📖

Beanstalk University Class #21

Date
April 19, 2022
Timestamps

2:50 What’s going to happen to Stalk owned by exploit victims? • 4:00 What are we doing re: governance and security? • 6:45 Why did we decide on the fundraise being time-bound? • 17:14 Any updates on investor conversations? • 18:50 What code changes are needed to restart? • 38:09 Why not keep Beanstalk running while doing the fundraiser? • 42:42 Will we consider paying back old Pod holders at a higher rate over time once we recover? • 44:22 Will fundraiser be capped? • 47:22 What is the pitch to new investors? • 50:41 Discussion around Omniscia • 56:45 Fundraise auction mechanics • 1:01:43 What’s going to happen to Stalk owned by exploit victims? • 1:03:10 What about people who bought Beans post-exploit? • 1:05:40 Will fundraise be VC deal or public sale? • 1:07:45 Is there a plan B if the fundraise doesn’t go well? • 1:08:47 Idea to incentivize larger fundraising commitments with bonuses • 1:13:30 Negotiation with hacker • 1:15:11 How is Publius doing? • 1:27:02 Vesting mechanics with fundraiser • 1:30:57 Security considerations prior to relaunch • 1:31:58 Risk of forks of Beanstalk coming up? • 1:35:36 Publius’ level of confidence in the fundraise and path forward updates • 1:36:55 A discussion on fundraise mechanics • 1:50:48 Thoughts on security • 1:54:03 What happens to LP that is withdrawn during the vesting period • 1:55:55 Discussion and brainstorm around haircut mechanics • 2:06:10 Advantages of using Pods to raise money vs other methods • 2:13:10 Clarification around withdrawn LP during vesting period • 2:17:41 Weather considerations with fundraise • 2:27:40 Should % raised determine payout % to the new money? • 2:37:30 How will we drive investment? • 2:48:18 Should we haircut pods more than silo? • 2:53:19 Incentive for new investors • 2:54:22 Volume of trades post exploit • 2:58:50 Auction mechanics • 3:11:44 Ideas about timing of paying off old silo and pod line • 3:12:29 Bug Bounty discussion • 3:13:29 Treasury considerations • 3:15:42 How did exploiter pull it off (technical details) • 3:20:41 Ideas about Beans that were sent to Ukraine • 3:23:19 Thoughts on allocation of the fundraise? • 3:24:10 What is the roadmap that will attract institutional money? • 3:28:11 What would happen if we just seeded ETH:Bean pool and let it run • 3:31:27 Bean song!

Type
Beanstalk University

Recordings

Notes

Announcements

  • There is now a 3rd Publius

Notes and Questions

What’s going to happen to Stalk?

  • Stalk will be scaled down by a factor proportional to the % of the fundraise that is raised. E.g. if we only raise 50% of the $76mm, Beans, Seed, and Stalk will all be scaled down to 50% of what was lost

What are we doing re: governance and security?

  • Short term solutions:
    • On-chain governance will be removed for the time being
    • Community-controlled multi-sig wallet will be responsible for custody and ownership of the protocol
    • No on-chain governance until longer term solutions are implemented
  • Longer term solutions
    • We are exploring an on-chain governance solution that could be implemented in the future
    • Trail of Bits audit will happen in June

Why did we decide on the fundraise being time-bound?

  • It makes more sense to give people pre-defined periods in which they can participate in this opportunity, creates FOMO / good game theory to attract investors
  • As of now we are thinking 3 days for the fundraise
  • We believe that we can get the protocol back up and running even with a small amount of capital
  • Turning Beanstalk back on is a real undertaking and best to do it as a separate process to the fundraise

Any updates on investor conversations or commits?

  • There’s no term sheet here given this is a decentralized protocol, not a startup selling equity
  • We do hear a ton of chatter and interest, though, very encouraging. But don’t have a sense of the dollar amount

What code changes are needed to restart? Are we confident that if we turn this back on we won’t suffer another exploit?

  • To be clear, this exploit was not a problem in the code, but in governance. There was no code bug, and we still will hold us to a high standard for testing
  • If we take off on-chain governance, there really is no way for draining of funds to happen like it happened during the exploit. So we are taking off on-chain governance
  • We may not have to deploy an entirely new contract, just a new Bean token
  • Trail of bits is already on retainer and ready to audit all of Beanstalk

Why not keep Beanstalk running while doing the fundraiser?

