Eleven.Finance Recovery Plan

First and foremost, thanks everyone for your patience and continued support. Despite everything that has happened recently, the community has stayed united and this gives us a lot of motivation to keep working hard everyday. Now, lets go deep into what happened, and what we are going to do about it.

1. The Exploit

Our platform currently hosts more than 200 vaults in two chains using different yield optimization strategies. A few days ago, a malicious exploiter found a way to abuse one small subset of vaults and successfully drained all their funds.

The targeted vaults were part of a custom and more complex strategy specifically designed for our partnership with Nerve. These strategies had an intermediary MasterMind contract used to track and distribute rewards in a different way than standard regular vaults.

In these contracts, emergencyBurn() function was placed for extra security in case anything wrong happened in the strategy so all funds would be easily withdrawable for any affected user. Sadly, this exact function is the root cause of the exploit, as it had a bugged behaviour where the user shares weren’t burnt correctly after withdrawing, essentially allowing to withdraw more than is intended. This function was never easily accessible and required interacting with the smart contract directly, that’s why it went unnoticed for a long time until it happened. The exploiter did everything in a single transaction using a flash-loan so we couldn’t prevent most of the damage while it was happening.

The incident happened on Binance Smart Chain at block 8534790 (23th June 2021 02:11:22 UTC), and approximately $4.8M in deposited funds were stolen, which accounted for approximately 4% of TVL at the time of the exploit. Drained vaults were nrvBTC, nrvETH, 3nrv, nrvUST, nrvfUSDT, and bfUSD.

It is important to emphasize that our lending bank (which was audited by Solidity Finance), was never exploited itself, but because the strategy would deposit the unutilized funds in 3NRV vault for extra rewards, the exploiter was able to drain them through the exploitable Nerve vault instead.

2. Partial Recovery of Funds

Two events happened which allowed us to have more funds for recovery:

At the moment of exploit, 11% of all bfUSD funds were being borrowed for leveraged yield farming positions which were deposited in USDT-BUSD WLP vault so the exploiter couldn’t access them.

Immediately after the exploit, we shutdown the BigFoot website and started pausing contracts to make sure we would be able to recover these positions. For the first 36 hours we tried to give as little public details as possible to guarantee safety and not give extra information to malicious exploiters. Once we were sure it was safe to recover, we announced it on Twitter. After a few days of hard work and an extremely complex process of pausing/unpausing contracts, liquidating all positions and intercepting the funds before anyone could drain them again, we managed to recover them all.

In short, everyone recovered their leveraged farming position with 0% liquidation fee and we intercepted all borrowed funds for a total of extra $260,000.

Surprisingly, 48 hours after the exploit, 849.2 BNB was sent back to original Eleven deployer address by a self-proclaimed whitehat hacker. This deployer address was not the current one but we quickly moved the funds to the new one to secure the funds. Whoever was involved in this, we are thankful as for a project of our dimensions every little bit helps.

We have been collaborating and exchanging information with ImpossibleFin, Peckshield and others in the space. They have been doing an amazing job, we can’t comment too much on the specifics but can say their are potential suspects and ongoing local police reports and legal prosecution underway in order to recover as many funds as possible.

We don’t want to get overly optimistic, but rest assured we will try as hard as we can. We will launch the recovery plan without counting in it, and if the situation improves in this regard, we will of course reinvest everything into a faster recovery.

In total, counting all these events, approximately $512,000 has been placed in the initial Compensation Fund.

3. The Compensation Plan

As a small market cap project that has seen success and growth in being streamlined, low fee and not having a treasury we have nothing to draw on to make a bulk repayment to those affected and cover the costs of the exploit.

Currently the main stream of revenue for the team is platform fees which range from 0.3% to 0.44% from vault compounding events (approx. $4K profit per day when platform growth peaked).

To date, all team profits have been aggressively reinvested in: salaries, development, high profile audits and partnerships. Because of this, team funds were running low when everything happened.

Nonetheless, even with our limited resources, we want to try and achieve full compensation while still achieving our ambitious goals. After a lot of internal debating on best solutions we think we have found the most optimal plan moving forward.

