When the GotchiVault launched in March of 2022, many cheered this new way of making passive income, and many more were attracted by the promises of high yields. However, very few truly understand how centralized the service is, and how vulnerable the Aavegotchi DAO is to its actions. The goal of this post is to discuss some of these vulnerabilities and potentially propose actions to the DAO.
Smart Contract Risk
It’s not possible to implement smart contracts without incurring of some risk. Developers will always unwillingly introduce bugs and questionable functionalities that can expose its users to different levels of risk, and the GotchiVault is no exception. However, what is interesting about the Vault is that due to the upgradability aspect of its implementation, Vault Managers are able to add virtually any function to their smart contract. I’m not saying that they will, but it completely changes users’ perspective when they realize that Managers can simply add a function to withdraw all assets in the smart contracts. That’s right, remember those thousands of NFTs staked in the Vault? They can disappear just like that!
Even though the Vault boasts about being decentralized, that’s just a facade. In reality most of the action actually happens on a bunch of scripts running god knows where. Both petting and lending are done by this occult and centralized part of the system that most users don’t even know exists. Where do these scripts run? Are they open-source? What other permissions do they have? These are just some of the questions that we can make at this point, but enough to raise concerns.
Conflict of interest
According to the Oxford dictionary, conflict of interest is: “a situation in which a person is in a position to derive personal benefit from actions or decisions made in their official capacity”. With that out of the way, let’s think about some of the positions that Vault Managers have in our community.
For starters, Marc Zeller is a known advisor of Pixelcraft and has joined GotchiVault as a Vault Manager, since he is in a position to influence Pixelcraft’s features and roadmap, does it make sense for him assume another position were he stands to profit from these same decisions? Again, I’m not saying that he will do it, but the problem is that he is in the position to do so.
The same concept can be aplied to DrWagmi, since he has now joined the DTF, he is now in a position to deny budget allocation to community members that don’t agree with the Vault. The best example is probably NonFuturistic, which had its DTF grant denied during a beef with another Vault Manager on Twitter. Coincidence? Maybe, but again the principle is important.
The Vault is an extremely centralize service which stands to profit from Aavegotchi and its community. The DAO shouldn’t allow Vault Managers to assume other decision-making positions in the community, nor let it grow to a size where it can influence DAO voting. A couple weeks ago CoderDan himself said that if the Vault votes on X, the proposal should pass. Is this the path we want our DAO to continue on? We are one of the most active DAOs in web3, and I’m afraid that this will not last with the GotchiVault around.
Sincerily, Amy Gotchi