• 0:15 Publius prepared statement and explanation of what happened • 11:31 What are the next steps here for Beanstalk, like fundraising? • 18:02 How much responsibility does Omniscia here? • 21:01 Investor outreach and haircuts • 34:02 Does Publius consider themselves the leaders of Beanstalk? • 38:36 Has Beanstalk reached out to organizations other than the FBI? • 39:28 Will Beanstalk need to provide a new token? Was the exploit actually illegal? • 40:59 How will voting take place if nothing exists in the Silo anymore? • 43:52 What types of backgrounds do the three behind Publius have? • 43:52 Was Beanstalk aware of or warned about the flash loan attack? • 46:11 How is Publius doing? • 48:41 A path forward proposal and discusses with Publius • 55:40 Is the pricing on Curve what made this possible? • 1:02:49 Could Beanstalk be restarted with a lower infusion of cash? • 1:06:02 Given everything that happened, should the DAO take control or should Publius take control? • 1:18:42 What should’ve been done to prevent this? • 1:19:35 How much did on-chain governance play a role in the exploit? • 1:24:16How did this go from a BIP proposing $250K to be sent to Ukraine to the exploit? • 1:25:32 If Beanstalk is going to issue a new token will it default on the pods/debt? • 1:27:00 How should the Pod Line be ordered with new capital? • 1:31:02 What will Beanstalk Farms look like operationally moving forward and what is needed from the community? • 1:35:03 Do you know Jack Niewold? • 1:36:21 What was the motivation behind the governance mechanism and the design? • 1:45:20 Are there any proposed code architecture changes? • 1:47:02 What is on the table related to the Silo and Field for future and current investors? • 1:50:21 What’s the incentive for an outside investor to fund Beanstalk vs. any potential fork? • 1:53:38 How will conversations with outside investors take place if Publius are not the leaders of Beanstalk? • 1:55:58 Is it possible to have a Head of Security for Beanstalk? • 2:00:02 Was there a bug bounty in place at the time of the exploit? • 2:02:24 Is there going to be any attempt to negotiate with the hacker? • 2:05:09 Would Beanstalk take corporate money? • 2:09:36 How does Beanstalk keep to its roots? • 2:12:14 Is there anyway to track down the lost funds? • 2:16:00 Who takes responsibility for the exploit? • 2:24:28 What did and didn’t Omniscia audit? • 2:27:34 Have team wallets ever been made known and did Publius lose money during the exploit? • 2:36:05 What has been decided relative to forking or continuing on with the existing contract? • 2:38:31 Why does the $76M lost not matchup with the TVL of the Protocol at the time of the exploit? • 2:39:50 What is the plan for talking to VCs? • 2:41:03 What is the thought around defaulting on all past debt and starting fresh? • 2:43:54 Who will the losers be if this protocol goes down? • 2:50:57 Will development continue even if the team isn’t paid? • 2:51:45 How much is needed to reboot Beanstalk? • 2:53:22 When would the snapshot be taken for stalkholders? • 2:55:57 How to prevent a run on the bank if Beanstalk restarts? • 2:56:46 What are the current strategies that have been discussed for compensating Silo and Field holders? • 2:59:55 What would the pitch to a VC look like? • 3:03:00 Possibility to raise liquidity from community itself? • 3:05:38 Ideas for specific protocols to approach? • 3:08:14 Now that Publius has been doxxed what do calls look like moving forward?
- Recordings
- Notes
- Publius prepared statement and explanation of what happened
- What are the next steps here for Beanstalk, like fundraising?
- How much responsibility does Omniscia here?
- Investor outreach and haircuts
- Does Publius consider themselves the leaders of Beanstalk?
- Has Beanstalk reached out to organizations other than the FBI?
- Will Beanstalk need to provide a new token? Was the exploit actually illegal?
- How will voting take place if nothing exists in the Silo anymore?
- What types of backgrounds do the three behind Publius have?
- Was Beanstalk aware of or warned about the flash loan attack?
- How is Publius doing?
- A path forward proposal and discusses with Publius
- Is the pricing on Curve what made this possible?
- Could Beanstalk be restarted with a lower infusion of cash?
- Given everything that happened, should the DAO take control or should Publius take control?
- What should’ve been done to prevent this?
- How much did on-chain governance play a role in the exploit?
- How did this go from a BIP proposing $250K to be sent to Ukraine to the exploit?
- If Beanstalk is going to issue a new token will it default on the pods/debt?
- What will Beanstalk Farms look like operationally moving forward and what is needed from the community?
- What was the motivation behind the governance mechanism and the design?
- What is on the table related to the Silo and Field for future and current investors?
- What’s the incentive for an outside investor to fund Beanstalk vs. any potential fork?
- How will conversations with outside investors take place if Publius are not the leaders of Beanstalk?
- Is it possible to have a Head of Security for Beanstalk?
- Was there a bug bounty in place at the time of the exploit?
- Is there going to be any attempt to negotiate with the hacker?
- Is there anyway to track down the lost funds?
- Who takes responsibility for the exploit?
- What did and didn’t Omniscia audit?
- Have team wallets ever been made known and did Publius lose money during the exploit?
- What has been decided relative to forking or continuing on with the existing contract?
- Why does the $76M lost not matchup with the TVL of the Protocol at the time of the exploit?
- What is the thought around defaulting on all past debt and starting fresh?
- Who will the losers be if this protocol goes down?
- How much is needed to reboot Beanstalk?
- What would the pitch to a VC look like?
- Transcript
Recordings
Notes
Publius prepared statement and explanation of what happened
- A very humbling set of circumstances have brought us here. We have gotten rid of the voice modifiers. We feel it is in the best interest of Beanstalk moving forward for us to disclose who we are. We hope that doesn’t become the focus, but in the spirit of honesty and transparency, we don’t want there to be any sort of ambiguity about whether we were involved in any way in attacking the protocol, which we were not.
- Speaking is Benjamin Weintraub, one of the three people you know as Publius. The other two are Brendan Sanderson and Michael Montoya. The three individuals are the creators of Beanstalk.
- They had nothing to do with the recent attack on Beanstalk whatsoever. They had no involvement with or prior knowledge of anything having to do with the attack. They don’t know who did it. They have lost a significant amount of money, like the other investors.
- As soon as they learned of the attack, they immediately reached out to the FBI. They informed the FBI’s internet crime center. They have not reached back out to Publius. They intend to cooperate fully with the FBI to try to track down the perpetrators and recover any of the funds if it is at all possible.
- There is an explanation of the attack, a full detail of the attack is on Medium:
- They have paused Beanstalk and immediately removed governance. Trying to evaluate what the next steps are and trying to figure out if it is possible to resuscitate Beanstalk and get it back up and running, and how to do it. And if it is at all possible, they’re determined to make it happen.
- Doesn’t change what happened, but they are all heartbroken about what happened, and the community that has formed around Beanstalk is incredible and means the world to them.
- Beanstalk was working, and we do believe in the value of a decentralized credit-based stablecoin as the key to unlocking DeFi and we still believe in the vision.
- It is a shame that the very governance system that helped the system improve with a dozen or more BIPs was ultimately its undoing.
What are the next steps here for Beanstalk, like fundraising?
- The contract is paused and in an unusable state in the sense that there is no governance facet and a huge amount of the Beans are still owned by the attacker. There needs to be a significant amount of development done to migrate over to a new contract and launched in a similar state to where it was before, independent of the absence of liquidity.
- We need to figure out a way to source liquidity in such a way that there is not an immediate run on that liquidity, and there’s obviously going to be some people that have lost faith and want to sell.
- The protocol could just be restarted and allowed to work as it is, but with the weather what it is and the assumption that it would be trading below $1 for a long time, that doesn’t appear to be sustainable.
- We will need some kind of auction or OTC sale or deal in order to get it back up and running all at once.
- It won’t be something that is restarted in 24 hours. It will take a couple weeks at minimum, and maybe a month or two to get it right, and that’s OK.
- There is still the Trail of Bits audit scheduled for 2 months from now, so it might be best to wait until after that to restart.
How much responsibility does Omniscia here?
- We’re not in the business of pointing fingers, but the exploited code has been there since launch and was not impacted by any unaudited code.
Investor outreach and haircuts
- We’re reaching out to everyone we know who has been involved in Beanstalk or not, and we hope everyone else is doing the same.
- There are a lot of different ways to structure things. Beanstalk has the ability to issue pods or stalk to people providing liquidity in a one off fashion.
- In terms of a rage quit option and then some sort of tiered payback, there is nothing wrong with that, but the primary concern is to source the liquidity and matters of how people get paid back will likely be guided by the capital that comes in.
- Lots of different options, but we benefit from having both an equity side and debt side to work with.
Does Publius consider themselves the leaders of Beanstalk?
- No.
- Beanstalk is a protocol, and the protocol speaks for itself.
- Since launch, Beanstalk has attracted around 50 contributors, and most of them have reached out to say that they’re not going anywhere. Economics aside, we know this is an ugly situation, but the only way to rebuild trust is to be honest and transparent.
Has Beanstalk reached out to organizations other than the FBI?
- So far we have only reached out to the FBI, but we are inclined to reach out to any authorities that are relevant.
Will Beanstalk need to provide a new token? Was the exploit actually illegal?
- There will need to be a new token with a new contract.
- There is no doubt that this is a crime. There was a lot of money stolen from a lot of people.
How will voting take place if nothing exists in the Silo anymore?
- A snapshot can be taken of before the exploit.
What types of backgrounds do the three behind Publius have?
- Beanstalk is the only thing we are working on right now.
- We met at college at the University of Chicago. Brendan has a computer science degree and an economics degree, Michael has an economics degree, and Ben never graduated but was studying computer science.
Was Beanstalk aware of or warned about the flash loan attack?
- BIPs 18 and 19 were the first time BIPS were proposed on chain that Beanstalk Farms was not aware of or a part of. That was a little eyebrow raising. We looked at it and it seemed a little bit weird. It was trying to send Beans to Ukraine. Frankly, we didn’t think much of it. We designed the governance system to be secure against any sort of arbitrary attack, and we thought that it was secure but it was not.
How is Publius doing?
- We’ve been making the joke for a long time when people ask how we’re doing, we say “well, if Beans are at peg, we’re doing great.” That was not the case this morning.
- We wouldn’t be working on something like this if we weren’t optimists, and that has been reinforced in so many ways today.
A path forward proposal and discusses with Publius
- One path forward is that pre-exploit Silo depositors simply retain their Stalk and Seeds, and receive an allocation of future mints as farmable Beans. Anybody interested in coming in to help salvage Beanstalk wouldn’t want to be used as exit liquidity.
Is the pricing on Curve what made this possible?
- The Curve BDV function that is used for both the BEAN:3CRV pool and the BEAN:LUSD pool was not the issue or the problem. What was the problem is the amount of Beanstalk assets that were liquid in liquidity pools as a percentage of the total assets. Over the past week, there was a dramatic increase in the liquidity in all the pools and also the percentage of Beans in the liquidity pools. The attacker was able to acquire 67% of the total Stalk because it was available in those pools.
