🌱

DAO Weekly Meeting #63

Date
March 23, 2023
Timestamps
• 0:00 Introduction • 0:35 Development update • 2:14 Design update • 4:01 BOP-2 update
Type
DAO Meeting

Recordings

Meeting Notes

Development update

  • The main focus for SiloChad has been supporting Cyfrin + Halborn in their Wells audit
  • Prepping silo v3.1 to go to Haborn - documentation
  • some final decisions on the erc1155 deposit representation
  • merging solidity feature branches from the last few months together
  • Several tweaks to Wells in review: https://github.com/BeanstalkFarms/Wells/pulls
  • Beanstalk <> Wells integration in progress: https://github.com/BeanstalkFarms/Beanstalk/pull/378
  • The rest of the engineering team is also welcome to hop in with updates! Notably: - AL BEAN and Marshall working on Wells UI and k-xo doing some research re: sunrise caller profits given the sunrise improvements BIP

Design update

  • The team has been working on the Wells UX and just hired someone to help out with the visual aspect of Wells

BOP-2 update

  • Euler was exploited last week and the exploiter has been returning funds. Sync thinks this is a good time to revisit BOP-2 and see if anyone can help. There are a lot of people retweeting the Twitter thread about BOP-2. Any analytics firm needs a written agreement to start an investigation. Sync thinks this is a good time to bring the Beanstalk recovery to light. Sync talked to Lossless when BOP-2 was first purposed and has since followed up with them but has not heard back.
  • Hat’s finance team is reaching out to their network of white hat hackers. Sync is unsure what they are asking when they are reaching out but he assumes they are asking to take a look into recovering funds. SweetRedBeans recommends people talk in the BOP-2 Discord channel if they have questions or comments about the recovery effort.

