Who should pay for the KelpDAO settlement

Original title: "Trilateral game under 290 billion holes: Aave, L0, Kelp, who can pay? "
Original by Azuma, Daily Daily Planet

The rsETH bridge contract from Kelp DAO has been stolen for over 30 hours, and the parties concerned (Layer Zero, Kelp DAO, Aave) have continued to express their views (mainly in the "sling pot", emphasizing that they are not wrong) but have not yet given a final solution。

Therefore, this paper would like to talk about the current positions and attitudes of the parties involved, explore the reasons for the delay in finalizing the programme and try to guess how the event might eventually be resolved。

Note: For a summary, seeTHE CODE WAS STOLEN AS WELL, 2026I don't know。

Who is responsible

First of all, the issue of accountability should be discussed。

According to the details of LayerZero, the immediate cause of the incident was quite clear, namely that the downstream RPC infrastructure on which LayerZero operated the decentrized certification network (DVN) had been breached (see analysis of the slow-mog founder cosine below) and that, since the Kelp DAO bridge contract used 1/1 DVD, the attackers would be able to complete the attack only by completing a false information verification。

SayerZero believes that Kelp DAO, which uses 1/1 DVD configurations, is the most directly responsible party for the incident. There's nothing to say. It's so obvious that the "single-point failure" is out of order。

But as a bottom-up cross-chain agreement, LayerZero should also be partly responsible. LayerZero allows each upper layer to apply the number and threshold of self-configured DVDs. Although 1/1 of the DVDs is Kelp DAO's choice, as the designer of the bottom structure, the settings of this version should be circumvented。

Finally, loan agreements such as Aave (emphasis added here) are also indirect victims, but the fact that Aave has objectively granted rsETH and other LRT excessive lending powers for expansion purposes is also a direct cause of its current passivity. In addition, it is worth mentioning that the question of Kelp DAO ' s DVD was clearly identified last January by the former Aave wind control team BGD Labs (now separated from Aave), and that Kelp accepted the recommendation at that time, but apparently did not change ... Aave did not continue to monitor and respond to it, and it was self-economies。

So the verdict is clearKelp DAO is responsible, Layer Zero is liable, and Aave has some indirect liability。

The awkward reality

The reality is always more complex than theoretical expectations。The most important question is that the Kelp DAO team, which is primarily responsible, can't make up so much money to make up the hole..It's good to reduce the total loss directly from all rsETH, and it's good to stab Layer 2 currency holders, which is essentially a dead end。

So who has the moneyThe first was a reputational crisis as a result of the incident, which had been temporarily suspended by a number of institutions and agreements, such as Bitgo, Tron, Ethena, Curve, and either.fi, looking at Layer Zero, who could lose a large cross-chain share; and the second was Aave, who faced huge potential bad debts and was watching billions of dollars of TVL lost。

So now the "ghosts" are clear. Kelp DAO, the main party responsible, is largely paralysed, unable to take charge of the follow-up payments, and what to do is to negotiate with the two brothers; at the same time, the sub-accounters and indirect liables, Layer Zero and Aave, have stated that there are no loopholes in their own agreements, that they do not want to take this much of a pot easily ... So the situation seems to be a little stagnating。

But I don't think it's going to last long, because there's a need for both agreements to solve the problem quickly — Layer Zero can't give up its own OFT cross-chain ecological map; and Aave can't ignore the continuing outflow of stock money。

The key to the game

This morning, Aave issued an updated statement on this event, in which one of the most important points of information was — Aave stressed —The rsETH on the Ether host network is well supportedI am not sure。

How do you understand that? Need to start with the design of rsETH。

rsETH is essentially a liquid pledge token issued by Kelp DAO. Each rsETH has a base supported by an ETH in a pledge and re-commitment system with a path of "ETH - Lido - EigenLayer - Kelp DAO - rsETH"。

