PIP-59: Proposal for Returning 40.203 wETH to Bybit (After 10% Bounty Deduction)

Having the proposing user verified as an official representative of Bybit, we now share our opinion on the matter:

1. ParaSwap has no connection with the Bybit hack, before, during or after the hack. The hack was the result of Bybit’s own vulnerabilities and/or those of third parties such as safe or others, which should be duly investigated.

2. ParaSwap did not commit any irregularities after the hack, ‘code is law’, its smart contracts worked as they should. ParaSwap is a decentralised, permissionless, trustless, autonomous and neutral DeFi protocol based on automated smart contracts. The fees in question were legitimately collected when legitimate transactions took place on the blockchain using its smart contracts. In other words, they are not funds from the hack, but are legitimately collected fees for the service provided.

3. Therefore, ParaSwap has no obligation to refund fees that were legitimately collected for services provided in valid transactions recorded on the blockchain.

4. The debate here is purely philosophical, moral, or ethical, based on a request made by Bybit to ParaSwap to return the amount of fees collected from transactions executed by the hacker. In other words, the issue comes down to clarifying that the fees were duly collected, are the property of ParaSwap, and that Bybit, as a gesture of goodwill, is requesting their return for the reasons outlined in its proposal.

5. The DAO has the sovereignty and authority to decide on the allocation of its funds, so the discussion comes down to making a decision on whether the DAO accepts or declines the request to return the legitimately collected fees as a gesture of goodwill.

6. This is not a minor detail, as while ParaSwap is a decentralized, neutral, trustless, and permissionless protocol, the DAO retains sovereignty and decision-making power over the funds collected through fees. It can choose to return them to Bybit if deemed reasonable. This means we are not dealing with the automatic, autonomous, and irreversible collection and distribution of fees, but rather with a decision that remains subject to collective human judgment by the DAO. Given that the collected fees stem from an illicit act and require a human decision, isn’t it appropriate to return those funds to the victim rather than taking profit from the illicit act?

7. In the first instance, we understand that neither ParaSwap nor any other DeFi protocol should cover the errors or vulnerabilities of anyone who has been the victim of a hack, neither retail users, nor entities, nor CeFi, nor anyone else. The spirit of DeFi is that everyone is responsible for the custody of their own assets.

8. Despite this, we recognize that this case is uniquely significant within the ecosystem, as it represents the largest hack in crypto history. The full extent of its consequences remains uncertain, and we cannot rule out the possibility of legal action or regulatory intervention.

9. On this basis, we believe that it would be an ethical gesture of goodwill on the part of ParaSwapDAO, not only towards Bybit and its users, but also towards the ecosystem and the industry in general, to return the fees legitimately collected for the transactions made by the hacker, thus helping to mitigate the effects of the hack. Although, as mentioned, the fees were legitimately collected, the good gesture here is for ParaSwapDAO to return to the victim of the hack the funds collected for the transactions made by the hacker and not to benefit financially from the consequences of an illegal act.

10. In the same way, this case, which involves millions of dollars publicly derived from an illegal activity, could have legal implications for the Protocol and its members, as well as for the DAO and its various members (voting tokenholders, delegates and any participant of the forum and the community that participates in any way in the decision-making process in this case), so by proceeding with the return of the collected fees, ParaSwapDAO publicly demonstrates its good faith and goodwill, mitigating any possible interpretation in this regard. As stated in the first points, we do not believe that this interpretation is valid, but the return of the funds eliminates any risk of a contrary interpretation that could affect the Protocol, the DAO and its members in the decision-making process here in question.

11. Moreover, returning these funds would position ParaSwap among the DeFi protocols that acted in good faith and took steps to mitigate the effects of the hack—an ethical stance that could enhance the protocol’s reputation and be worth leveraging. Conversely, no one wants to be perceived as a bad actor, as this could put the protocol’s prestige at risk.

12. In this regard, it is not a minor fact that both Cointelegraph and DLNews recently covered the events that took place, the request that Bybit made to ParaSwapDAO with this proposal, and the debate that is taking place in the DAO, so this issue has already taken and will continue to take more public and media relevance within the ecosystem, the focus is on us and the decision we make, forcing us to be even more responsible when making a decision.

