[Disclaimer - Angle Labs holds agEUR, and its members hold both sanUSDC_EUR and agEUR]
Thanks for starting the discussion! And thanks everyone for the thoughts here.
In preparation for the case where there is no solution to the post Euler hack situation and the protocol is left with some bad debt, it indeed seems to be a good idea to clarify how this bad debt would be allocated.
If the contracts were unpaused with the pre-Euler hack parameters, it’ll lead to a bank run situation as agEUR will be redeemable 1-1 against reserve assets, and sanTokens will be redeemable at 1-1 at first, then with a slippage once the collateral ratio is lower. In the end, last users will be left with nothing as the smart contracts will have nothing left to redeem assets against.
To avoid this unfair bank run scenario, leftover assets could be frozen and redistributed differently. The key question hence, regardless of the outcome of the Euler hack, is to determine the order of “seniority” among the different token holders of the protocol.
There are several global scenarios that could make sense to us at Angle Labs:
-
sanTokens are the risk bearers of the protocol, they are considered junior with respect to agEUR and HAs, so the repayment waterfall is agEUR and HAs, then sanTokens.
agEUR = HA > SLPs
-
Same as 1, but sanUSDC holders are considered less senior than other sanTokens, as the main collateral impacted by the hack is USDC.
agEUR = HA > SLPs > sanUSDC_EUR
-
Even though the amounts at stake with HAs are minor with respect to agEUR and SLPs, it could also be considered that HAs should be treated the same as SLPs.
agEUR > HA = SLPs
-
Same as 3 but USDC HAs are considered less senior than other HAs and sanTokens, as the main collateral impacted by the hack is USDC.
agEUR > HA = SLPs > USDC HAs = sanUSDC_EUR
-
All tokens holders are considered equally senior, so the bad debt is distributed proportionally according to the value of these tokens at the time of the hack.
agEUR = HA = SLPs
Comments & References
- With options 1 to 4, agEUR peg should be maintained based on the detailed state of the protocol publicly available here
- In case all funds impacted by the hack are definitely lost or not recovered, 2 and 4 would mark sanUSDC to 0
- 5 may make it hard to repeg agEUR without a bailout or an injection of funds in the protocol.
As reminded by @LordKajafas and @angular, there are already some places in the docs which refer to this kind of situation, and what’s explained there tends to converge towards the first or third scenarios, which seem like the options the most in line with the docs (depending on whether you’re referring to SLP slippage or a collateral settlement).
- Angle Core Module collateral settlement with an example implementation here.
- Page about SLPs
- Angle Core Module risks and emergency solutions
While different options are still available for the future of the protocol at this stage (like an ANGLE fundraiser, continuing operations as normal should option 1-4 be chosen, or winding down the protocol - which implies granting a mandate to some team to consolidate the protocol’s holdings), having a better idea of the waterfall and how the loss (if it stays like that) will be distributed among all stakeholders (including Angle Labs) will definitely provide some clarity to all protocol users (in particular for the question of whether agEUR should trade at peg or no).
The collateral settlement page has details about governance token holders being treated preferably in the event of a liquidation. A future vote could specify how those affected by a loss could be handled differently depending on their governance token holdings.
In all scenarios, should some funds be retrieved from the Euler hack, users should be able to recover all or part of their allocated loss after the allocation has been voted on.
Given the capital importance of this for all protocol stakeholders and integrators, the best scenario needs to be discussed and voted shortly.
The vote could include new scenarios, other than the ones suggested here, like for instance what is suggested by @alaCarte.
This would be an informational vote though, that would need to be followed by other proposals on for instance and depending on the outcome of a first vote and the Euler hack how to technically implement a new design or a wind down for the protocol.