Could Beanstalk be restarted with a lower infusion of cash?
- Even with a larger amount, you wouldn’t want to add it all to liquidity pools to begin with. Some people will want to rage quit or sell their Beans at a discount, and it’s important however the system gets rebooted that there’s an opportunity for those people to rage quit at 1 cent, 10 cents, 50 cents, and so on. So there’s a balance to be struck regarding the strategy for deploying whatever capital is raised.
Given everything that happened, should the DAO take control or should Publius take control?
- If we were handed $50M to restart the protocol, it would still take a while to get the system ready to be restarted. So there is no conflict between acting with the necessary urgency and finding consensus along the way. There is a harmonious working relationship between Publius and Beanstalk Farms.
What should’ve been done to prevent this?
- There needs to be flash loan resistance built into governance.
How much did on-chain governance play a role in the exploit?
- Flash loan resistance is really the substantive change that needs to be made. But there’s not necessarily any reason to back away from the concept of on-chain governance and if the goal is really to have a truly autonomous protocol you need it.
How did this go from a BIP proposing $250K to be sent to Ukraine to the exploit?
- There were two BIPs proposed back to back and one of the BIPs was verified on Etherscan to donate to Ukraine, and it seemed like both of the BIPs were actually the same BIP. That’s what it seemed like, and so it was relatively innocuous from that perspective because it seemed like they just proposed the same BIP to mint Beans to Ukraine twice. And that’s why it didn’t raise any red flags.
If Beanstalk is going to issue a new token will it default on the pods/debt?
- It’s an open question and one of the substantive things that the DAO will vote on.
What will Beanstalk Farms look like operationally moving forward and what is needed from the community?
- It is unclear, because Beanstalk Farms contributors were paid in Beans printed via BIPs and now those Beans are worthless. The short answer is that people who are going to keep working on Beanstalk Farms are going to do so more or less on a voluntary basis.
What was the motivation behind the governance mechanism and the design?
- The desire to have a fully on chain governance system was so that the system could run autonomously. Beanstalk as originally designed was not working. It took the BIPs that were implemented in order to make Beanstalk continue to work. What changes would need to be made to Beanstalk at the time was unclear, so from a practical perspective it was a necessity for the system to be changed somewhat arbitrarily.
What is on the table related to the Silo and Field for future and current investors?
- Everything is on the table, from launching a new diamond contract unencumbered by any obligations, to trying to honor 100% of the current obligations in some form. There are no right answers at the moment. It’s a matter of what the community gets behind.
What’s the incentive for an outside investor to fund Beanstalk vs. any potential fork?
- The short answer is the credit history. The fact that Beanstalk has a history of paying back its debt is not insignificant.
- Previous attempts at credit based stables have never really gotten out of the launch phase, and the current model wouldn’t be prepared for a launch under current conditions.
How will conversations with outside investors take place if Publius are not the leaders of Beanstalk?
- We’re here, and we’re doxed. We’re going to be involved, but we invite everyone to be involved. We don’t want Beanstalk to be reliant on any individual or group. It will remain a group project.
Is it possible to have a Head of Security for Beanstalk?
- It is possible, but they are hard to find. Most qualified people are working for auditing firms or are hackers themselves. Hopefully somebody comes forward.
Was there a bug bounty in place at the time of the exploit?
- There was not. It was being looked into.
Is there going to be any attempt to negotiate with the hacker?
- All options are on the table. Right now we’re trying to consult with lawyers to do that properly.
Is there anyway to track down the lost funds?
- There is a firm that does on-chain analysis that reached out to Beanstalk Farms, and they’re starting to look into it. We are trying to get as much help as possible to track these funds down and recover them if possible. But at the same time, it’s prudent to proceed as if the funds are not recoverable, and then if they are that’s great.
Who takes responsibility for the exploit?
- There is a certain amount of shared responsibility due to the nature of the project as an open source experiment. Everyone involved in Beanstalk has tried to ensure its success collectively, and outside experts were brought in with the audit, but all that was obviously not good enough.
What did and didn’t Omniscia audit?
- The code that was exploited was the emergency commit functionality for BIPs, which has been there since launch. Omniscia audited a commit hash through BIP-7 and it’s really a question of why wasn’t the whole contract audited and we tried very hard to get them to do that, but in the end they insisted on a commit and any future upgrades that happened.
- They said that the whitelisted assets that were added via other BIPs were used in the attack, but that was not the thing that was exploited. The code that was exploited was present on the initial audit.
Have team wallets ever been made known and did Publius lose money during the exploit?
- There are published wallets on chain and there are other wallets that we individually have that thus far have not been disclosed. We individually lost a lot of money today.
What has been decided relative to forking or continuing on with the existing contract?
- Nothing has been decided at this point. The thought is in the short term to see if there is interest in resuscitating this from some VCs, and if there is the question is how to make that happen.
Why does the $76M lost not matchup with the TVL of the Protocol at the time of the exploit?
- The TVL included the value of the Beans at the time of the attack, but the value extracted only counts the non-Bean assets.
What is the thought around defaulting on all past debt and starting fresh?
- It’s not clear what the best option is, but our inclination is that there’s a path forward where all the pods and all the stalk are honored.
Who will the losers be if this protocol goes down?
- We would disagree from an economics perspective that it’s a negative sum system and in order for some people to make money there would have to be others footing the bill. If Beanstalk is successful, it will be a significant source of value creation.
How much is needed to reboot Beanstalk?
- There is no theoretical minimum.
What would the pitch to a VC look like?
- The positioning is that there’s a credit history that Beanstalk has, which if it’s able to successfully use its mechanisms to return to peg, the sky is the limit. They can backstop the credit for the short term and put the system in a really good position moving forwards such that they’ve created a lot of value for themselves as stakeholders.
Transcript
hello publish hey dumpling how are you i'm good i'm good all right ready to take it away okay so a lot to talk about uh you know we have sort of a prepared statement we're gonna read uh and then want to open it up to questions and comments so uh you know it's a very humbling set of circumstances that have gotten us to this point in time uh you know we've lost the voice modifiers obviously uh we think it's in the the best interest of bean stock moving forward for us to disclose but we are we hope that doesn't become the focus here but in the in the spirit of honesty and transparency you know we don't want like a we don't want any there to be any sort of ambiguity about whether we were involved in any way in attacking the protocol which we were not so we're gonna disclose who we are and then kind of talk about what happened and then open up the floor and try to talk about next steps so um you know my name is benjamin weintraub uh i'm one of three people uh that we you guys know us as publius uh the my my two other friends uh brendan sanderson and michael montoya uh we are who you have previously known as publius uh we are the individuals who created beanstalk and you know it we're sorry to introduce ourselves to you guys in in in these circumstances um despite our commitment to decentralization and really trying to have beanstalk uh not have a head in any capacity and really just run by itself uh we've decided to disclose our identities because of what's happened over the past day so uh you know [Music] it is what it is um it's important that we say explicitly we had nothing to do with the recent attack on beanstalk whatsoever we had no uh involvement with we had no prior knowledge of uh anything having to do with the attack whatsoever um we don't know who did it uh at the moment uh like all other investors in beanstalk uh we lost a significant amount of money uh this morning when the hack occurred and uh you know it's it's very much too bad that this has happened um so the as soon as we learned of the attack we immediately reached out to the fbi uh they have not reached back out to us but we informed the fbi's internet crime center uh for about what happened and you know we intend to fully cooperate with with with the fbi to try to track down the perpetrators and if it's at all possible to try to recover any of the funds uh that were stolen uh in this attack so at this point just to state it uh here is at a high level and we did type this out in a message but just to state it for everyone listening here's our understanding of what what happened with the attack so uh an unknown ethereum address deposited approximately 212 000 beans into the silo uh a couple days ago and this is the attacker's address and that allowed them to the deposit allowed them to acquire enough stock to propose a bip because you need at least 0.1 percent of all stock to propose bips and they proposed bips 18 and 19 on chain yesterday and there was a lot of uncertainty as to what bips 18 and 19 were it was the first time that there had been ever a uh bip that was proposed that beanstalk farms was unaware of at the time it was proposed it was definitely like a weird circumstance and uh you know in short uh it seemed uh that the bip or biffs were both to donate 250 000 beans to the ukraine and we thought it was very strange uh but you know we we didn't uh we obviously were not aware of what was going on uh or what what what attack was in progress so 24 or a little over 24 hours after the dips were proposed uh because that's the minimum time for a super majority vote to pass the the attacker took out a flash loan of a billion dollars and uh acquired as many white listed assets for the silo as possible deposited them all in the same transaction uh and then uh in doing so acquired enough stock to commit the bip that that they had written uh to basically perform arbitrary actions on beanstalk and that facilitated them to withdraw all of the the assets from the protocol and they were able to then liquidate all of those assets and drain all of the liquidity from the pools and it ensured you know all of the value uh the the non-beanstalk value in the protocol which was uh you know around 80 million or so uh all of that was stolen this morning so uh that's obviously terrible and we are we're gonna do everything we can to to try to you know figure out who did this and bring them to justice but uh yeah obviously there's a history of how these attacks have gone in the past and it's you know it's it's an ugly situation so the i think the what else uh basically here's here's what's happened since the attack um so we used our publius we used our ownership privileges of the smart contract to do two things we paused beanstalk uh and we immediately removed governance so at the moment uh the protocol cannot be attacked but it remains to be seen what the path forward is because there's no funds in the liquidity pools and the system is paused but it could be unpaused but fundamentally there's an economics problem of there's no there's no money in the liquidity pools and given that beanstalk is not collateralized the value of the beans are really dependent on there being sufficient liquidity in the pools and that's where you know that's where this ultimately creates an economics problem that we face at the moment so uh we're all continuing to evaluate what the next steps are uh moving forward and we're trying to figure out if it's possible and if it is possible how to do it uh to resuscitate beanstalk and get it back up and running and if it's at all possible we're you know we're determined to make it happen if it is so we're we're evaluating what we can do um you know it is not uh it doesn't change what happened uh but it is just we do want to say uh that brendan michael and i we are all really i mean distraught might be an understatement we're we're heartbroken about what's happened uh you know the community that has formed around beanstalk is incredible and uh means really the world to us and uh to say you you know the community has been the the primary place we've been deriving our meaning from uh for the past nine months or so since launch might be an understatement so uh we love all of you and er are just torn up that this has happened um you know the the the nine months prior to launch we're like you know we put put our blood sweat and tears into the protocol and since it launched we've just we've tried our best to to to support the community and get beanstalk farms and being sprout uh off the ground to facilitate a really decentralized development process for beanstalk and uh it was it was working and you know that's the that's the pill that's particularly difficult to swallow as things were working and uh we we we we really do believe in the value of a decentralized credit-based stablecoin and uh despite what's happened today we think that that's still what the key to unlocking the potential for defy is and uh one of the reasons we also want to just disclose who we are is so that there's not this you know this overhang of of of over credit-based stable points in any way like we we believe in the vision and we want we want it to succeed as much as possible and we really don't feel like this is about us so we just want to do what we can to to put being stuck in the best position to succeed if it's possible going forward um so you know what else uh beanstalk and i think all of you know this but beanstalk was designed and implemented as an open source and decentralized system that could be improved over time via on-chain governance and it's unfortunate that the same governance procedure that facilitated the adoption and implementation of like a dozen or more than a dozen bips that uh really put beanstalk in a position to succeed was the thing that was ultimately its undoing so uh yeah the whole thing is a very humbling experience and uh we understand everyone will have lots of questions