13. We do not ignore the fact that 80% of the fees collected are distributed to the stakers, so it is important to be cautious when making decisions about the destination of these funds, but we are convinced that the best way to protect the stakers and their investment is to make a decision that puts ParaSwap in the right place in history, making an ethically valuable decision that generates a healthy prestige within the ecosystem of being a good player, a protocol that helped mitigate the effects of the hack, as opposed to the bad reputation that would put ParaSwap in the position of a bad actor that “kept the profits of the hack”, which can generate negative consequences both in public opinion, users and the industry, potentially generating future conflicts that could jeopardise Project Miro’s plan to list the new token on the top-level CEXs. This big-picture perspective that we are outlining to justify our decision is, in our view, the best way to protect the stakers and their interests. It positions ParaSwap on the right side of this story, showcasing to the outside world, the industry, and our partners that it is a trustworthy, collaborative protocol committed to the ecosystem and the industry it belongs to. ParaSwap’s reputation will be further strengthened—not only by offering a top-tier product but also by demonstrating good faith, reliability, and commitment through its DAO. This will undoubtedly be appreciated by current and future partners, potential new allies for integrations and collaborations, and the broader industry. Additionally, it paves the way for strengthening alliances with CEXs, which could facilitate the listing of the token

14. Therefore, while we understand the reasons given for not returning the funds, we also believe and prioritise the fact that the DAO should be a driver of the Protocol’s success, be part of it and contribute to its growth, as we expressed in our post Driving Protocol Success through Optimised Governance. By this we mean that the DAO is not a separate entity from the protocol, it should not only focus on its internal processes and some actions related to the growth of the protocol, as it is done so far with the PGWG for example, but the DAO should also play an essential role in issues such as the one we are analysing, maintaining the reputation of the ParaSwap brand. For this reason, we believe that the return of the funds is a good sign that must be taken in order to increase the reputation of the DAO and therefore of ParaSwap. While we do not underestimate the sum in question (44.67 ETH), we believe that by making a high-level decision, the goodwill and credibility gained from this action could bring significantly greater long-term benefits to the protocol, the DAO, and ultimately, to the stakers and investors as well.

15. This decision does not imply disregarding or interfering with the decentralized, permissionless, trustless, and neutral nature of ParaSwap. These principles remain untouchable and are not being questioned. It simply involves making a decision regarding the DAO’s funds, where the determination of their destination rests collectively with the DAO.

16. We acknowledge that Bybit offers a 10% bounty on recovered funds related to the hack, as outlined on http://lazarusbounty.com/and that ParaSwap is listed on the ‘Bounty Hunters Leaderboard’ as a potential beneficiary if the decision is made to return the funds. We believe this is fair, as the DAO is dedicating time and effort to address this restitution issue, and it is reasonable for Bybit to voluntarily compensate the DAO for its involvement. In this case, ParaSwap would not be retaining or keeping funds from the hack but rather accepting a voluntary recognition from Bybit for its efforts.

17. For all the above reasons, our position is that we are in favour of the proposal made by Bybit and we believe that ParaSwap must return the requested funds in the context of the voluntary bounty offered by Bybit. In other words, it must return 40,203 wETH and keep 4,467 wETH as a voluntary bounty offered by Bybit. We ask the proposer @bybit to explicitly clarify this and adjust his proposal accordingly before putting it to a vote.

18. As for how to proceed with the implementation, due to legal concerns and to act with the due diligence that the case merits, the return of funds should be conducted in accordance with the steps proposed here by @citizen42:

19. This decision, which we propose to adopt, must be understood as entirely exceptional and applicable solely to this specific case due to its unique circumstances. It should not be considered a precedent for future cases, which will be analyzed on their own merits and in due course.

20. Despite the above, and in order to avoid a situation where in the future any person or entity could request a refund of fees from the DAO claiming to be the victim of a hack, which would force the DAO to analyse and decide on a case-by-case basis whether or not a refund is appropriate, which would be unfeasible and unreasonable, we believe that it is necessary for the DAO to establish a clear and predictable framework and mechanisms for future similar cases, and that once this issue has been resolved, the DAO should begin to establish this framework and seek solutions, for example through Kleros or SEAL. Likewise, the Reward Mechanism Automation approved by the DAO and being developed by @wakeuplabs will help prevent similar cases in the future, as the distribution will no longer depend on human calculations and manual execution by the GovCo, but will be fully automated and independent of human decisions, making the distribution of rewards automated, decentralised and neutral.

21. In summary, we will support Bybit’s request on the condition that the proposal is reformulated to meet two conditions that we consider crucial and essential:
    a. Incorporating a legal indemnity clause, as suggested by Citizen42;
    b. Incorporating that ParaSwapDAO is the beneficiary of the bounty offered by Bybit, and therefore, of the 44.67 wETH of fees collected, the proposer is requesting the restitution of 40.203 wETH, while the remaining 10%, which amounts to 4.467 wETH, will be retained by ParaSwapDAO as part of the voluntary bounty granted.

22. This is our opinion as of today, but we are still reviewing arguments and analyzing our final decision. Therefore, and given the complexity of the issue, we do not rule out making last-minute changes if any DAO member or delegate presents a strong and justified position that we fully agree withand makes us reconsider our opinion.