PEP - [EXPRESS VOTE] Return $USDC fees from exploit to GMBL Computer team

Hello everyone. You can call me Lucid.
I am one of the investors in the GMBL project.
This is my first participation in DAO activities, I hope it will be an interesting experience.
I have read the whole discussion thread and as an interested person I would like to encourage the community to return the funds received in the form of a protocol commission.
As described above, ParaSwap does its job by providing the best quotes for the exchange. There was also a good analogy with the casino robber and Western Union.
First of all, I would like to remind you that we are a Web 3.0 community.
This space is being created in front of our eyes and is different in many ways from the old institutions. Mutual help is key here.
This protocol is an attempt to create a decentralised financial instrument based on the activity of gambling. This is a new phenomenon that is not yet regulated by the state.
Creating new services can be difficult and, as we know from experience, many larger and more prepared protocols have fallen victim to hackers.
Thanks to cryptographic technologies that have introduced new practices in community organisations, you and I can now discuss and decide the fate of future technologies. We all know the problems and sins of the old financial institutions, where everyone thinks only of their own benefit and the community is atomised.
I write this in good faith, assuming the innocence of the protocol creators. Further events have shown that this is the case. The protocol creators used half of the money returned by the hacker to buy back tokens - all the information is available in the community. The remaining half, minus the reward to the white hacker, is likely to be returned, as he is fully doxxed and negotiated with in Turkey, the government of which is aggressive towards cryptocurrency fraudsters.
This protocol, if it survives the crisis and continues to generate revenue, will continue to use ParaSwap’s services. This will be another innovation in our field that will increase the diversity of applications of decentralised finance.
But none of this can happen without your help.


TBH I’m not against refunding the funds, but since Paraswap is not responsible for the hack and has only done his job. I can support refunding part of the funds like 80%.

  • This will cover good part of your lost and keep good relationship with both protocols.
  • Paraswap DAO, staker will get something
  • Paraswap avoid potential bad buzz
  • If funds are tagged as stolen, then technically we will “receiving stolen goods” which could be a crime in some areas.

I agree with @Xutyr if a vote is made I would vote in favor of returning part of the funds but 100% seems extreme because of the bad consequences that could outcome for the DAO. Indeed recent PSP investors might expect receive the displayed fees on the Paraswap dashboard, so I would find it a bit unfair/dangerous to simply remove all those rewards.

As you said @lucid697 web3.0 honest projects need to support themselves. As a good gesture and to strenghten the relationship between our protocols I would be in favor of giving back 70%, keeping 20% for Paraswap stakers, and buying GMBL with the remaining 10% in order to stake them. It is almost equivalent as refunding 80% to your protocol, and covers a bit the cost of operations/swapping/price variations between already acquired ETH.

However I disagree with the “receiving stolen goods” part of your message @Xutyr because the stolen goods are resting in the LPs IMO, because Paraswap DAO never received any GMBL. Indirectly the LPs are the ones who profited from the hack too if it is completely reversed. But this is just a detail.

In conclusion, I think to avoid making losses to Paraswap DAO while helping you to recover after all these troubles, these proportions (70% to GMBL, 20% to Paraswap stakers, 10% of GMBL buyback and then staked for the DAO) seem a great choice for me. And this should be proposed as a PIP.



I’m sorry not to be in the same mood.
But returning 70 or 80%? No way (in my opinion).

“10% of GMBL buyback then staked for the DAO” … Why DAO should have an illiquid token (GMBL) whose value will be zero in few weeks or months?
Is it a suicide mission?

Shall I remember this is a gambling platform which got hacked less than 2 hours after launch? Don’t you guys think more hacks are coming? Sure there is an audit, but it is only a smart contract audit according to GMBL twitter, and it was done on June… So being audited doesn’t mean much.

If we have to vote about this subject, we can’t wait for weeks.


It’s interesting to see how the discussions evolve.

I’d like to see us get back to the facts, as we find ourselves philosophizing about WEB3 and some even thinking about investing in a casino in the name of the DAO!

I’m just philosophizing to say that WEB3 is not a world of charity, but a world of responsibility. Web3 was created to stop people being ripped off by intermediaries and to enable everyone to take full responsibility for their actions in matters of currency among others.

Having said that, we come to your case.
You’ve come here demanding redress.
But what redress are we talking about?

You’re an unregulated casino (need I explain how a casino makes money?).
You’ve launched a protocol quickly, without taking the time to check your codes. You minimized the warnings of a white hat and made a stupid mistake that cost you a certain amount of money.
When does Paraswap step in? Do you think Binance will have reimbursed you? Let’s be serious for a moment.

What will the future hold for Paraswap if, tomorrow, everyone who isn’t satisfied with a swap asks for a refund? What’s the future for Paraswap, if every protocol can come and beg for the slippage caused by a swap being misread?

We’re a company, we’re a legal entity. We rely on facts and are judged on facts. Facts do not call into question our integrity, nor our work.

Best regards


My stand on this from the very beginning was to stay clear for the singular reason that this is related to gambling

However, in the interest of not setting bad precedence and bringing clarity, I have decided to say this. What exactly differenciate DeFi from CeFi? The real game changer is the introduction of smart contracts which makes trustless transactions possible. In other words, any protocol, entity or individual can interact with ParaSwap smart contract without human intervention and they are assured of getting a good rate. By returning this fund, we are indirectly making a supposed trustless transaction trustful.