and we will do what we can to answer those questions uh as as honestly as we can and also acknowledge this is a really tough time for people that lost money and that's really hard um and we just want to say thank you to everyone that reached out to us to encourage us and your guys words have really have really meant the world to us uh on a very difficult day so uh we we remain committed to you guys and hope that uh as much as possible this uh this fuck-up does not uh ruin what what's been created and recognize that at the moment uh it appears that that might be the case so uh with that you know want to open it up to questions and comments and you know understand that this is uh this sucks so uh you know with that being said uh thank you all for listening to us i'll just kick it off with you know i know there's been a lot of conversations today about possible next steps and plans for for moving forward no also in the past you've mentioned how um bootstrapping in stock from the ground was harder because of your anonymous status can you speak a little bit to you know how you now that you have you know um come out with your you know with who you are you know is there any way you can leverage current you know connections or anything like that and also just opening it up a little bit for you know where you anticipate you know what some next steps options really high level you know might look like so to answer your second question first dumpling the starting place is what is the current state of beanstalk so the contract is paused and is in somewhat of an unusable state in the sense that there's no governance facet and a huge amount of the beans are still owned by the exploiter or attacker and so there's going to need to be a significant amount of development done to migrate over to a new contract at the minimum and to get this launched back up in let's call it a similar state to what it was in before independent of the absence of liquidity so let's just assume theoretically that the distribution of pods and stock and potentially deposited beans can be fixed uh it's unclear at the moment exactly what what can be done uh but but assume that that's the case the main problem still remains and this is the substantive point that there's still an absence of liquidity which again is where beans derive the majority of their value and so the the point is we we as a community need to figure out how we're going to source liquidity and reseed the pools in a way that doesn't doesn't facilitate like an immediate run on that liquidity and there's obviously going to be some people that have lost faith and want to sell and there's you know beanstalk is an open system that anyone can do that but the point is and this is one of the reasons we also want to come forward as much as we can minimize the the loss of faith in the system assuming that there is some sort of plug in the liquidity we really do want to try to you know face this head-on and minimize the amount of bud that's out there so let's say that that the the fundamental problem is seeding liquidity now again the other problem is trust but if we can fix the trust problem which is what we're trying to do in part by talking now um obviously doesn't fix all of it but let's assume that we can get some people people are not all going to lose faith in the system and uh based on the the response from a lot of the people that we've been speaking to today uh people seem very encouraged to continue so then the fundamental question becomes how do we source liquidity and on the one hand there's something to be said for as the protocol beanstalk could just kind of function as normally and do it really slow and steady to a slow burn would probably make the argument that at the current weather that might not be the most sustainable solution because the expectation is that the price would be trading below a dollar for a while and you know at the current weather it's unclear how long that could be sustained and so instead the question is how can we all at once kind of reseed things and get things going off all at once there would likely have to be some sort of auction or some sort of otc sale or deal that the dow cuts to a group of people that are willing to to seed some of this liquidity there's a lot of different options to be considered both from an economics and a capital perspective but uh they need to be more thoroughly fleshed out uh you know both from how the the system will work to make sure that everything is distributed in a way that uh is sustainable uh and again uh will will sufficient will still be sufficient to attract the liquidity that the system needs to restart basically so we have and to your to now answer your first question dumpling uh and this is only semi-related to to disclosing our identities uh whereas before when we launched beanstalk we were really committed to building the whole network from the ground up and launching it clean uh and trying not to leverage our personal network as much as possible uh based on the the turn of events over the the the previous 24 hours or i guess today um that no longer seems like prudent behavior and so in short we've and there's i mean there's no promises whatsoever uh but we're we're trying our best to see uh if there's any way whatsoever to source this liquidity and there's some other community members that are also doing their part to do that and they may want to comment on that as well but the point is uh this did just happen today and this isn't something that's going to get restarted in 24 hours it's going to take a couple weeks at a minimum maybe a month or two to get this done properly and that's okay um there is still the trail of bits audits scheduled for just about two months from now and so maybe there's something to be said for restarting after having trail of bits audit the code um like we're not inclined to rush it given that currently there's nothing to rush if that makes sense so we're we're committed to trying to get this right but wanna wanna wanna take the time to work with the community to make it make it make sure that we're pursuing the optimal the optimal solution for beanstalk okay thanks for that um i'm bringing up i did a question order in the chat i'm bringing up helen now to ask a question ellen go ahead helen we can't hear you yet let you know when we can i'm not i forgot about the push to talk talk uh it's hilar we can hear you now go ahead can you hear now can you hear us can hear now i had a two-part question one was how much responsibility does um uh omniscient or however you say it have and then the other was what happened to the retainer that that they had to audit future bips yeah so in terms of responsibility we're not in the business of pointing fingers uh we did take a look at the report that they published and didn't feel that it was a genuine accounting of what occurred uh the the the emergency commit function that was exploited has been there from launch uh and it's been in the white paper since launch and there was nothing that changed in any of the code that has been unaudited to affect that um but you know they're going to say whatever they want to say and that's that's okay um with regards to the retainer the short answer is the the hope was that they were gonna continuously audit beanstalk and get them up to the current version of beanstalk as soon as possible in reality what happened was uh omnisha took a very long time we originally were were supposed to have the uh initial report in like like december and we didn't get it for a long time and the short answer is we didn't feel like it made sense to just stop developing beanstalk for the audit which was just taking forever and so uh you know beanstalk beanstalk farms continued to develop bean stock in short and when the initial audit went live uh beanstalk farms was as transparent as possible that beanstalk was audited through bip7 which was the vast majority of the code and again included the part of the code that was ultimately exploited so um the there have been some changes to the code uh since bip7 went live that are not audited um and the hope was to get those audited as soon as possible we've been harassing omnisha to try to get that done asap um but the short answer is uh there's a large shortage of auditors in the space and it's very hard to get them to to do things in a timely fashion and given the state of being stock in the way that it is being developed uh we we didn't really feel like it made sense to stop developing it all together and you know we tried to be as transparent as possible about that awesome thanks okay gonna bring up smokey go ahead smokey hey fellas you know that i can hear you okay i can hear you go ahead yeah alrighty um hey guys so you know two questions one on its head um you know has there been any outreach or any conversation with folks who would be able to fill this liquidity gap at the moment whether that's you know vcs market makers or you know high net worth individual slash anything in between um and two can you conceive or you know how do you guys feel about a design um similar to that which was discussed by some members of myself a little bit earlier today which involves basically giving people a haircut rage quit option along with a progressive unlocking option followed by a period during which you know you try to get the bean printer back on and the people who provided that liquidity to um basically get back to peg or you know let's say 50 cents or 75 cents even before the market comes in um are basically made whole by being interspersed along the pod line and diluting existing pod line holders um my my thought process here is that you know there's a few things to balance one is of course narrative and mind share given how quick the d5 space moves and you know how two months is kind of an eon and even waiting for an audit two in in you know maintaining community trust and avoiding another sort of like being winter uh and three and ensuring the pod line doesn't spiral out of control such that it's you know above a billion or something and then people are worried about the protocol never paying out so um you know would appreciate any thoughts there primarily with you know how does how is vc or funder or liquidity provider interest looked here and do we know what incentive structures they might be into so to answer your former question we're recalling the whole rolodex if you know what i mean and uh that's not to say that we're the most connected people in the world um but we're we're every every everyone that we know that was part of beanstalk and was looking to support it and is continuing to look to support it and people that were not previously supporting beanstalk but might be interested in sort of a one-off opportunity here uh we're pursuing all options and would encourage people that also have their own uh network that might be interested in this to to to present them basically um we're we're gonna pursue all options on that front uh with regards to what what that might actually look like uh there's a lot of different ways to structure it and in short beanstalk has the ability to issue pods and there's also in theory bip the ability to issue stock uh for for a discount or for providing that sort of initial liquidity in a one-off fashion and with regards to the idea of having a rage quit option and then some sort of tiered system uh you know over time there's nothing in practice wrong with that uh but in reality that would be a secondary question after you know where you're sourcing this liquidity from so uh and would likely be guided by the capital that is interested in coming in on that on that front if that makes sense so uh a lot of different options to potentially pursue here uh but the i think there's a lot of the beauty of having both uh an equity side of things and the debt side of things is there's a lot of flexibility as to how beanstalk could structure this um but these are unique unique circumstances so it's unclear how the structure might work in practice depending on who the capital is yeah i i get what you're saying i think one thing i'll just push back on a little bit is that i think a lot of people at the moment are still sort of unfamiliar or foreign to the to the equity vehicle almost here in terms of like the value of stock seed and how that plays into the wider ecosystem and i imagine that most vcs evaluating on past performance will probably be looking at okay how do i ensure that i get bean over bean returns in terms of either you know from some silo tax or the pod line or whatever and i at the moment apart from trying to fuel copium or opium i you know i like i find it hard to imagine a scenario where the community like where there's enough capital coming from the community itself to close that gap without being turning into a [Â __Â ] coin along the way right like i guess that what i would ask you guys is do you think it's feasible to act on this in a short time frame such that you know the momentum that was building up to generalize minting etc is actually maintained to some extent with the right capital infusion um while also noting that a solution that works here will probably end up in one where you know the vcs win the most but or you know capital providers whatever you want to call them win the most but you know the community doesn't go to zero so the the short answer is it's unclear what the best way to structure it is but i think that particularly if you look at the structure of pods for example it's very clear that if you define at what it give at a supply when the pods will mint um there's like a way to price in how much of the system bean stock how much of beanstalk anyone is is buying and so don't necessarily feel like from a long-term perspective the integrity of the economic model needs to be compromised in this in in this juncture if that makes sense as opposed to a one-off sale of a whole bunch of pods for example that until all of this set of pods are redeemed uh you know will receive one-third of all mints going forward so the old pod line will receive a third stockholders will receive a third and uh the new pod holders will receive a third for example and then it's like there could be an auction mechanism to figure out how to fairly distribute the pods in the new line in an economically efficient fashion um but that's not going gonna happen immediately so to answer your question around momentum uh you know there's momentum from an economics perspective uh because the model was starting to work and the hope is to parlay that forward but there's no momentum on like an hour to hour basis this is in order to get this right it's going to take at least a couple days to find the capital and to figure out how to how to structure this then it's going to take at least another couple days to facilitate at least another couple days to facilitate a governance vote on this from stockholders and yeah it's very unclear uh it's very unclear how the how basically this will all come together but i think that there's a very strong argument to be made that for the for the right investor there's this is a [Music] a unique alpha opportunity so don't think that all hope is lost um if you kind