The main web-based rsETH, Kelp DAO, is the original certificate token issued on the Ether House, and later, in order to expand within the Layer 2 ecology, Kelp DAO will map the main web rsETH to the big Layer 2 by relying on the Layer Zero's cross-bridge contract (that is, something that happened in this event). Each rsETH that is published in Layer 2 will be deposited into Kelp DAO's hosting contract until the rsETH on Layer 2 is released。

Well, now go back to the accident itself. The reason for the theft is mentioned earlierIn other words, hackers have fabricated cross-link information by cheating on the DVD, resulting in the bridge contract being "misrely released" 116,500 rsETH - not by printing the new coin in blank, but by obtaining the original certificate token from the main web site that should not have been released。

This is the problem, and this part of the coin has been flowing through the map over Layer 2, and the main online token is sealed, but the hackers have deposited it into loan agreements such as Aave and borrowed better liquid WETH, thus completing their escape — again, the hacker's deposit of rsETH is real, so that Aave will support mortgage lending。

Now it's interesting to look back at Aave's statement. "The rsETH on the Ether host network is well-supported."These are real, Kelp DAO, and you're supposed to be supporting us to take them back to the bottom of the ETHI don't know

This should be Aave's tendency. While emphasizing the value of the main web rsETH means that the value of the Layer 2 map rsETH will be ignored, it would also result in some bad debts due to the fact that Aave itself has some rsETH debt position (real time size of approximately $359 million) in the lending product above Layer 2. But the dichotomy is light, and Aave's probability is to assess the potential impact of the two options, considering that it is in their best interest to maintain the core products of the main network。

But it's just a statement from the Aave family, and it's still up to LayerZero and Kelp DAO to reach agreement。

Although the latter has not yet made a further statement, I personally find it difficult to accept this option because abandoning the Layer 2 map would directly threaten the cross-link goodwill of Layer Zero。

Potential solutions

The problem will eventually be solved. In the past two days, social media activists from all walks of life have been giving their ideas to Aave, LayerZero, Kelp DAO。

The founder of DefiLlama, 0xngmi, developed three possible paths, but also indicated that there were obvious flaws in all three paths。The first route is for all rsETH currency holders to share the value reduction of 18.5 per cent (the rate of loss of tokens/ issue of tokens), Kelp DAO to take the fall, and Aave to take on approximately $216 million of bad debts on the main web; the second route is to ignore the value of all Layer 2 map rsETH, so that the main web product of Aave will be preserved, but the Layer 2 map is likely to collapse and Kelp DAO goodwill will be zero; and the third route is to reimburse the rsETH holder prior to the hacking in full on the basis of a snapshot, and the holder of the subsequent purchase or transfer will bear the loss, but it is virtually impossible to operate because the funds have been flowing after the attack。

OneKey founder Yishi said:Now, the best result is to talk to hackers, give them 10-15% bounty, get the big head back. The LayerZero Eco-Foundation, with its wealthiest and most long-term benefits, can save the OFT ecology。Kelp DAO is the poorest, either token + future income supplement, or simply package the whole project to LayerZero or Bitmine. Umbrella and stkaAVE go down the last floor of Aave, but the WETH depositors can never take a value reduction, otherwise Morpho, Spark, Fluid, Euler is all priced, LRT tracks are all blacked out, and the entire DeFi industry is set back three years."

In any case, it is certain that the parties will continue to do so for a while, after all, involving hundreds of millions of degrees of real money and silver, and that no one wants to be the worst。

As for how much time it would take to give a programme, it was also mentioned earlier that neither of the two giants could afford to take too long。Layer Zero, now forced by the major cooperation agencies and agreements, will be able to change the course of the chain for a long time; and Aave, which has reached 100 per cent utilization in multiple pools and depositors are in a state of "set-up" ...if ETH suddenly collapses, Aave is likely to have more bad debts due to a lack of effective liquidation (as is currently the case), which will eventually lead to the problem getting bigger as snowballs– It is true that at this point, the very foundations of the industry may be frustrated, and no one will be pleased to see it。

Original Link