Scope: To propose a recompensation plan to restore all pre-security incident LP positions.
Summary: In response to the security incident on November 14th concerning the UNO Risk investment dApp, we propose a reestablishment of the pre-event status of all LP positions. This restoration will maintain balanced token economics via a time-bound burn event.
Uno Re’s SSIP and SSRP capacity pools were exploited on 14th November; the malicious actor altered the claimsAssessor role to an attacker-controlled EOA, which was consequently used to call the policyClaim function on the vaults to drain them.
Consequently, a total of 32.4M $UNO, 127.9K $USDC, 59.3K $USDT, and 18.4 $ETH were misplaced.
Since the security incident, our focus and urgency have been placed on continuously tracing the misappropriated funds, reaching out to the CEXs, wallet providers, and Mixers involved in the laundering of these funds to freeze the exploiter accounts.
The three standout options for the restoration of these positions can be:
- Via Airdrop of UNO, USDC, USDT, ETH tokens on both ETH and BSC networks directly for all users 1:1 for the complete exploited amount
- Via restoration of positions in the re-deployed v2 contracts (read more about the changes here) along with pending rewards accumulated on their positions from the time of the exploits till the date of redeployment.
- Via a Claim dashboard Merkle for claiming $UNO tokens directly - Unclaimed Tokens get migrated to Option 2 automatically
This proposal leaves room for the rest of the UNO DAO members to suggest other possible means of administration for up to 1 week. Please note all current pending rewards on non-harvested positions will also be returned 1:1 on all the above options.
We proposed to allocate a portion of the current protocol treasury - of USD value of 230k - to acquire 155k USDT, 32.3k USDC, and 18.4 ETH, which will then be further used to create respective SSIP positions on both ETH and BSC sides and distribute the SSIP LP tokens 1:1 with their previous holdings. These funds will then be used to restore capacity and the LP positions of every staker as they stood pre-event.
The 32.4M token holdings for SSIP and SSRP $UNO capacity vault holders will be distributed as SSIP and SSRP LP tokens, respectively, 1:1 with their previous holdings per the exploit block timestamp. This will be compensated from the currently unreleased tokenomics tranches. The 32.4M UNO tokens will be taken from our current total max releasable supply as per tokenomics, which is around 207M as per tokenomics schedule.
It will be split as shown below:
- 16M UNO tokens from the team supply tranche
- 8M UNO tokens from the Reinsurance cell / Liquidity tranche
- 6.77M Tokens from Acquisitions tranche
- 1.63M Tokens from Treasury tranche
It is worth noting that the Reinsurance Cell / Liquidity tranche was designed into $UNO Tokenomics to act as the final backstop for any black swan events (such as this one). For the utilizations from Acquisitions and Treasury tranches, if the majority of DAO members wish to utilize the same from other tokenomics tranches, then kindly raise the same in discourse.
Still - in accordance with our practice of being conservative and overly cautious with regards to tokenomics - to bring parity back to our low emission and maintain a deflationary token model, we additionally propose to burn 64.8M $UNO (twice the exploited amount in UNO, to account for damage caused) from the total supply, from all tranches. The proposed token utilization from various tokenomics tranches is as follows:
- Team - 4.8M UNO tokens
- Community Incentive & Rewards - 6.8M UNO tokens
- Advisory, Legal & PR - 4.08M UNO tokens
- Operational Expenses - 6.4M tokens
- Marketing Expenses - 11.2M tokens
- Acquisitions - 1.63M tokens
- Reinsurance Cell / Liquidity - 26.53M tokens
- Treasury - 3.36M tokens.
As such, our updated Total supply will become ~320M tokens.
If this proposal passes, the following actions will be executed:
- A total of 64.8M $UNO tokens will be burnt within 48 hours of proposal passage
- The development of patched v2 contracts will be initiated and will be sent out for audit - the timeline for this is expected to be around 3-4 weeks, however please note that this is an educated estimate.
- At this point, the new deployment and restoration of all SSIP and SSRP positions will take place; the protocol will resume normal operations, and each user will be able to freely withdraw / keep participating in the protocol as they see fit.
- The UNO Guardian is multisig members and will be elected.
If you’ve been affected by the security incident, please check the below sheet; locate your address and check if the numbers are valid and correct (especially if you managed to withdraw something).
(If you had previously submitted a request via our discord tickets, your positions will be considered on a case-by-case basis for transactions done post exploit block number. This will be added to a separate data sheet.)
For current insurance policyholders who have active policies with us, kindly verify your policies in the spreadsheet attached; if you find your wallet below, please create a ticket on our discord server, and we will either pause for 4-6 weeks (to account for v2 redeployment) or else arrange an alternate coverage policy for you with one of our partners.
A portion of the recovered funds will be used to replenish the treasury assets, and a significant majority of the recovered funds (after accounting for the success fee for our contracted recovery experts) will be allocated towards a pool that will be used to buyback and burn $UNO tokens from the CS. This plan will also be put to vote via a partial DAO process; veUNO holders will be responsible for deciding whether to use these funds as such or propose their ideas for the same (f.e.incentivisation of vault liquidity, etc.).
Please note that this proposal is just in the RFC stage; after incorporating feedback and suggestions from the community, the finalised proposal will be put up for voting in 1 week.