of run a little bit of napkin math uh prior to being exploited the the total bean supply was something like 108 million beans and so in practice uh let's say that the amount of liquidity that needs to be raised to be trading against all of those beans at a dollar and that's you know close to the upper limit let's call it you'd need 108 million dollars and in reality particularly if you assume there's some a retention of faith in the system and not everyone is running for the exits uh you don't necessarily need uh all of 108 million per se um so so the number might be something and we're making this up and it might be something closer to like 50 million dollars where if there was a way to gradually deploy the 50 million dollars into liquidity after beanstalk was had its state restored to some extent uh where there was an opportunity for people to uh sell their beans uh at a discount let's call it to start you wouldn't want to immediately return the price to a to the peg per se because there are certainly some people that would be inclined to sell their beans below a dollar and one of the core tenants of how beanstalk works is being stuck it's happy for them to sell below a dollar if they want to so the question is how do you deploy liquidity in a way that is economically efficient and that's another thing that's a little bit unclear at the moment and how do you do that in a decentralized capacity maybe you don't and maybe just whoever the capital is announces that they're going to deploy the capital and over what time period they're going to do it and then they just do it and then they're you know it could be some sort of unique fundraiser struct uh or contract where there was this unique set of pods and once the fundraiser was completed the beanstalk beanstalk could restart or something like that you know there's there's a way to build this out uh where there's a path forward but at the end of the day uh it's a little bit unclear what that path forward looks like uh it is clear that the fundamental limitation is a capital problem at the moment and one of the you know live by decentralization die by decentralization one of the things is that beanstalk has not been backed by venture capitalists from the back from the beginning and while there certainly seemed to have been a lot of larger inflows of capital recently such that hopefully there is some larger interest in being stuck at the moment uh there is no you know there is no angel coming from the sky with 50 million dollars that's just like oh we love being stuck and we're gonna save this thing uh a lot what for example happened with wormhole so we do need to think about from an economics perspective how can the system uh incentivize or attract a minimum of around 50 million dollars of liquidity uh and to have it deployed in a way that is uh uh efficient to effectively you know to facilitate the the restarting of the system to some extent yeah i think we're like very broadly on the on the same page on many of these points the only reason i mentioned a rage quit option is with the same eye towards you know being being willing to to have people sell below peg i saw it as a means of accelerating that and then perhaps reducing the not the amount of capital that actually needs to be raised because i think that it's a lot easier to raise 10 to 20 mil or you know 10 let's say if if let's say 60 or whatever people rage quit right and then get halfway to peg or something than it is to raise like they're two different they're not actually different magnitudes but on a fundraising scale they kind of are right well it's funny it's like beanstalk kind of went through this already when it was the 24 cents and it's like how do you how do you rebuild from this and while the the order of magnitude has changed to a large extent because the there's 700 million pods outstanding and there's 100 million or so beans that were outstanding prior to the attack at the same time there's nothing from an economics perspective that says if being stock can't now continue to attract creditors um it won't be able to return the price to the peck and so now it's really you know and there is something to be said for and the like purest in us kind of likes the idea of just letting the system start to run again kind of as is and and letting it rebuild from ascent and letting the core credit mechanism work its magic um but think that it would be great to have some sort of uh jump start or inflow of uh explicit influence capital from some somewhere uh that reinstilled confidence in the system such that uh the the negative feedback loop was limited as much as possible but uh at this point there is going to be a large amount of art uh as opposed to science associated with uh you know get getting this thing back up and running in a smooth fashion so and again the first question is a lack of capital yeah i i thanks uh for answering my questions man um i guess my last point would only just be i think that the the time scale that this is done within in terms of like community trust slash broader crypto narratives um probably matters more than than a purist might might wanted to uh put like bluntly well agree with that we're we're inclined to get this up as soon as possible so the purest has nothing to do with the work this is a practical matter okie thanks for all your time today and and you know in brainstorming and thanks for your good questions also for sure man if you want to come up later and ask another one uh you know just just raise your hand i'm going to invite astra bean on the stage who's next in line mastermind hey everybody uh publius a question for you can you guys hear me i can hear you yes great do you guys this is more of a philosophical question do you guys consider yourselves the leaders of beanstalk i'm referring to publius here no no okay so so then how do we think about whose responsibility it is to kind of get this thing off the ground it's like i understand what you guys are saying and pardon me if this is mean but like you know we have people who are out tens tens to 100 million dollars here and like i get the i've raised a ton of money in equity and like this is to me not just an economics question like i get your point and that you guys are heartbroken but to me this is a trust question this is should people trust you guys and this community and the protocol and if there's no leader and if there's no group of people that's going to stand behind this like how do we expect people to really continuing to put capital into this well to that point while we were discussing what to do here in next steps uh some of our community uh really emphasized the point back to us that being stuck is a protocol and and this was particularly in the context of the discussion of whether to disclose our identity and their attitude as well beanstalk is a protocol and the protocol speaks for itself and it's not about you know publish and we we would agree with that so at the same time uh there there there does need to be i mean there's two separate points you you you really raised one is about trust and one is about how to move forward uh with regards to trust yeah it's difficult and this is an ugly situation and uh there's there's nothing we can really do other than to try to be as transparent as possible uh or at least that we were aware of to to to boost any sort of trust in beanstalk or the system in any way so we're we're just trying to do our part to that point because we recognize how important that is and with regards to kind of where where to go it's like well yeah it's it's it's it's difficult to you know in short your your i mean your point is well taken that this is a lot of people have lost a lot of money and it's it's more than an economics question it's a question of well how do we how do we rebuild this and think that the point is uh beanstalk since it was deployed on mainnet has been able to attract something like 50 contributors that are working constantly to work to make beanstalk a reality and the vast majority of them reached out to us today to say we're we're ready to keep working on this stuff if you guys are and our attitude is you know economics aside which again from our perspective is the main question economics aside we're not going anywhere and the main point of you know trust is like we wanna we wanna say that uh as openly with our hands raised as possible that we're not going anywhere so recognize this is an ugly situation and uh feel like the only way to the only way in ugly situations to instill trust is to be honest and i appreciate that and i'll close it out now because i'm sure other people have questions i'll just leave it with candidly like i think that makes you guys leaders if you guys are running the team and what i would have expected from you guys tonight is hey not i'm heartbroken but i'm sorry and we take accountability for what happened because what it seems like basically nobody's taking accountability for this and i i get that that sucks but there's no way i'm putting a penny more in this thing unless we somebody takes accountability i'll leave it there thank you guys so you feel that way okay uh next question is uh rusty gee who um is had to leave but uh here stock is international have you notified authorities in the eu uk have you noticed interpol cyber crimes divisions americans only reliance on tracking hackers down is short-sighted thus far thus far we've only reached out to the fbi but you know we're inclined to reach out to any authorities that that are relevant i'm actually typing that to him in the dm because he uh he said he got some reason he can't yeah um okay sorry next person up hey what's going on can you hear me we're here we can hear this live right on dude um so is it the case right now that potentially like what are we gonna call this dude the exploiter i guess what his name would be like has a bunch of bean would that be correct or a bunch of beans that is correct all right so isn't it um actually like a problem to restart this protocol without issuing another token because he could just dump if liquidity returns that's exactly correct so that's one for a new contract to be deployed with new tokens okay right on i think i missed that part and then one more question and this is more of a legal question is technically is what this person did even illegal considering there wasn't a hack or alteration or malicious code introduced into the code he pretty much used the governance strategy or structure to his benefit he or she yeah there's no doubt that this is a crime there's a lot of money stolen from a lot of people okay all right thank you all righty uh pull up uh john and i'll give a new order since we're getting to the end of my list pulled uh on stage as well i'm actually smokey actually asked pretty much everything i wanted to ask i did have one follow-up on that uh i know you mentioned introducing uh putting putting things to a vote but how are we going to be doing that if nobody has any anything in the silo anymore how are we going to vote well the basic idea would be that there's some sort of deployment of a new beanstalk where there's a redistribution of stock based on the prior to the hack or honestly before that even happens there could be a snapshot of stock prior to the attack and then a snapshot vote taken so uh in terms of like immediate next steps there's a way to probably just take a snapshot and get a straw poll from stockholders on what to do but then in terms of long term actually like like taking decentralized steps to fix this and implement a fundraiser or whatever it may be um you know it's it's that that would have to happen via a doubt an unchanged vote and all the stock is still unchanged so there's nothing to be said for like why we can't why we can't do that currently now that you do have the problem of the beans there's like a ton of beans owned by the attacker so that's still outstanding and therefore uh you probably still need to move to another chain but the idea is that the stock distribution is not corrupted i see and then i i know i said i only had one question but something else just popped up in my mind uh do we have the time go ahead uh i'm i kind of missed this but i think you guys kind of published your names earlier is that true yeah that's correct and we'll be publishing a statement with all that too as well uh and if you don't mind me asking what type of background did you guys have do are you do you have any sort of stake in other projects or is being the only thing you're working on right now so bean is the only thing we're working on you know that might be an understatement like this is our our heart and soul right and with regards to our backgrounds uh you know there are three of us uh i you know we basically went we met at college at the university of chicago um uh brendan who uh you know he has a computer science degree and an economics degree and michael has an economics degree and i never graduated from college but i was studying computer science so that's our background basically and then one last question uh given all that has happened uh it did at any point or were you at any point worried about this flash loan attack or were you notified about it i know people said in the chat that they did warn the deaf team about this but i mean i'm not really sure if that's true or not just looking for kind of some sort of comment yeah so bib 18 and 19 when they got proposed on chain the website did display them and you know that to restate that was the first time that there had been bips proposed that beanstalk farms was not aware of or a part of and uh you know that was in and of itself eye raising uh and or eyebrow raising and so you know we looked at it uh it seemed a little bit weird uh it was trying to donate beans to the ukraine and you know frankly we didn't think much of it um we we we've we designed the governance structure to be secure uh against any sort of arbitrary attack and we thought that it was secure and it was not secure so uh you know that we thought that it was and you know that's basically what happened but we we looked at it and didn't think that there was anything to to be scared of uh and yeah it's it's it's tough so what what was it an oversight i guess on your part or because it as far as i understand once it's been proposed it can't really get modified right i i i i wouldn't say that it was an oversight um you know there's i know we're all decentralized i'm not trying to make it sound like it's well it's only on you right it's it's a vote at the end of the day i'm just i'm just what what i'm trying to understand is if it was out there for i believe somebody said over a month right how did nobody see the month what was out there for a month the bit maybe no this this this bib was proposed yesterday okay okay so then that that kind of changes all right well that that's all i had then thank you so much for your time thank you for your questions john john um next we'll go with uh boss fee hey guys just wanted to check in and see how you're doing i know it's been a tough day i don't have a lot of questions but really just wanted to say hey it's good to hear your real voices uh wanted to just hear from both of