GotchiVault, the greatest threat to our DAO

Background

When the GotchiVault launched in March of 2022, many cheered this new way of making passive income, and many more were attracted by the promises of high yields. However, very few truly understand how centralized the service is, and how vulnerable the Aavegotchi DAO is to its actions. The goal of this post is to discuss some of these vulnerabilities and potentially propose actions to the DAO.

Smart Contract Risk

It’s not possible to implement smart contracts without incurring of some risk. Developers will always unwillingly introduce bugs and questionable functionalities that can expose its users to different levels of risk, and the GotchiVault is no exception. However, what is interesting about the Vault is that due to the upgradability aspect of its implementation, Vault Managers are able to add virtually any function to their smart contract. I’m not saying that they will, but it completely changes users’ perspective when they realize that Managers can simply add a function to withdraw all assets in the smart contracts. That’s right, remember those thousands of NFTs staked in the Vault? They can disappear just like that!

Centralized Architecture

Even though the Vault boasts about being decentralized, that’s just a facade. In reality most of the action actually happens on a bunch of scripts running god knows where. Both petting and lending are done by this occult and centralized part of the system that most users don’t even know exists. Where do these scripts run? Are they open-source? What other permissions do they have? These are just some of the questions that we can make at this point, but enough to raise concerns.

Conflict of interest

According to the Oxford dictionary, conflict of interest is: “a situation in which a person is in a position to derive personal benefit from actions or decisions made in their official capacity”. With that out of the way, let’s think about some of the positions that Vault Managers have in our community.

For starters, Marc Zeller is a known advisor of Pixelcraft and has joined GotchiVault as a Vault Manager, since he is in a position to influence Pixelcraft’s features and roadmap, does it make sense for him assume another position were he stands to profit from these same decisions? Again, I’m not saying that he will do it, but the problem is that he is in the position to do so.

The same concept can be aplied to DrWagmi, since he has now joined the DTF, he is now in a position to deny budget allocation to community members that don’t agree with the Vault. The best example is probably NonFuturistic, which had its DTF grant denied during a beef with another Vault Manager on Twitter. Coincidence? Maybe, but again the principle is important.

Conclusion

The Vault is an extremely centralize service which stands to profit from Aavegotchi and its community. The DAO shouldn’t allow Vault Managers to assume other decision-making positions in the community, nor let it grow to a size where it can influence DAO voting. A couple weeks ago CoderDan himself said that if the Vault votes on X, the proposal should pass. Is this the path we want our DAO to continue on? We are one of the most active DAOs in web3, and I’m afraid that this will not last with the GotchiVault around.

Sincerily, Amy Gotchi

7 Likes

I really don’t think the two issues are related.

Dr. Wagmi does provide a lot of value to the DTF, and he doesn’t have the sole discretion to veto any decisions around whether a DTF grant is given. The vote is put to all DTF members.

As an eDTF member, from everything I have observed from Dr. Wagmi when processing grants, he has been unbiased/impartial with respect to his role as a Vault Manager.

6 Likes

Other organizations your arguments could apply to:

  • Pixelcraft
  • Coinbase

If you don’t like using services from organizations that have some centralized parts, don’t use them. Part of decentralization is allowing people to create whatever services they want and allowing users to choose which services to use. If you don’t like the vault or think it’s too centralized then build a fully decentralized one and I’m sure some people would move over.

4 Likes

I consider the Vault as an Addon of aavegotchi.
Indeed its VP is huge (~60% ?), but if you think that it should be more decentralised why not buy some VLTs and split the VP ?

IMO this DAO token is very undervalued, his VP kind a GHST x 30 but its still a poor x2 against GHST value.

=> It traduce that the Vault utility is real and maybe the ecosystem need to be reviewed… lending contract is awesome and a lucrative service. It is the main activity of the Vault and need to remain its property.

But how many juste use the Vault for auto petting ? Does it should be removed ? Just evocating this topic.

In addition, as what I understood, managers will not handle the Vault indefinitely.

Finally here is my suggestion : is there any logic to Aavegotchi DAO to make a prop and buy some VLT in order to own a part of the Vault ?

Anyway, imho its a very good topic

I think is ok.