Transcript

Okay, well, we can get started and maybe stragglers will fill in. And if not, they can at least listen to the recording. The GM. Everyone, welcome to this week's style meeting. A guy is actually traveling today, so I'm going to fill in for him. And, um, so I guess to start, we had some great Twitter spaces this week with Chris Black and the Spark ABC guys which is last night. Um, and, uh, yeah, that was awesome. Uh, go ahead and give. I guess I'll read Chad's update first. Sounds like he's is a bit under the weather and SEC. So I'll read his update and then I'll give my update. Looks like probably isn't here. So if they join, we'll give them a chance to share any updates or thoughts that they have. Uh, think it'd be great if we could hear from from you on Bob too, given some of the conversation in general, and then we'll open it up to some questions and comments. So, uh, for Chad's update, looks like the main focus for Chad and personally has been supporting Cipher and Halliburton and their Wells audit additionally of prepping some of the the silo v 3.1 updates to go to Holborn I believe that's called the Mayflower update now. So specifically working on some documentation and some decisions for the NRC 1155 Deposit representation, uh, there's been some work merging solidity branches from the last few months together and then additionally it looks like there have been several tweaks to wells and then the Bienstock and Wells integration is in progress as well. Uh, looks like there's been some work beginning on the wells UI front. And then additionally, uh, there's some research happening regarding the sunrise color or some of the economics surrounding the, the sunrise function. And so hopefully there will be more to share there in the coming weeks. If anyone has questions, I'm sure Chad is happy to answer those in the chat. Uh, as far as my update goes, on the design side of things, we've been working on the Wells UX, so we were able to close a, an experienced visual designer over the last week who's going to be helping us out with the, the wells sort of visual visual strategy. Like I mentioned last week, uh, this individual there, their username is full of beans, so if you see them in the Discord, say hi, they have great experience, a number of large tech companies and a crypto exchange. So looking forward to it. On the, on the visual design side, sort of expecting to have typography and colors determined by Monday or Tuesday for the new site. And then additionally sort of hoping to have a full prototype for the well deployment flow on the new site finished by Monday or Tuesday as well. The swap flow is is finished at this point. And so that sort of leaves some of the informational pieces surrounding the user experience on, you know, learning more about wells and also some of the some of the information associated with like the pump details or the, the, uh, the well function details as well. So, uh, making great progress there and excited to sort of share with the rest of the community as that starts to develop. Um, that's it. On the design front, looks like Publius is not here. A sync If you want to share some updates on bop too. I know there's been a lot of talk in the Discord lately, uh, with some of the Euler stuff that's going on. So yeah, we'd love to hear from you. A sure thing is my audio coming through. Okay? Yeah, it's great. Great, great. So yeah, as everybody's aware, Euler was exploited, unfortunately recently within the last week. Very significant exploit I think it's upwards of $200 Million. But nevertheless they've had a good chunk of the Etherium and security community behind them and thankfully it looks like they're making some progress. Just a quick update. As of this weekend, the exploiter returned 3000 to them in three separate transactions of 1000 ether each. And as of yesterday, I believe the exploiter sent an contain message to the Euler team with a with an email address. So it seems like they're going to hopefully work something out. But, you know, we'll just see how that progresses. So, yeah, we've used this as an opportunity, you know, to revisit Poppy to you know, I checked in with the HATS team. They reached out to some some of the folks in their network. We've gotten some support Ban tag, who's a prominent personality on Twitter and I believe him on the Yearn.finance team. He retweeted the thread that that team had put out back in January after BGF had deployed the ethical return contract. So that was really nice to get his support. Officer's notes. Officer's notes. He's an independent security researcher on Twitter as well. And he made mention of the being stock recovery effort in the context of the oil recovery effort. He had mentioned high finance, you know, involvement as well. And lastly, the analysis on chain team not to be confused with Chainalysis. They're based out in the and they're based out in Europe. And I connected with them and they've been rich with some of our stuff and I've actually been speaking to their to their founder JP very nice guy. So, you know, he essentially communicated to me similar to what I believe Chainalysis had communicated to beef back in September, that, you know, for for his firm to proceed, you know, for any analytics firm for that matter to, I guess proceed with with a formal investigation, they need an agreement in place. So I believe that was what the hold up was with Chainalysis back in September. And so, yeah, not really sure what else we can do given the circumstances. I guess we're going to just continue to monitor the oil situation. Hopefully their recovery progress moves forward, but I think that has this renewed, you know, a sense of, you know, camaraderie across the defi community about exploits. And, you know, I think it's an opportune time to raise visibility about starts the recovery effort, however slim the chances of success. Maybe there's there's been some some solid support from people that I honestly don't think have ever even spoken about being stopped before or given a mention about it. So I think that's, you know, just throwing that out there for the Dow to kind of reflect on. You know, I, I don't know what, you know, Chainalysis what type of formal arrangement they had been alluding to as far as a requirement when they were communicating with the EFF back in September. I can speak to my conversations with JP on the from the