you how you're doing and just to let you know that yeah [Â __Â ] happens but uh i'm very much here in your corner and want to help you rebuild beanstalk well asphy we appreciate that tremendously um yeah today was a very not the best day we've been making the joke for a long time when people ask us how we're doing it's like well if beans are a peg we're doing great and that was not the case when we woke up this morning so um yeah we've been better and we've been worse but um we i mean frankly the words that you're saying are they're very humbling that you after after what's gone on you'd be interested in continuing to work on on developing beanstalk and that's a sentiment that's been widely echoed to us over the past couple of hours it's uh we're i think you guys know based on the fact that we would spend our time working on something like this that we're optimists and uh that optimism has certainly been been reinforced in many ways today so uh thank you for your for your kind words asv i'll just last thing i'll say is look uh these are what you're attempting is a very hard problem i mean it's uh you know the history of algos tables is littered with so many crashes uh but we get i i just want to say for myself i get the vision i get the need i get the point that stable coins are this product market fit that you've talked about and i get why you know this technology that we've stumbled into needs like many many many more stable coins that are in great supply and will hopefully bring down borrowing costs so yes um still very much aligned with you and look man i'm a founder as well [Â __Â ] does happen but all i just want to say is take care of yourselves and yeah let's rebuild this thing thank you it's feed that really that that means a lot and you're awesome so thank you um i think you had uh you had a question that you were talking about in the chat um i think it was uh there were a lot of people who wanted to hear more um do you want to propose your question or your sort of proposal that you had there hey yeah dumpling do you hear me okay i can hear you great yeah so um yeah publius thanks for coming out and you know just talking to everybody tonight i was thinking about the path forward potential path forward my thought process is if if we're going to try to salvage this protocol the path forward needs to be clear and it needs to be um something that potential vcs or whales or whoever um would be incentivized to come and try to um revisit and one way i i see that potentially be happening is as you stated uh the exploiter has the funds at this point we can't change that um and you mentioned that the stock could potentially be salvaged in a new reiteration of the protocol so my thought process is across the board all silo depositors would retain their stock and seed potentially if a vc said they want to cut that or you know you know we could determine that as you discuss with potential backers but um since the deposits are no longer in the contract and with the exporter um the new revived bean stock would just have existing silo depositors retain their stock and seed into summit capacity such that new capital that comes in to salvage the protocol does not have to worry about existing silo depositors withdrawing and essentially new capital being their exit liquidity that protocol could have a chance to kind of prove itself again and if the protocol does reclaim peg and bean reclaims peg and demand for bean grows and the protocol mints again well existing silo depositors would have uh their allocation of farmable beans in accordance to their existing or whatever retained allocation of stock and seed that comes with the new revived beanstalk i don't i can only see me personally i don't see any other path forward working except for this and i say that because of the fact that you can perhaps 100 expect that anybody that comes in that's interested in potentially solving you salvaging this doesn't want to be exit liquidity for everybody else um i think we can do this i i think the protocol to me personally i mean the reason why i was attracted attracted to it uh when i first discovered it at the end of last year uh it it the ethos and everything that comes with it reminded me of the early days of ethereum um working with everybody here in the community talking to everybody here there's just not a lot of projects in d5 right now that embody that ethos i think it's pretty obvious by the audience here with almost 500 users that people want to see what a path forward would look like this is one option that i think would potentially work and that new capital would be interested in um sign me up for it that's i'm just putting my name out there as far as i'm concerned my cellular deposit is already gone but if i have a chance to retain some allocation of my stock and seed well so be it and that's the price i'd be willing to pay if it means that new capital doesn't have to worry about me being their exit uh exiting on their liquidity so that's just my two cents and i hope that the community can get on board with that because i don't really see too many other ops at this point we can still continue to try to pursue the exploiter in the various uh you know methodologies that considering but we need to be practical here we don't have much uh negotiating power and nevertheless i think the d5 community is going to look at this protocol and they're going to say if this community can sign up for this as a collective then this is something worth salvaging if ethereum could overcome the dow fork we can overcome this that's just my two cents agree with a lot of what you said incubate and we think uh there's a lot of elegance to the idea of what you're proposing right uh to date the only way to acquire stock is to buy and deposit white listed assets and those whitelisted assets have now been stolen but uh there's nothing to be said for your stock has been forfeited right and so they're you know in theory yeah what you're saying makes a lot of sense thank you and i hope that the community could get behind that because i think you know and again there's no need to rush in this but i would appreciate people's feedback and you know hopefully if we have a town hall or community call on tuesday as we've typically done um we can maybe revisit this but i would be um you know appreciative of others feedback and um a potential path forward here and i was actually inspired by mark is up here on the on the stage now mark said it earlier in the discord ethereum came you know overcame the dial for and you know we can overcome this we're not you know this can be done but we're going to have to you know take some bitter medicine right now but if that's what we don't all do then so be it we've already taken it the exploiter has the the money right we can't change that but what the thing what we can change is the methodology and the path forward that we would pursue here and the signal that we send to the rest of the defy community the vcs to big whales etc that this is a project we're saving there's a community and there's a brand behind it and i would encourage everybody to stand by that because multiple options are just not going to look good in my opinion to vcs they're not going to want to deal with uh rage quit opting this haircut option that haircut option it should just be a strict across the board this is everybody's what we're going to do we're going to reboot as it is from this point and let's just do it that's just my suggestion and i appreciate everybody's feedback thank you for the opportunity to speak tonight i think uh thanks for thanks for coming up um leave that one there and uh mark you were on the queue earlier and i think you left you came back so i think it would just say you know we're we're excited to participate in that discussion and you know as always we we know that you you've got lots of thoughts to add and on i think on tuesday you know our intention is to have class that's normal to continue this discussion basically okay great uh mark go ahead uh mark can't hear you if you're speaking uh we'll let you get your mic sorted and then uh we'll go to kid quartz for now quartz yeah so to reiterate everyone else's thoughts i'm sure you guys have had a really rough day i think we all have i guess one question that's still lingering for me is would this have been possible to execute in the weak uh beam uni pool because per the point about auditing through bip7 it seems like they did point out a flash lone prone lp evaluation and obviously you guys use pretty unique governance mechanisms right like typically you accrue governance tokens with some sort of outrageous apr or apy over a time period the fact you get all your stock immediately and are allowed to vote immediately sort of set you guys up to be prone to this um and so i just wanted to ask like you know is the virtual pricing on curve that made it possible i haven't looked at that much into the exploit seems like there's a lot of complexity between like fifth 18 and big 19 interacting with one another the contract that was generated during the time of the transaction and i don't blame you guys at all so the short answer is i i certainly didn't anticipate it as an investor you know so yeah i understand it's a great question so this the substantive answer is that the curve bdv function that is used for both the bm3 curve pool and the bean l usd pool was not the issue or the problem what was a problem is the amount of bean stock assets that were liquid in liquidity pools as a percentage of the total assets and so if you ask why didn't this exploit happen before it did well over the past week there's been a dramatic increase in the liquidity in all the pools and also the percentage of beans in the liquidity pools if that makes sense and so that term because what what the attacker needed to do is acquire 67 of the total stock which if they're like the basic point is as the liquidity increased as a percentage of the total bean supply that facilitated the acquiring of more uh more stock uh at a smaller liquidity to bean supply ratio the idea is you basically can't uh you can't apply the attack because you can't acquire two-thirds of the total stock because it's not in the liquidity pools to acquire basically if that makes sense but um because of the dramatic increase in liquidity recently that changed your point is because of the natural accrual of stock over time you could have had 100 of the liquidity at one point or obviously not actually 100 but there's no amount that you could have inflated it such that you would have been able to have a super majority in the governance proposals because that doesn't quite ring true to me it's that there wasn't enough liquidity in the in the pools to acquire enough bean denominated value to deposit in a flash loan if that makes sense because as you buy beans or add liquidity on one side the price changes and therefore the bdv changes right and so if you're trying to do this atomically there's a limit to how much you can do before changing the bdv too much such that you know you you can no longer acquire enough uh stock effectively so there had to be the right conditions where there was enough liquidity relative to the bean supply for this to happen and prior to the past week there was not sufficient liquidity to facilitate this attack interesting okay that makes sense i gotta do it out on paper or a spreadsheet um yeah the other thing i would say is or one thing i'm curious about is like look man you know we all had a rough day lost several million dollars today i get it that's fine at the end of the day i think what you guys have created is really special the protocol is really unique that's why i've taken the time to tweet about it that's why the time i've spent engaging with friends about it i think it's been worthwhile and i get that it sucks as like an lp to just sort of lose your bags but i think what you guys have conceptually is super interesting might not make more sense at this point to just cut bait you know don't reward into the former lps and believe me i'm one of them and it's gonna hurt a lot but you know preserve the concept it feels like trying to compensate former lps by hunting for venture money and believe me i've been on the phone with fund managers seeing if there'd be anyone that would bite it something like this is gonna be a really really difficult challenge when you're basically forcing other funds to buy so why not just say like [Â __Â ] it the community's special the ideas are special um the products we can develop down the line are special we got hit with a governance exploit that basically nobody anticipates but the peg maintenance mechanisms are still beautiful and wonderful and i love the idea let's just start a new thing rather than trying to tie a dinghy to the titanic as it sinks you know and there really is something to be said for that ultimately we kind of are at the behest of the the community and the dow and we're gonna work on whatever the dao wants to do moving forward so um understand it may not be i mean the dow may ultimately decide they want to launch some sort of fork uh or like you know migrate the contract and keep all the stock in the pods or all the stock and not the right there's a million iterations here and to your point there is a lot to be a lot to be said of the elegance of just you know deploying the like a a a contract with uh fixed governance to fix this exploit um and basically deploy it from scratch there would obviously have to be some sort of new uh deployment mechanism because at this point there'd be a lot of expectation around the system so it wouldn't you wouldn't really expect the season of plenty to be enough per se um so it would take a little bit of time to get that right anyways um but but the short answer is kid quartz you know at least in the short term like the next 24 to 48 hours definitely think it makes sense to pursue seeing if there's demand to kind of backstop this thing and the real thing that they'd be buying would be the credit history of beanstalk and if you can resuscitate beanstalk you know via some sort of on pain process uh i you know there's there's a lot to be said for coming back from the dead vampire mode as as a protocol right so uh don't wanna don't want to uh don't want to pursue like launching from scratch until we've pursued uh seeing if there's anything else we can do here but to your point totally acknowledge that yeah understood and i want to say look you know everyone knows when they go into d5 that they take risks in their portfolio and it's not your responsibility to manage everyone else's risks so i hope you guys don't beat yourself up too much about this you're clearly smart guys uh keep up the hard work i have nothing but respect for what happened or for you guys and uh you know it's a tough situation keep on keeping on admire your perseverance thank you sir yeah so guys mark jeffrey here um really shitty day uh as we all know um but i want to commend you all for a coming forward you could have run like cowards you didn't uh you came into a chat room and use your voices and you doxed yourselves uh and you know that's not a small thing uh so first of all i just want to