  • There are some technical challenges, tough to do these things if both are running, so makes more sense to do these in 2 discrete steps. These challenges include:
    • Porting state and rolling back state to pre-exploit. Calculating haircuts. Doing this in 2 discrete steps is much much easier.

Will we consider paying back old pod holders at a higher rate over time once we recover?

  • No, priority is to incentivize new investors

Will fundraiser be capped?

  • Yes, time capped and money capped ($76mm)

What is the pitch to new investors?

  • Beanstalk has a strong position in the market, great credit history, super strong community, and diverse and talented team
    • Beanstalk has demonstrated product market fit in Defi
  • Right before the exploit, everyone wanted to get in but there was no soil available. This may be the last time soil will ever be so abundant. And you get to be at the front of the line

What about utility?

  • In the medium term, Beanstalk has tremendous utility for in becoming the #1 liquidity in Defi, which Bean is uniquely positioned to do given we are positive carry
  • For more about utility, read:

What was the response from Omniscia? And what’s the status of the retainer with Omniscia?

  • Omniscia reached out and asked Beanstalk to acknowledge code that was attacked was not audited. We disagree and didn’t respond to this
  • The retainer luckily was not paid out yet, and the original agreement was to have Omniscia on hand to audit code as it is updated via BIPs, but that never really happened
  • When we signed the retainer, we thought they'd make us a priority client they'd be ready to do it. We thought that was pretty clear. Now there's a month delay for any further audits.

How do we plan on auctioning off the new line of pods?

  • Use the normal beanstalk model and put it on full display. Implementing this in full is technically intensive:
    • If there's a predefined three day period. The first sowers are first to get paid as fastest. Unclear what weather should be, but should start at 1% and maybe increase every 10 minutes, increases by 1%. Weather gets higher, risk goes down, number of people increase over time.
    • It’s like a streaming auction, weather is locked in when you buy
    • That's the beauty of the FIFO model. The haircut changes as more people participate, but if no one comes in behind them, then benefit from huge haircut. But if you're later, you have less risk!

Are we throwing away all old pods?

  • No, they will scale with the haircut the same way as stalks, seeds, beans

Should people who bought beans at $0.0X, should that be honored?

  • No, these would have been mostly buying stolen beans. The only liquidity at that point was from the attacker.

Is the fundraiser VC funding or a public sale?

  • It would be a normal pod issue. However you want to define that. Separately, if someone was interested in trying to cut deal with the Beanstalk DAO for huge capital, we would consider it.

Is there a plan B if the fundraise doesn’t raise enough?

  • No plan B as of now
  • We will lean on the core of the model that was already working regardless of how much capital is raised
  • A great audience idea — a tiered model so if you sow higher amounts, you will get some type of bonus. E.g. if you invest >$1M, you’ll get 1% extra

Are we going to continue negotiating with the hacker?

  • We haven’t heard from them so there’s no negotiation

How is Publius doing?

  • Feeling really uplifted given that people care and think this is worth fighting for
  • Talking to the FBI is very stressful
  • Optimistic for the future of algorithmic stablecoin model
  • Life hasn't changed much. Wake up, code, go to bed. Thankful to team.
  • Everyone on the DAO contributor team had significant investment lost and can't get paid. Core contributor team rises up, forward.

What happened in Publius’s experience after he doxxed himself?

  • Friends reached out, very positive, life is easier now not having to constantly disguise

Will prior funds be locked up for some period of time? Or will it be a free for all?

  • No, it will be time-weighted vesting. E.g. you sell in 2 days you lose 98%, you wait 60 days you can withdraw and only lose 40%

Would we have turned it back on if there was no fundraiser?

  • There is an argument to be made, but without the fundraiser, it would be really weird having all the stalk with no value under it. So it would be bad for beanstalk. So infusing capital is a good idea.

Risk of forks of Beanstalk?

  • If you want to fork beanstalk, you have to deal with the fact that you have no credit history and no community.
  • So Beanstalk has a huge advantage against forks

Any efforts planned to hire a security expert?

