A governing body that has discretion over any funds cannot be placed in the same category as a “permissionless” entity. The only permissionless setup would be an immutable fee distribution mechanism that diverts fees to token holders or other dispersed entities.
Clawing back fees from a distributed network of token holders is practically impossible and therefore won’t be enforceable. Any staker who receives a portion of this revenue technically “profits” from the illicit swap, but enforcing paybacks for PSP stakers won’t fly, unless the staker is a large token holder who may be doxxed and can therefore be tracked.
But Paraswap’s fee distribution isn’t fully automated—a group manually distributes these fees 80/20 with the stakers and the DAO. Even once the Wakeup Labs setup is instituted, the DAO technically has the ability to pause or alter the fee mechanism. As long as fees are able to be adjusted or redirected in a discretionary manner, we cannot claim permissionlessness. Only if the distribution is immutably set in stone can we claim a permissionless process. Or if the fees are immediately routed to stakers could we argue that the distribution is permissionless. Hence, under the current state of things, we should return the 44.67 wETH.
The downside is upsetting token holders. Paying back fees would also make staking yield retroactively contestable—an issue that could destabilize incentive models. If stakers could at any time have their yield contested, people will likely unstake and sell the token.
So who can be held responsible?
If a DAO can return funds tied to an illicit actor, why stop at direct cases? What about:
- MEV bots profiting from a hack? If an arbitrage bot extracted profit from a hacker’s swap, should it return the profits?
- LPs who collected trading fees? If a hacker swapped through a Uniswap pool, should the LPs be forced to refund their fees?
- Validators who earned gas fees? If a validator processed the hacker’s transactions, should they also return their rewards?
I guess the answer is more about clearly identifying who benefits from facilitating the illicit trade.
Therefore, the DAO and its liability is a different story than token holders’ liability. As soon as the DAO has control over funds that have been explicitly earned through facilitating illicit transactions, the responsibility is now on the DAO to determine what to do with those funds—in other words, the 20% DAO take rate is composed of funds that are directed entirely with permission by a clearly identifiable entity. Unlike automated dispersions to token holders, bots, or validators, the DAO is able to be isolated and targeted as an entity that should alleviate itself from tainted income. So under any scenario, the 20% DAO fee must be returned. But as mentioned above, if the 80% fee portion doesn’t automatically go to the stakers, then 100% of the fees are permissioned.
Another potential issue with a repayment would be the snowballing effect it would have on future and past fees earned. Every other transaction linked to illicit activity—directly or indirectly—could now be disputed. Therefore, a framework with clear boundaries should be determined prior to any repayments being made. This could be parsed by size and tracability, for example. If the illicit funds are clearly tracked onchain, so that you can point to a wallet being clearly related to an exploit, and if the size of the illicit trade is over $X, then there is the potential for recourse. In alternative cases, where a clear chain of exploited funds cannot be verified, and if the size of the trade is small, then the DAO is not obligated to pay back the victim.
While this framework is being decided, we are of the opinion that the DAO should set aside the 44.67 wETH and only send it to the ByBit team once a framework for these scenarios has been decided—and as soon as there is explicit verification that the proposal author is in fact the ByBit team through a proper KYC process.
As for fees:
- Operational Burden: The DAO is not a free arbitrator; handling such claims requires governance overhead, legal review, and execution costs. We should ideally interact with legal counsel to conduct this process with ByBit. This will take time and capital. All the expenses from this process should come from the 44.67 wETH. Post-expense capital can then be returned to the ByBit team.
- Economic Precedent: In traditional finance, recovering lost or misdirected funds is never free. Banks, payment processors, and centralized entities charge a fee for fund recovery.
Furthermore, we should consider discussing the merits of making the fee distribution immutable and automated. If this were the case, token holders would not have their yield seized.