To stop it, you should stop people agreeing with that.

And if people do that, they take their own risks doing that.

Decentralizing means that everyone do what they want, respecting the code, so is everything ok.

If you want the risk that someone stole your cryptos, you can use a hot wallet, or if you don’t you can use a Ledger. But this is not the case to interrupt the hot wallets just cause they are risky.

Hey fren,

I’ll do my best to address your direct concerns and then add my personal take on the situation.

Background – The Aavegotchi protocol is meant to be built on. This is the entire point of the Web3 space, the metaverse, and Aavegotchi. We should all hope to see many more projects build on top of the protocol. Many will leverage the SDKs and other aspects of the gotchiverse that we can’t even quite understand. This ability to build in a permissionless way is core to our product. Thus, we must support our builders, both current and future.

Smart Contract Risk and Centralized Architecture- All projects in this space have smart contract risk. Of course they do! Pixelcraft could shut off the curve, withdraw the DAI, and say it all was lost in an Aave boat crash near South Beach. Have you done any due diligence to investigate the Vault’s contracts? What specific concerns do you have? You would attack Marc Zeller, a phenomenal ally for DeFi in the entire crypto space? What is wrong with you? Contracts - Gotchi Vault Docs

Conflict of Interest- You painfully display your ignorance in this entire paragraph. In short, the DTF unanimously denied his and similar applications requesting streaming hardware or software subscriptions. This was many months ago long before the malignant transformation we saw unfold over Discord and Twitter. You are personally calling me out in this post. You are accusing me of lacking integrity when I have spent countless hours contributing to the best of my ability to this community for zero compensation. You fearmonger from your couch and attack a community contributor. We should work hard to include the many stakeholders from the many different aspects of our large community as we form a strong DAO. The idea that we should purposely exclude builders is asinine.

My conclusion: Perhaps the greatest threat to our DAO is this sort of toxicity and the resultant brain drain, apathy, and burnout it will incur on the people actually building and contributing in this space.

12 Likes

I find the conflict of interest argument interesting. The ethos of Web 3 challenges the traditional hierarchies existing today. Communities are now creators, and creators now community.

The lead dev and CEO of the game sit with us on almost every call. Their thoughts often times have influence over how decisions are made in the DAO. Would it be fair to say that the major benefits they serve by providing opinions and insights into current as well as future development would also be a ‘conflict of interest’ at times by your definition?

I’m genuinely curious to know how you see ‘conflict of interest’ in this space, as I’m sure I also violate this term as well sometimes

5 Likes

Conflict of Interest, is one of many very important conversations we need to have.

There’s not a lot of people willing to do actual work around here, so there’s going to be overlap.

We need to define what this(and many other things) means for us, and make our rules, and then leave it alone. Whether that means you can only be on two things at once, or one thing, or unlimited, it should be defined, so that if you are following the rules, noone can throw shade. The last thing we want is for there to always be shade… Well, unless it’s coming from Treez.

We need to do the boring work of setting our ethical standards down… we’re in uncharted territory, ALWAYS. Wen Gotchi Constitution?

Moon tried to start this conversation, but… actual governance is booooring, so… Committee membership framework

Everything people get mad about vault for comes down to this - we don’t have our house in order on our own governance, and people are doing their best in a situation where there are no rules and very limited guidelines. If we don’t define what our standards are, we will always be in a state of unneeded drama. Governance is not fun or interesting and there’s no profit margin, but if you don’t do the work, you pay in other ways, whether it means you get hacked or the community vibe suffers, you pay.

7 Likes

I thought I am done with GotchiVault discussions but the headline draw me in again.

Jumping to the interesting part of it:

You cant avoid Conflict of Interest. No one who is not invested in the ecosystem would spend time at the DAO threads here or building anything. I do not expect to find a solution that can stop the bad habits of lobbyism. Working on frameworks together like the one membership only in a committee is the first step though.

The service provided by Vault is demanded by some. No one can deny that. Only more Vault competitors can spread out the VP again though.

I would like to mention as well, that thanks to the Vault and its controversies, we as a community are able to improve and we did have had a lot of discussions already that would not be on the table without the Vault.

3 Likes