  • Yes but these security experts are super hard to find
  • Many people with this skillset are hackers themselves
  • No real benefit for moving the Trail to Bits audit up (even if they had the capacity to do that), better to make sure we have everything ready for a full audit by them than something half banked for them to review

If someone leaves the Silo early, what happens to the LP they abandoned (given the time vesting)

  • That abandoned LP would be distributed to everyone else
  • So it makes sense to stick around
  • In this way you can actually recover more if you stay and people leave

Isn't a time-vested escape from the haircut a better idea? E.g. you hold a long time, you can avoid a haircut.

  • This is kind of covered by the time vesting for the old silo holders already

Raising $76mm via pods seems super expensive because of all the debt it would create. Is it possible to take as much as needed to get the flywheel started and then slowly get people whole via minting? This would be cheaper

  • Publius disagrees, any debt issuance is a one-time cost, but anything via minting is a long-term tax on the system. So selling pods is by far the best way to do this

What are the best way people can help?

  • We could create a guide for investors unfamiliar with Beanstalk that has no Beanstalk lingo/jargon and explains it in a way that doesn’t require knowing pods, weather, stalk, etc.

Should % raised determine payout %?

  • No, don’t want to make it hard to price the return, since that will make it harder for potential funders to decide whether or not to participate

For new funders, is the best outcome for them having as little capital raised as possible?

  • Everyone benefits as the system grows

Did the team receive help from outsides, e.g Andre Cronje

  • No

How do we continue to drive investment?

  • 2 main considerations:
    • 1) how do we get the word out about Beanstalk ahead of fundraiser
    • 2) how do we keep building awareness post-fundraiser
  • Silver lining is that both of these have been made a lot easier from the exploit and all the coverage, a real shot in the arm
    • We realized a lot of eyes were on us and knew we had to show the world we could bounce back.
    • No one likes the circumstance that this is where we got the attention. Best opp. to show quality of project.
    • Beanstalk farms is focused on education

Will weather be capped at the top during the fundraise?

  • Because the fundraise is time capped there will implicitly be a max weather at the end
  • Should we haircut the pod holders more than the silo holders because the cost basis for pods was way lower?
    • If you treat the podline on a cost basis, this is bad. This means Beanstalk is telling you to “go fuck yourself”
    • Beanstalk on principle should not ever say “fuck the debt we owe”
    • Pod holders weren't the ones robbed, can't even vote, so Silo holders would really be fucking them over if pod holders are treated differently

What was the $ volume of trades post-exploit?

  • Not sure, but looks like more than half the Beans were bought and sold after the hack. Not sure about $ value as these beans were basically worthless at the time

Should we give rewards to everyone who is affected (e.g. stalk)?

  • No, We’re broke

What are the options for auctioning off and bidding?

  • There is no bidding, this is the traditional Beanstalk model where you just sow like before

Are we worried about hacker dumping the ETH they took back into bean?

  • Wouldn’t make sense, they already have the money

How about delaying paying off silo and old pod line until a certain amount of new podline is paid off?

  • Yes, this is possible. Depends if the new capital wants this

Is the bug bounty a priority?

  • Yes ,lots of effort happening across beanstalk to get as many eyes on contracts.

Are we considering any type of treasury?

  • No, because then this will mean we will collateralize

How did exploiter retroactively execute code?

  • Contracts can be updated, adding removing or replacing functions. After this "cut", it can then execute other code. The function in the contract that was ran essentially transferred the funds out.
  • The code that was executed was deployed basically immediately right before the address.
  • The diamond cut (the piece of code that was updated) may not have been malicious until literally right before the code was executed

Is there a minimum fundraise threshold?

  • Not as of onw

Will we give Ukraine pods?

  • No reason to give out pods if not necessary
  • What sort of allocation are we considering pursuing (e.g. institutional, community, etc.)?
    • Beanstalk doesn’t care where the capital comes from

What is on the roadmap that can help attract institutional money

  • Generalized minting, generalized convert, bean farm — these things were right around the corner pre-exploit.
  • Nothing substantively changes from the roadmap from before:

What would happen if we just seeded the eth:bean pool with some money and let it run amok. "just a fun question”

  • Without the fundraiser, it would be really weird having all the stalk with no value under it. So it would be bad for beanstalk. So infusing capital is a good idea.