analysis on chain team. You know, they have a retainer, several thousand dollars and then, you know, that would lock them in and then they would just, you know, you know, allocate team resources to keeping an eye on on the movement of the funds and digging into it a little bit deeper. So aside from the retainer, you know, they have hourly rate, as I would imagine any other analytics firm would add. And, you know, he'd be agreeable to working out, you know, a number that the Dow is, you know, amenable to. So I haven't given a heads a nod to that or anything. I just wanted to use this as an opportunity to kind of mention it and guess we'll see what happens. Whether the DA wants to move forward formally on that in that regard or, you know, revisit the conversations with Chainalysis Chainalysis is more prominent. You know, they're they're much more known firm. And I think I believe they had already expressed a willingness to work with Bienstock. So I'm not sure, you know, I don't have any indication lines with them. Unfortunately. I try to reach out to blind analytics and lossless myself. Lossless did respond to me when Biopsy two was first approved. They did, you know, reiterate that they had been previously in touch with being staff arms. So I just, you know, made them aware of PRP too. I followed up a few weeks ago and I just I have not heard back from them as far as plan analytics is concerned. I did try to reach out to them and via Twitter, I have not heard back from them either. So, you know, some community members have been asking, you know, for more substantive updates. So thank you, sweetheart, for giving me an opportunity to, you know, speak in on today's call. And, you know, I'm just going to respectfully defer to to the doubt to kind of, you know, reflect on this a little bit more and then see maybe where what we want to do, considering some of the progress Euler has made. And, you know, obviously continue to monitor that and see how that proceeds. Awesome. I think, Chad, at a question in the Barnier chat, uh, it looks like he says when hats reaches out, who are they reaching out to and what exactly is their ask? Right. So that's you know, they have a they have a white hat network that, you know, they they, they are in communication with. So, you know, the per the retweet from ban tag, the mention from officers no notes was a was a was about an outgrowth of that. I can't speak to more than that. I would imagine you know, we can invite them on to a call and you know, get their take on you know, on on that on the details Separately, I've been working with, you know, as he has a podcast for his Money Alchemy podcast, and I've been in touch with him in the HATS team about coordinating a discussion about Defi exploits in general on on his podcast, the kind of discuss exploits in general. We had actually been in touch about this before the Euler exploit shortly after Bill Pizza was approved. But you know, circumstances didn't allow for the podcast to be to be scheduled or coordinated. So we actually recently revisited that discussion in light of the boiler situation. So they may potentially be appearing on the Money Alchemy podcast with our suite to kind of, you know, bring more visibility to this subject in general and specifically also to be in stocks recovery efforts as well. So awesome. Sync Do you sort of recommend that as the community has questions or wants to discuss some of this effort that they do that in the BOP to channel Yeah. Yeah. And just you know we continue to share updates there as as we can, you know, as we see them. You know, we're just continuing to try to raise visibility where we can to to silo Chad's question. I do believe they you know, the Hatch team, you know, is urging their their network to to revisit this. But from my engage ment with you know, like of I guess in formal investigative you know, security firms such as analysis on chain and from you know based on experience with Chainalysis, it appears that you know these formal firms and not independent white hats but these formal firms require some sort of formal agreement in place. And in order for them to to do to do their work so and that's kind of the roadblock that we're at right now. You know, independent white hats Will we'll do this probably just for the bounty itself. Right. But, you know, on a if we want more, I guess, a recurring type of arrangement in place with a formal firm, and we're probably going to have to look at potentially, you know, having a discussion about that within the Dow, within within the context of or with the understanding in mind that, you know, that's that's just how these firms work. And we can point to the communication that Chainalysis had conveyed back in September. And I can, you know, obviously vouch for that from my own discussions with the analysis on chain team separately. So so yeah, we'll just continue to monitor the Euler situation and you know, hopefully they their recovery proceeds and there's progress that's made on that front and we'll just go from there. Great thanks for the update think would appreciate it would sort of recommend that as community members have you know questions or want to discuss that you sort of bring it up in the back to chat and discuss the sink side. I one last thing I just wanted to ask if I if I were to able I don't know about Chainalysis, I guess BFR already has a communication line with them. I don't know if I know that in September they had been open to the idea of potentially coming on to a DAO call and presenting about what their services would entail. I don't I don't know if if could reach out to them and revisit that, but speaking for myself, would it would it be possible to if JP in their analysis on chain team are open to coming on a DAO call to talk about what their services would entail, would it be possible to make that, you know, arrange that for a future DAO call? I'm sure it would. Sounds like a great thing to do. We should discuss with Guy on on, you know when to do that and how to approach that. But yeah, I'm sure it would be a great thing to do. Okay, great. Thank you so much. If you don't mind checking with Guy, I think that would probably be a good way to get this all set up. So. Sounds good. Great. I'll pause to see if there are any additional questions, but otherwise, I think we can we can call it early today. All righty. Thanks, guys. We'll chat next week.