would be the best compensation plan there could be. Of course it may not satisfy every single person, it is the best solution for the entire community. Nothing is perfect. So let’s put it to vote.

One more thing I want to mention guys. I already mentioned this in a ticket on Discord but was told to also mention it here. My wallet that I used for staking was compromised (a drainer contract, silly me, lesson learnt etc.), but the recompensation plans are probably all going to be using the wallet that was active at the time UnoRe had it’s security issue. So my question and/or suggestion was to, in some cases, have a more personal approach and see if I (and it can happen to anyone) could get my recompensation in a new wallet. My plan would be to restake the USDC amount I used in the past again, but of course using this new wallet. Any UNO rewards that have accumulated in the meantime should then be sent to my new wallet. Let me know if this is a possibility. The alternative is that I keep my old, and compromised, wallet and hope nothing bad will happen (yes, I’m moving all my holdings out of that wallet to a new one). Thanks, and good luck with voting, and implementing your plans!

We can try to do this, Please tag me on discord.

We might need you to prove ownership of the old wallet, proof it was hacked/police reports about the incident.

The proposal has passed as per our snapshot vote Snapshot dated Nov 30, 2023, 7:47 PM.

As per the same, we have initiated the development of the v2 contract updates and completed the token burn event to negate the inflation from the additional tokens being induced into the market for the recommendation plan. The details regarding the full 64.8M token burn event have been documented below:

Additional Comments:

1. Comments / Feedback from the community has been severely inadequate during this proposal discourse. Olympus Council members have not shown any significant contributions to the DAO in the last couple of months and their lack of involvement in such a critical proposal only undermines our community strength. Anyways our Governance activity did hit a new ATH if you counting votes, but this is not productive DAO governance FYI. To progress fruitfully as a DAO towards a fully decentralized Insurance and Reinsurance provider we need to do better.
2. There were some miscalculations in the amount of token to be burned from Operational Expenses and Marketing Expenses tranches in the original proposal - the fixed calculation amounts were applied in the corresponding tokenomics wallets during the actual burn event and have been recorded correctly above.