[ARC] Recover exploited assets stuck on Aave V3 for Platypus Finance on Avalanche

Reading time saved: 3 minutes

7 replies, 3108 views, 32 likes



After Platypus Finance's recent exploit leading to a theft of 9 million in stablecoins, some of which ended up in Aave V3’s Pool contract on Avalanche, the community is considering an Aave Improvement Proposal (AIP) to recover the assets. The Aave-Chan Initiative supports the recovery, and the Platypus team is committed to transparency, with plans to prepare an official AIP and technical payloads following positive community feedback and Snapshot voting.

The discussion revolves around the recent exploit of Platypus Finance, a stableswap protocol on Avalanche, which led to the theft of 9 million in stablecoins. A portion of these stolen assets, approximately $381k, was mistakenly transferred to Aave V3’s Pool contract on Avalanche. The community is now considering an Aave Improvement Proposal (AIP) to recover these assets using the rescueTokens() function in the Pool contract1.

The Aave-Chan Initiative has expressed support for this recovery mission2. The Aave v3 platform was designed with such a scenario in mind, allowing for the straightforward recovery of assets from key contracts like the Pool. A steward pattern can be used to specify the exact amounts to be rescued, with the Aave Guardian in Avalanche granting POOL_ADMIN permissions for this action3. The Platypus team has committed to full transparency regarding the exploit, providing a detailed analysis of the incident and the funds drained to Aave’s Pool contract. They have also sought verification from independent security firm BlockSec5. Anatinus_Platypus has shared two documents related to the exploit and recovery proposal, and Bgdlabs has suggested moving to a Snapshot stage for community approval5,6.

Following positive feedback and the resolution of all queries, Anatinus_Platypus initiated the ARC for Snapshot voting8. After the vote, they thanked the community for their support and announced plans to prepare an official AIP and the necessary technical payloads with the help of Aave’s core contributors9. They also expressed gratitude to BGD Labs and the Aave-Chan Initiative for their guidance during the recovery process9. This discussion signifies the community's proactive approach to addressing security breaches and their commitment to transparency and collaboration in resolving such issues.

Posted 9 months ago

Last reply 9 months ago

Summary updated 2 months ago

Last updated 04/12 00:18