This is not about “This is DeFi”. It’s about perception. It was very obvious that people held Fuse/ Voltage accountable for Ola as a third party protocol. Even though the hack was known for over 2 years, Ola did not find out about it or patch it, which showed serious lack of commitment/ care of the Ola team. Why would we expect another stance now?
And Ola might come back to this saying that it was Fuse’s token and whatnot, but how can they expect Fuse to know the inner workings of THEIR protocol? It exactly proves my point why ownership is absolutely necessary.
To me it is a 100% NO if Ola does not take ownership and I encourage everyone not to take this fact lightly in their consideration.
2 Likes
With all due respect, I think this is a harsh evaluation. Ola performs constant research to stay up to date with relevant exploits; in fact, we were one of the first to report on re-entrancy vulnerabilities when they appeared on CREAM back in October 2021. What occurred was not a lack of knowledge as stated, but a miscommunication between two parties that allowed important details to go unnoticed.
While this should not be taken lightly, it does not correspond to a lack of care or commitment. Many protocols experience exploits during their growth, including projects like Compound, CREAM, and Rari Fuse; this does not automatically make them “bad” protocols. Furthermore, victims of these other exploits often don’t receive any compensation.
At the end of the day, responsibility for the lending network exploit was shared and compensation was provided to the best of all projects’ abilities. This came with the recognition that no compensation plan would fully restore the breach of trust that users felt. The best thing we can do now is to learn from the past and build something better, without sacrificing all the progress we’ve made thus far.
Looking forward, I believe it’s a big mistake to spend time deciding who’s at fault for various hypothetical situations. Frankly, it’s a losing game because there are endless hypotheticals in DeFi and no partnerships discuss who’s to blame should something happen. This is a critical blocker that, if practiced, would prevent the entire DeFi space from developing at all. More important than this is discussing preventative measures, how to successfully work together, and what synergies a partnership can bring.
I urge everyone with questions that stir the dialogue to voice them here so we can address them in the upcoming AMA. Let’s look to the future and determine how to capitalize on the opportunities that lay before us!
Just to refresh your memory, this hack already excisted since april 2020, see here: How the dForce hacker used reentrancy to steal 25 million.
I think it’s a big issue that this hack has gone unnoticed for so long and it even happend 2 more times (to my knowledge) before Ola was affected. You describe your service as “Ola will build and maintain the technical aspects of the lending network while providing ongoing risk advisory support”. And you write that Ola performs “constant research to stay up to date with relevant exploits”. For this hack, apparently Ola did not fail once, not twice but three times to find out about the vulnerability by assessing other hacks. The risk advisory support obviously failed seriously.
So what I am addressing is not blaming or discussing who’s fault it is. I’m merely bringing up that I do not believe in Ola’s ability to stay on top of risks. Also, it is not about not wanting to work together with Ola, I’m fine for them to have a second chance, but not the same chance as they had before, because it obviously did not work. Changes need to be made in the partnership so there is a clear seperation of responsability.
Therefor; ownership by Ola would be the only scenario I could live with.
3 Likes