There’s no report of bug in the execution of the said transaction meaning that ParaSwap did its intended job. This is similar to someone mistakenly buying a token on a centralized exchange at a price much higher than the market rate and then approaching the exchange later for a reversal or refund claiming that he had a different intention.

That said, in the spirit of giving everyone a fair chance, I think the format should be changed to PIP and put this to a vote. Let the DAO decide.


Hey guys, thanks all for those comments and deep thoughts regarding decentralization and collaboration between DAOs and communities. I just felt a responsibility to clarify the issue on a technical point of vue so that everyone is on the same page. This is what happened:

  • The hacker used ParaSwap through a partner UI
  • The price returned had a very high price impact (~53%), which should’ve been blocked ( & ParaSwap API block trades with > 15% price impact by default)
  • The hacker still accepted the trade regardless of the high price impact
  • That high price impact wasn’t real because the Camelot integration (Algebra fork) had an upper bound limit on the concentrated liquidity implementation. Still, the execution considered the whole liquidity, which meant a big discrepancy between ParaSwap’s and the real price. This resulted in our smart contract considering the difference as a surplus and splitting the fee between the partner and our DAO.
  • The USCD fee was converted to ETH shortly after by the Mimic fee bot.

TLDR; we took a fee because of a shared mistake between:

  • ParaSwap: because of our faulty price implementation
  • The partner: they didn’t implement standard safeguards to protect against high price impact
  • The hacker: for not paying attention to high-price impact trade (or maybe not caring about their free stolen money…)

I think we have two subjects here:

  • Refunding the user, but they’re the hacker.
  • Refunding the GMBL DAO, I think we should if they prove a good standing (police report, for instance). I think that the ParaSwap Foundation or any community-approved entity can help certify legal papers and KYC GMBL claimers.

I agree with @Xutyr that keeping profits resulting from a criminal act is illegal in many countries, and we don’t want to be, as a community, giving that example of sitting on the wrong side of the law.

I propose, as a ParaSwap core contributor, to convert the ETH back to the USDC fees and put them aside until we figure out the best play.


Thank you for the details, it explain the huge revenue that day.
Good for the context but not a point to take into account in our case.

It’s not a bug, the potential hacker received the exact amount displayed on his screen when he did the swap, so there’s no reason we should EVER refund fees of a swap that was executed the way it was supposed to. ParaSwap did what it’s supposed to do, that’s what DeFi is all about, permissionless and immuable.

It doesn’t work like that, if someone were to ask ParaSwap to freeze the funds it would be neither the complainant nor the police but the justice.
Anyway, this has no chance of happening, the only person responsible is the potential hacker, if he is found guilty and he is not able to repay what he owes then the courts will seize his assets.
ParaSwap doesn’t provide custody of assets.

ParaSwap did not take advantage of anyone, what would have been criminal would be to have intentionally helped someone commit what we know to be a crime.
ParaSwap protocol is not conscient it’s a permissionless smart contract in the blockchain.

The point here is that, ParaSwap is not responsible for what happened to GMBL, ParaSwap does NOT have GMBL nor the Hacker’s funds in possession.
Someone Swaped (X) and received (Y) as requested, ParaSwap collected (Z) for the execution of the swap like UNISWAP, Balancer or Curve does.
(Z) is ParaSwap’s DAO property.


Thanks for remaining pragmatic.
I don’t understand why some people let their emotions guide them here.

Refunding the user, but they’re the hacker.

It’s madness. Whoever the user may be, if he accepts the rate, then Paraswap is in the clear.


Hello again.
I think whatever the outcome of this vote, it will be enlightening.
First of all, thank you Lup for bringing more clarity to this event.
I assume that this insight will be useful in creating better technology.
Next, I see that the users have split into two camps:
One is in favour of the idea that code is law. The protocol has done its job, that’s what it was created for.
This idea has obvious contradictions with current legislation, such as the Tornado Cash example.
I think people should not be relieved of their obligation to intervene in such events, especially when only the owners of the Paraswap token can intervene, by open voting. We should act together with the technology and make decisions at critical moments, otherwise I think we will have an unenviable future. When we create a protocol, we cannot foresee all the consequences of its use. So we need human intervention, but in a much more transparent and democratic way than previous systems of community organisation have allowed.
Other users, acting in good faith, do not want to mess with money that has been obtained somewhat illegally. I think this is an emotional view of the situation and should not be the basis for such decisions. But it does show that ordinary users have something to say in unforeseen situations, without relying solely on protocol features.
I would like to win over pragmatic people by showing that by reducing the diversity of protocols in the Arbitrum network, the Paraswap protocol is also harmed. This is an unsustainable development path and we can influence it.
I realise that many people may be annoyed by my lengthy arguments, but I find the discussion interesting.

I love to discuss and argue IMO. So no, your iterations are not unpleasant.

However, I will add that your twitter, your discord and all your networks are ghostly. That many users think you’re a scam. I’ve been following your networks since the beginning of this “hack”, and I can see the nothingness of your “community”. This reinforces my nauseous feeling about the situation.

In short, Paraswap has done its job. You know my point of view.


It is important to note that I am not a member of the team.
I have a small investment in a project at the pre-sale stage.
As I mentioned above, this is my first experience with discussing DAO activities. And to be honest, I like your community.
I am even thinking about investing in the Paraswap project. At least I will do some in-depth research.