commend you on that second of all all startups have some super shitty day like this like no matter what kind of startup it is um you know with uber you know sometimes it involved drivers doing horrific things to passengers right so at least it wasn't something like that right so um you know put it in perspective um third of all just in thinking about this um when i was sort of thinking it through in my mind this morning when i woke up and you know saw what happened uh the pod mechanism indeed does provide a futures mechanism with which this thing could possibly be rebooted uh but it did it does seem to need some sort of infusion of cash for liquidity i heard you mentioned earlier that you thought 50 million was kind of the low bar for that do you think it could be done with less could you do it with 10 million or 20 million something like that do you think so rome is you know it's impossible to build rome back in a day and even if you have let's say a magic wand and suddenly 50 million dollars to backstop this thing you really wouldn't want to put it all in to the liquidity pools immediately uh because that again to get to earlier people's points there are some people that want to rage quit and sell their beans at a discount and it's very important that however the system gets rebooted there's an opportunity for those people to rage quit at a cent and at 10 cents and at 50 cents and at 90 cents so we you know there's a balance between facilitating people to you know if you want to call it rage quitting or selling selling their beans at us at a steep uh discount uh with uh not exacerbating the negative feedback loop if that makes sense that comes with a loss of faith and so the balance that needs to be strict uh stricken is that uh there needs to be some sort of announcement of capital and and some strategy as to how it's going to be deployed into the system but then the way it needs to be deployed is such that you know there's no there's no immediate return to the peg if that makes sense because that would facilitate a really inefficient deployment if you consider that lots of people are probably going to want to sell their beans below a dollar yeah i totally hear that you probably have to reissue beans like it's like a different coin or something like that correct that's that's going to have to happen okay well guys you know uh you know i'm i'm cheering for you i love the mechanism that you've built um so i'm really hoping that you do find some way forward and thank you for continuing to try to find a way forward and not just running away and quitting we are not quitters that we are not um smokey go ahead yeah thanks guys so um probably it's again my apologies to to bash the idealists in you but um when it comes to i guess earlier you know you said we'll take whatever approach the dow favors in this kind of writer or some paraphrasing of that do you think that like do you think that now is the time to double down on on dow infrastructure slash uh you know the the will of the many when it's you know sort of a execute in the moment like full court press as jdp seems to be saying and it is a fantastic sort of situation like do you think that that is what will result in things getting done um because in my mind there's two courses of action one is what stays sort of pure or true to the vision the other is probably what has the highest expected value of everyone who lost money today and or his long-term bullish on being in its current embodiment becoming whole and i think that they kind of diverge at this point which is to say like does the dao take control or does the dow take po you know trust poobius to take control well ultimately think that there's there's a there is a harmony there and uh we and many of the people that have reached out to us at beanstalk farms you know to say full core press might be an understatement it'll be like the last two minutes in the final four like we're this is you know this is crunch time to say the least um but but substantively really don't think that there's there is a disconnect between uh things being able to be executed and things being done where there's decentralized consensus and ultimately we recognize that no matter what action is taken at this point there's going to be a lot of people that are unhappy with what's done and so at this point the question is how can we uh you know what what's the best way forward for everyone together collectively and the community is really the thing that makes beanstalk strong and so if the community is willing to move forward with uh you know that's really the main thing that will determine whether beanstalk is successful uh to answer your you explicitly do we think it's time to double down on the principles and stuff it's not about doubling down this is this is what it's all about this the system is strong because of the fact that there's so many people that care about its success like this is today we were we were pulled pulled up off the ground by by the people that we've been working with for months and uh reminded that this is this is a long a long battle or a long war that is not lost uh and while the battle today was certainly lost uh the war is not lost and to answer you know to to just to get at what we're really getting trying to get at here smokey we doxed ourselves because of that like we mean business this is not this is not a joke to us this is this is [Â __Â ] today what happened today is horrible and so our our intention is to do everything we can to try to fix it um but we are just three individuals and we truly do believe that what makes beanstalk so strong and successful is the diverse set of people that are participating and uh the hope is to to conduct ourselves in a way where going forward that is not lost and even if there are certainly some people that are gonna hop off the bandwagon as soon as the as soon as humanly possible uh that's okay um and and it's really just about figuring out how to in in short order do that but at the same time just want to recognize let's say there was a you know 50 or 100 million dollars that appeared out of nowhere right now we would not be ready to to unpause beanstalk like it's gonna take a couple of weeks until we feel like we have we've done our homework uh and beanstalk farms has done our homework such that uh this exploit and anything similar to it is covered and uh you know that that's that's essential so recognize that everyone wants resolution here in short order uh don't think that's that's realistic frankly um and that's unrelated to the full court press which we are we are we are mounting in full steam so uh you know there is a little bit of a a friction there but think there's some harmony we're going to be able to hopefully get at together yeah that's fair and look i respect you guys for coming out and you know basically putting your your yourselves at risk slash putting like you know your your faith forward by saying look here's who i am right that's what a lot of people including myself don't have myself doesn't have the balls to do right so like good on you um i just think that there's also like you know as people famously say do you want to be right or do you want to make money i think that that also kind of you know comes into play here along with like there isn't any glory in in doing things the i like there isn't any glory in doing things the hard way is is what i'm getting at and we've seen how dow bloat and or like slow decision making has killed many a startup in the past and that's sort of i think what i model being closest to right now right so i guess all i would ask is that you know yes please take advantage of the community and some and then you know learn as much as you can and squeeze as many great ideas other people there just don't let the idea of being a dow um slow down execution because we've seen that kill great projects in the past and kill the momentum that is sort of the lifeblood of d5 as i see it yeah i mean it is just important to acknowledge though that we're not in charge and have never have never positioned ourselves as in charge of being stuck and we we do think it would be wrong to at this point in time to start to like wave a magic wand and act like that is the case and so if anything the goal is to evaluate collectively and we're also going to be racking our brains and leveraging our networks and seeing what we can do but the idea is to come up with a set of three or four different viable options moving forward depending on the available capital and situation and basically you know propose a b c or d and uh as those options become apparent and what they are don't think that will you know i think the goal is once we figure out what a b and c and d are that will be it'll be possible for everyone to vote on on a b c and d but in the short term feel like you know feel like we gotta we gotta all work together to figure out what those are and we're not you know we're not in charge so it's hard for us to just say oh this is what what's gonna happen it's not it's not really it's not the way things things happen yeah fair enough man um look best of luck and and you know i'm in the corner if there's anything i can ever do to help so thanks guys appreciate it and smokey just want to say we appreciate your input tremendously and really hope that you're part of the process and discussion and stuff you know as we figure this all out together um i would like to say something really i think you're up right after harvey we'll let her uh oh i'm sorry hey we can hear you go ahead cool uh yeah um uh well it's funny when i first started to sign up to talk um you know it goes like a lot of the stuff i wanted to talk about started to be covered by the next three speakers so uh anyway um i uh i first want to say you know i'm really impressed so far i'm really happy with how you're handling things like you know uh the doxxing is a very strong first step i like the idea of uh being meticulous with weighing the options that's another thing that's uh always drawn me to the project i i think there's really something special here um what i felt like this analogy which is kind of crappy but it's kind of like if we live in a horse-drawn carriage world and you guys invented the first car and then someone came along and like cut the brake lines and then if you were to throw it away or the market threw it away that's like saying well cars are just stupid because that one crashed and it's like well no it's just fix the brake lines and cars are way better than horse drawn carriages and i think what you guys have made for dfi and for um i'll go back uh dollars is like the uh automobile in a horse-drawn carriage world it's like just it's just incredible superior tech i've been pretty much obsessed since i found it in november and i've been as excited about being as i was when i first found bitcoin in 2012. and um so with that said i uh i also really really appreciate the diligence you guys from everything i've seen you you really do um sort of run like mathematical scenarios to run your governance to make sure that the algorithms do govern it and keep it stable and like kind of consider and weigh each thing uh that is the next step and so i kind of um i still have the full faith that you're going to continue to do that here uh i think the main thing that made me raise my hand was just at the beginning um the concern about liquidity i i just my two cents was i didn't think liquidity would be that difficult even despite the setback today like i feel like between something like a like a fundraiser thing where you uh have just a new uh pod line issuance or something like that combined with the fact that there's i from the people in my circles i feel like there's enough true believers that they'd be happy to just be getting in a silo early because you know when you're in the silo early uh it's um it's they're gonna be getting the rewards and the bigger proportion of rewards so it'll kind of naturally attract liquidity because it's proven itself uh for for what it is you know like it was on a terror but before this happened it was like the world was waking up to the wonder that is the protocol and it looked like it was just going to keep attracting liquidity because it is such a superior product and people were starting to really realize that and understand the mechanics of it and you know why the world needs cheap you know non-collateralized stable coins and uh um anyway so i think yeah with the um with the uh setback and the reputation of having a uh exploit happen it it can be a bit of a setback but it's on uh this is more like akin to something like satoshi inventing bitcoin or something like the technology that's been created is so special that it's like it's like if uh when satoshi first created bitcoin if someone magically made a super secret minor that 51 attacked it but like it could it could recover from that you know and and i don't want people to lose sight of the um barbie hurry i'm i don't mean to catch up but i think uh yeah we just we want to get to more questions here i but we really we echo your sentiment really appreciate um your support in this hard time yeah i had questions kind of before but then people asked him so then i just sort of started rambling because it's okay i i understand i think we're all kind of frying you know it's like i get it it's been a long day i'm gonna move now real quick there was a in the town hall chat there was um okay we had basically publius you know what what should have been done to prevent this um you know if if you you know we can go back in time you know 24 48 hours um how could we set ourselves up in the future so things like this don't happen well there needs to be flashlight resistance built into governance and you know that was what was attacked and that needs to be fixed so yeah and do we have a clear path for that the short answer is yes um it's one of those things where it's like yeah it's it's brutal because it's not technically hard to to fix it's just like it just wasn't part of the protocol gotcha um like if the airbag was turned off in the passenger seat or something you could just click yeah um okay uh hey everybody um publius core team uh really sad to hear what happened i've been affected everybody's been affected tough day um that said i am floored at the community response and just amazed at you know kind of the initiative that various community members and core contributors have taken to find a way forward so that gives me a strong signal that you know this is something worth fighting for um in addition you know the reason i got into bean is the economic design it feels strong and it this to date it hasn't been proven wrong um so there is still a lot to explore in this problem space um that said let's prove it right this is the biggest shitstorm imaginable let's prove it right let's put the band-aid on and let's let the model work its magic so you know there's a lot of work to be done to get get that to happen but uh we were also floored by the response today from the community i mean holy smokes yeah um so i i totally agree with you i think they're you know i all for whatever path we choose uh i'd like to be involved and help you brainstorm one thing i'd like to bring up and something i'm mulling over is the extent of how much on-chain governance played a role in this exploit and you know when i think about on-chain governance in d5 and krypto in general i feel like we collectively are not ready for fully unchained governance system uh and part of the problem is that it introduces exploits like this uh things that we can't predict until it's already happened um and so with that in mind i'm curious how you're thinking about governance and what changes you're thinking about making to governance going forward well well you know again the flash loan resistance to governance is really the substantive change that needs to be made at first glance um to your point about on-chain governance as a whole not being at the state that it needs to be uh evidently so um but don't necessarily think that's reason to kind of back away from the concept of on-chain governance and if the goal is to really have a truly autonomous protocol which beanstalk is designed to be then you need on-trend governance and so uh at least from our perspective we'd be more inclined to try to take this as a major learning opportunity and build the most robust on-chain governance system possible as a response to this basically yes um one thing okay so i'll leave it up to you to think about but like there my understanding was that you were using a custom governor contract um i've been told that there's like the regular governor contract actually has this built in this this fell safe against uh max and so if we do want to consider like on-chain governance uh and making minimal changes going forward then like we we really need to think of this as like the most important project to solve like how is next iteration of being going to be governed and how do we minimize the potential for exploit what exists today and and what minimal changes do we have to make if any to make sure that we use systems that are have already been simulated hacked and audited so that we minimize this going forward yeah it's a great point you know a question i'm sure everyone will be considering uh as we evaluate okay uh from the from the chat there was how did this go from a bit with 250k to ukraine you know all of a sudden you know to to draining uh you know all the liquidity you know what were those you just explain that a little bit more so there were two bits that were proposed uh back to back and one of the bips was uh verified on etherscan to to donate to the ukraine basically and it seemed like both of the bips were actually the same bip that was what it seemed like and so it was relatively innocuous from that perspective because it seemed like they just proposed the same bib to mint beans to the ukraine twice and that's why it you know it didn't really raise any flags okay i think we have um plastic bean i think you were up next thank you dumpling um first of all thank you babies thank you dumpling and thank you to the whole team for coming forward and putting this together i really appreciate it i've been following beanstalk uh for uh for a long time now my one question is um if if one of the solution is to deploy a new contract and issue new tokens what will happen to the current pod line are you guys going to default on the debt or you will somehow transfer it over to the the new contract that's basically an open question that will be you know is one of those substantive things we we hope that the dow will vote on you know that will will be certainly part of the options that are you know need to be voted on okay thank you um aj we're up next aj we can't hear you you might try to you might have to leave and come back for now i'm gonna move to dr beans hey guys um um you guys can hear me yeah more folks yeah what's up dunks oh yeah um yeah so just echoing like pretty much everyone's uh sentiment um yeah rough rough day still 100 like believe in the the vision the mission and i think that what what i wanted to say was um from my perspective and this could be kind of obviously probably is wrong but um from my perspective the the people there's 75 million dollars roughly uh yeah calius dumpling absolutely if there's a problem on your end but but people are listening to dunks my perspective and correct me if i'm wrong uh there so there was roughly 75 million dollars of um stable coins and eighth like basically stolen from the protocol right roughly yes yeah so what my idea or suggestion is is or just more it's more the way i'm looking at it it just occurred to me that uh from my perspective if i was obviously some of that was mine not a lot but if i would be happy to be moved to the front of the pod line like i would be happy for that 75 million dollars to be moved to the front of the pod line um and basically the product in that sense the protocol i would with a protocol with own 75 million beans uh to um to those people who lost 75 million dollars and then if there was a way to kick start liquidity then it seems to me that the current situation is the pod line is 650 million so really all we're doing is we're adding an extra 75 million to that pod line to me that does not seem like an insurmounta an insurmountable obstacle people were to me it doesn't actually seem that huge if we can solve the liquidity issue so i just wanted wondering what what you guys think about that and is that could that would it be possible to move like say the credit the the people who lost the actual money um because obviously a lot of the pod line was people who live one difficulty is that the pod line is is like ordered and so it's a question of like where how do you order different people in the silo which is fungible or stockholders or equivalent to some extent um but the short answer is the point that you're really getting at is uh very clearly that there is a lot of different reason to be optimistic here and so uh it's unclear exactly what the right solution is but but you know we we like you are optimistic there's a path forward here yeah no awesome that that's that's just kind of yeah that my sentiment is my feeling is that we've lost 70 you know we've lost 75 million dollars the protocol in us in some sense owes that uh but we have a pod line which is basically represents what the protocol owes i'm i for one happy to be included in that pod line i it would be cool if it was at the start but you know to me that's kind of it's like the broad strokes of like where we're at and it doesn't seem insurmountable it'd be another part line like there's a you know there's a lot of different things to do here there's a lot of different do here okay um next we'll go uh food is this work and then we'll just work oh aj you're on yeah um so wow um puglius nice to hear your voice like you know i'm not gonna waste time um on all the uh politics uh it's i hope everybody's you know in good health um i've seen you all through a lot of phases i haven't always been super involved but i've seen beanstalk move through a lot of phases and i'm super in awe of what has been accomplished despite this sort of atomic tragedy that's occurred today this point issue it's just amazing this this i'm totally sold on it um and every time that you know i thought there was no way you guys come back you've come back and so i just don't listen to that doubt anymore um a lot of people have you know asked really good questions and and pose really conscious good concerns looking backwards looking forwards their concerns their questions their suggestions and i'm like super impressed by the community i i would like to know i i have like some general concerns about what the beanstalk farms organization will look like going forward i know that you said that you've gotten a lot of support from your group um and i i think that what you've said is that you continue to plan on working on this for full time i think we all have a lot of hope but i would like if there's you know anything more to address there i i i would uh you know i'd like to hear it addressed and yeah i mean other than that like i'm you know the other thing is what you know what do you need uh what do you need from us i mean you know this has been about we we heard your apology and the empathy and your commitment to moving forward so how can the community help the community make sure that we bring this incredible concept back to life so those are my two questions like what do you need from us and also just maybe some commentary on like what beanstalk farms looks like operationally moving forward yeah it's unclear i mean beanstalk farms everyone was basically paid you know via there was the bips to meant the beans to fund the the the the development and basically the beans are currently worthless so everyone from uh beanstalk uh farms that wants to continue working on beanstalk it remains uh it remains uh unclear you know how to best do that but you know the the the short answer is people who are going to keep working on beanstalk farms are going to do it more or less on a voluntary basis right okay um and yeah i mean just i mean if there's anything that you need from the community i don't know that's that's the only thing you know what can we do what can we do for beanstalk farms what can we do uh the short answer is by tuesday the hope is during class to have you know some sort of substantive uh ideas we can start to discuss um and we'll see where we're at on the capital front and so those are really the two main things it's like what's the best way to set this up and then um you know like actually try to raise the liquidity and then how do we where do we source it from so what's the structure of it and then how do we actually source it those are the two main questions at the moment okay thank you so much thank you so much for your time thanks aj um okay next a foo dot eth if you're not near mike um you can go to calius did you go um or dev bear hi guys um i'm carly's and hi publius i have a background in the back audi distribution and enforcement and i'd like to ask a question about you know jack newell's who after this exploit will still it's a little hard it's a little hard to hear jack newell i have a question about jack newell will after this exploit will still be able because they'll be able to buy his color house and go private i'm sorry you're going a little bit in and out um and so it's a little hard to hear your question um do you guys know jack newell uh do we know him uh only on twitter okay so well after this exploit will he still be able to uh i didn't understand that that's what about that i think it was a joke um but uh yeah we'll go to uh dead bear hey guys how's it going um i just had a couple questions kind of from a technical perspective um the first of which was kind of your guy's motivation for having the protocol have full like like basically governance to have pretty much god mode into kind of the the one contract that based on the diamond pattern how it delegates out to all the other bips and editions the idea behind allowing that to execute arbitrary call data with no restrictions whatsoever specifically on user funds that have been deposited and the second question was why wasn't the call data on the governance proposal checked for over 24 hours before it was executed so to answer the former question the the desire to have a fully on chain governance system was effectively such that the the system could really run autonomously and go ahead sorry it's just my feedback you're good oh no problem and so like from a principal perspective like why could the governance up uh execute arbitrary code uh well the short answer is the beanstalk when it was originally deployed like was not it would not it would not it wasn't working like it took the bits that were implemented in order to make beanstalk continue to work and the structure of what changes would need to be made to beanstalk at the time that it was deployed uh it was very unclear to us what would need to be changed and what would not be need to be changed if that makes sense and just so just from a practical perspective uh you know it really was like a necessity for the system to be able to be changed uh somewhat arbitrarily and then the hope was that the structure of the governance system was sufficiently secure to accept arbitrary uh execution of code uh because the bips wouldn't be executed unless uh people were were um you know people people supported the bips and so the the benefit of doing the on-chain like the on-chain governance is really to facilitate that um and to to you know to answer your second question as to why the on-chain call data was not uh looked at the short answer is uh and you know it's it you know it's un it's unclear uh it's unclear what what i mean the short answer is uh don't that's okay correct me if i'm wrong like if one of the members that had access to the emergency stop had looked at the call data before it was executed this could have been prevented correct uh on honestly i'm that's unclear uh to us at the time well would an emergency stop was pulled before the call data was executed the call data would have reverted when the governance proposal executed correct but your question was whether the from reviewing the on-chain call data it would have been possible to determine whether there was an attack happening and that's the thing that's unclear correct that's fair enough yeah it just seems a little bit negligent that the team did not do that due diligence and let you know there was confusion around it people were confused that no one from the team you know executed the call data on a local fork of mainnet on their machine and see what happened because what you could have done is you could have simulated like had you just like like you know like ganache cli can just fork like maine at state you could have executed that call date on your local machine and watch the curve pool get drained so like yeah that's just kind of my question i'm not trying to depress you guys or anything but like you know as someone also building a protocol these are the type of things that we kind of looked for like around like you know simulations and testing to see these kind of measures um so something like you know even fuzz testing this but most importantly just like literally like forking mainnet and executing the call data locally you would have seen that this happened so just like for your like going forward any other like security considerations that you guys have um you know that's one thing that i've always thought like for executing like on-chain call data and having a time lock like having someone whose responsibility is simply to just like run it locally and see what happens um seems like that would be important um because call data like this like definitely would have been able to detect that like in advance yeah i think there's a lot of learning uh lessons to be learned here and uh if beanstalk didn't have like a a head of security or someone that was responsible for uh testing the bips and so yeah this is uh this is one of those things that uh in a decentralized capacity it's like everyone can point fingers and yeah it stinks no like now the other question just to kind of follow up on that is like why like what was the reasoning for governance like the governance basically call data or any bip to have full access to the lp positions in the pool and to be able to send them to arbitrary addresses and move tokens arbitrarily um like from a protocol design perspective the only person that should be able to remove like an asset like that from the pool should be the person that deposited it so governance like the way like i've kind of learned protocol design should only be let's take an example where the curve the curve pool for the beam 3 curve pool has an a parameter of 10 and let's say uh instead of going through curve governance to change the a parameter from a to from 100 from 10 to 100 beanstalk farms deploys a new pool and then proposes basically via governance to immediately migrate any deposited liquidity from uh the curve pool with an a parameter of 10 to an a parameter of a hundred and so there's the like there's just some practical things that you'd want to be able to do um that in hindsight you may say well at the margin it's not worth it um but that was the thinking couldn't you just like add a list of like approved addresses like like just like a mapping of approved averages within the diamond contract that says like governance is allowed to move tokens like from here to here via like a specific like you could have a specific like token moving function that checks to see like am i pulling this token from somewhere that's like allowed and am i moving to somewhere that's allowed and you could just whitelist that new curveball it just seemed kind of strange that the protocol design allowed for arbitrary moving of tokens from like one arbitrary location to another with arbitrary call data executed permissionlessly it just feels a little bit like i'm not trying to like press you guys i'm just like you know as you know someone who like is really deep into this stuff it just seems a little bit just confusing why it was designed like that um i just want to get your thoughts on like if there was another if like if that was the reason why like that was done um or if there was like a more like i don't know i don't really know what i'm asking at this point but like why why was it implemented that way and did anyone see that i will say you um we you definitely are pressing them but that's also okay i think that this is a forum for that so that's that's good i guess i would say you know when you know are you are you open to you know to helping us as we you know as we make any changes to this because it seems like you're highly qualified for this sort of thing like it's it's not particularly something i have time to to look in i'm just like trying to like get a conce consolation of like why these things weren't discussed internally and why the audit firms that have audited beans in the past it has been audited like missed something like this um it just it just feels very kind of strange and if i was like a community member who didn't understand this stuff it's like i you know having a very like concrete solid answer as to why like governance could arbitrarily move my money at any time seems like something i would like want to have an answer for yeah i mean respectfully no one has raised this with us to date obviously now's the time to raise it but um yeah i mean if you have questions about why the the the white paper and the protocol the goal is to make that as upfront as possible that arbitrary code could be executed via bips um but recognize that uh you know that that might not be the best way to draw it up for sure uh yeah that's about all the questions i have i guess like the only question right forward have you guys discussed internally like from a code perspective uh anything that you plan to improve on or like architecture like architecturally a lot of the discussion throughout the day today was really focused on governance um and how it was like governance's fault that this was you know this happened they're saying like oh on chain governance bad let's move to off chain you know et cetera et cetera but from my understanding it looks like it was a failure of software architecture not a failure of on-chain governance and i feel like a lot of people were pointing fingers that on-screen governance saying it's bad um so i just want to get your thoughts on on you know if there's anything you guys have talked about that keeps on chain governance um you know because it seems like removing it for the sake of removing it it's just like we don't want to write the code to do it properly well we just removed it currently uh to prevent any additional exploits effectively um but that that's not to say that we think that there shouldn't be on-chain governance going forward in any way go make sense thank you guys for answering those questions that's about all i have appreciate your questions very much i think i brought on uh sages and uh tyler burden uh we'll go with the sages first uh tyler if you're near your mic why don't you go ahead as well okay hi guys can you hear can you hear me now uh yes can hear you okay so um yeah thank you for for doing this um you know um i've been following beanstalk for a while i really want to see it succeed and today was was not a great day um i just want to follow up on a question that was asked earlier earlier about defaulting the parts the pod line is is about 700 million now it just feels like a little bit odd as a solution proposal solution to move forward um especially after we lost money in the silo it means that we may lost and we may lose our pods as well i just want to know if if that's something that is being considered for real or or um or not i think everything is on the table and the the everything ranges from just launching a new a new diamond contract that's totally unencumbered by any sort of previous obligations uh to trying to honor a hundred percent of the current obligations in some form uh so that's again like beanstalk is nothing without the community and so at the end of the day it's really a question of which is and this is going to be a paddle an uphill battle whatever whatever is the course we all choose to take um the point is the community's got to gear up for that uphill battle and uh don't you know we're we're not we're not really in a position to say whether the pod should be uh uh you know because again if you have to migrate to a new beanstalk contract then the question is do you also migrate the pod obligation and so it's really just a it is just a question and it can happen or not um but there's no there's no right answers at the moment this is a shitty situation and there are no right answers okay um it just feels like you know i don't know maybe just being a little you know it's been a little difficult today to lose money on the silo but it feels like you know that losing money money as well in the pods that you know it's not a great solution but okay i mean yeah no one wants to lose money agree well tyler i think you know you could be part of those conversations you know we're going to have several more this isn't this isn't the only one right um so sages next i'm not sure you're there i invited a few more people to speak back again um so one quick question and i i asked this to i think to probably understand how um we're internally thinking about positioning in front of vc etc at the moment but if you're sort of on the other side of the table and you're evaluating why to you know fun bean versus fun to fork at this point because inevitably the narratives within like the next week or two will be like like i would not be surprised if we see a series of bean forks um you know how to like what's the incentive for a third party to inject liquidity here apart from the community it's the credit history that's the short answer it's your buying history what part of that matters well the fact that beanstalk has a history of paying back its debt is not insignificant and furthermore if you consider what actually killed all of the previous attempts at credit-based stable coins they never really made it out of the launch phase if that makes sense and so right but just just to complete the statement uh even if you say like a new beanstalk is the way to go the launch question is very much unanswered and at this point don't really think that the current the current model would be prepared for a uh like a launch into such publicity if that makes sense so it's like you can you can fork beanstalk but that's i mean frankly don't even necessarily think that that's like the position you want to be in i mean obviously you have a lot of obligations in the current bean stock but if you have no obligations that's how you get into season aplenty territory and inorganic demand and uh there's a lot to be said for the alpha here if beanstalk the current version of beanstalk is able to attract enough lenders to come back from the debt that's the short answer so um that's that's that's the positioning fair i don't mean to belittle what bean stocks accomplish because it's uh it's it's it's quite significant right i'm just saying that at this point the major risk which people worried about which is can you create a protocol like this that that pays out and actually prints over time like you guys have kind of de-risked that right in the eyes of what is possible versus what is impossible so like i i do get your point around the credit history but i also do wonder if if like and i'm just saying this again speaking from a devil's advocate point of view like you know how do you it feels like a really tough statement to make objective claims around in terms of you know there's no way to to do a clean like cold launch um with appropriately managed or like you know effectively or i think we agree with that 100 we would we would just say uh despite being in a horrible position at the moment uh we welcome the competition that's good i respect that beanstalk is better for the competition okay i think we have um cloverglow hey can you hear me um i have a pair of questions for you first um earlier in the call you mentioned that you um you you didn't feel like you were the leaders of beanstalk do you feel like you could you could rep i mean do you feel like you can represent the um protocol to vcs i think they'll be they'll be looking for someone who can speak for the protocol they they won't be looking for a highly decentralized process so um how do you think you can present yourself to a potential large investor well we're here we just raised our hands we're we just doxed ourselves so the short answer is uh while we don't intend to be as has been the case for a very long time we don't intend to be the sole voice talking to people about beanstalk in fact while this call's been going on we've been getting a ton of text from people saying hey i talked to so and so uh and you know there's a lot of people saying they're gonna put money in it's like uh there's a lot of uh chatter and we don't anticipate being the only ones or the main ones but um we're certainly going to participate in the process of trying to facilitate and uh you know get do do do do whatever we can to to help make that happen but at the end of the day and this is really a hill we will die on and very beginning and privileged that at some point the goal is for public to disappear like we don't want beanstalk to be reliant on any individual or group of individuals whatsoever and so the the long-term vision here is is is not altered and while in the short term like obviously things have changed we're doxed we've this the substantive thing has changed um you know we we we we encourage everyone to we encourage everyone to participate in this process basically this is a group this is a group project in many ways i see you mentioned earlier there's no head of security is your is your organizational model um is that possible under your organizational model are you open to it well well beanstalk itself is just governed by an entrepreneur um beanstalk farms and someone who's just solely you know working on security let's call it so there's nothing to procrui preclude that from changing in the future and you know that would seem to be a prudent thing to do uh if anything uh and it's not it's like well why wasn't there they're really hard to find you know either the people that have this knowledge base work for auditing firms or are hackers and so it's very hard to get in touch with any of them and to try to recruit them to work on a single project and lots of the auditors have all sorts of language in the contracts that we can't solicit their employees and so it makes it really difficult for in stock farms or being stock as a protocol to attract you know some sort of security specialist now maybe after this happens someone will raise their hands um but to date that you know that was not that was not possible basically okay i think thank you for your answers there um the other thing i wanted to check in with you on is um so the it's uh it's been made clear that the you know the government system hasn't changed since the amnesia audience audit um i i thought i heard earlier today that what had changed since then was that um assets that could be borrowed in a flash loan had been introduced to the silo is that true don't believe that is the thing that changed uh as we were saying earlier our understanding of what changed uh that facilitated the exploit was that the percentage of uh bdv in the silo uh that was in liquidity pools uh increased dramatically over the past couple of days and that facilitated via a flashlight the acquiring of enough uh bdv to uh uh super majority pass a bip but the assets that were whitelisted in the silo themselves at least as far as we understand it were non-substantive see okay so what even when when going back to bip7 or whatever the the audit was there the flash zonable assets uh were already uh part of the protocol yeah there's nothing whatsoever that changed since bip7 that would have allowed this to happen in our in our opinion you know based on our understanding at the moment certainly okay great thank you for clarifying that yeah and obviously they don't want to raise their hands and say hey we [Â __Â ] up you know that's not something that amnesia wants to do um and we're not gonna you know we're not gonna try to force them to do that but um we're also not gonna pretend like like this was something that that was introduced after the fact yep understood absolutely okay we had king shrimp up earlier and they left but king shrimp you wanna i can't hear you king trump still um okay we'll move to mumu machine uh hey guys can you uh hear me already yes perfect um uh first off i want to take my hat off to biblious for doxxing themselves um providing all of this transparency obviously uh a majority of people i think would have just cut and run shut down the discord bmw i'm sorry i'm so sorry to interrupt but i've heard from a lot of people they don't want to hear that so can you just keep can you get to the questions appreciate it so appreciate the sentiment bye uh first one uh i wanna ask about is was there a bug bounty in place um and uh if not why not uh you know not that we're uh in the business of pointing fingers but this goes back to the decentralized nature of things uh the