For the Compensation Plan, the following assumptions were made:

  • Team treasury doesn’t have anything remotely close to the exploited funds so the whole protocol must be involved with a long-term sustainable strategy.
  • Exploited funds are 75% of current total ELE marketcap, so financing the exploit entirely from emissions would instantly kill the token. We are committed to a sustainable ecosystem with a deflationary token that rewards every ELE investor from platform success. Having constant growth and a strong token is actually the only way forward to guarantee biggest chances of everyone recovering their funds.
  • Initially, we wanted to refund in the original tokens (USD, BTC and ETH). Doing it this way, would require three different compensation tokens and different oracles and would over-complicate the smart contracts and make everything harder to track. The majority of exploited funds were in USD, so we will snapshot the value at the time of exploit and consider the exploited funds as USD for everyone.

The Compensation Plan will consist of two phases: Instant Recovery Fund and Long-term Recovery Plan.

During our discussions to decide best way forward, common advice from our advisors was that utilizing team fees as recovery is not a sustainable solution. Understandably, they are worried the team might lose incentive to work if they don’t earn any money for a long period of time.

But we want to own our mistake as much as possible. If the team had $4.8M in treasury, we would have already refunded everyone from our own pockets.

We are going to refund 25% instantly to everyone affected in the exploit ($1.2M). We don’t have these funds, and to achieve this, the team will contract personal debt from a kind investor who is willing to lend out funds to make it possible.

For that, since there is $512K in the Compensation Fund already, we need to invest $688K to make it $1.2M in total. This funds will be paid directly from platform fees and team allocations.

With the revenue that was being generated at the moment of the exploit, it would take over 6 months to recover the debt, and at current rates, it would take over a year.

In practical terms, this essentially means the team is giving up all their profits and work for free potentially for many months forward to compensate affected users as much as possible.

But… we want to make a bold statement. We are confident we will reach our goals and this motivates us even more to reach it faster.

If we reach all our future plans (more on that later), we estimate team should recover debt in less than 3 months. For obvious reasons, a minimal emergency fund for developing and securing the platform will be still held in treasury.

Based on the fact that we can’t really create money out of thin air and that we are investing personally as much as we possibly can, for the rest of the funds, there is only one way forward.

Eleven needs to keep growing with a sustainable ecosystem and keep delivering its roadmap. Only then, the impact of recovering funds will be small enough for the protocol to absorb it successfully.

This is the Long-Term Recovery Plan:

  • A “Recovery Vault” (RV) will be created. It will be a storage vault that keeps accumulating ELE from different sources constantly until compensation is fully reached.
  • 3.6M of “11RV” tokens will be minted. The quantity of tokens represent the value of the $3.6M funds to be recovered. 11RV is a fully compliant ERC-20 token (more on this below).
  • All 11RV tokens will be staked in the vault and then distributed to every affected user proportionally to how much they had at the exact moment of the exploit.
  • It will be easy on Recovery Vault UI to track the current value of your 11RV token. The final goal is that one 11RV = $1.
  • Everyone is free to withdraw their staked tokens whenever they want. User who exits will burn all his 11RV and receive his proportional share of the current total compensation funds.

The “Recovery Vault” will be financed in the following way:

  • It will be Boosted, receiving a slight amount of ELE emissions like any normal vault.
  • Our upcoming Leveraged Yield Farming platform will generate a lot of new revenue for the protocol. Initially 2/3 of all its revenue will go to Recovery Vault.
  • From current Eleven.finance vaults, all fees and buybacks will stay the same percentage, but 1/3 of the ELE buyback will be sent to the Recovery Vault instead.
  • All future upcoming products will contribute to the Recovery Vault until compensation is fully paid. (details about future products in the next chapter!)

Given our limited resources, we had to be as creative as possible. Every little bit counts. These are the key features of this compensation design:

  • Long-Term Recovery Plan is fully focused on giving as much as possible without hurting the ecosystem. Remember — if the ecosystem doesn't grow, the compensation is impossible to achieve anyway. But if we grow to our projected goals, its definitely achievable. That’s why compensation funds have to be in the form of ELE buybacks. It will keep the deflation and buying pressure high focusing on constant growth.
  • Since everyone is free to leave and cash in the compensation at any given point, any sudden sell pressure is minimized, while rewarding the long-term ELE supporters that make the growth possible.
  • For a regular vault user on Eleven.finance, their fees are exactly the same as always, causing zero impact on user adoption.
  • Lastly, since 11RV is a fully compliant ERC-20 token, it can be traded and exchanged. The supply is fixed, and the tokens won’t be burnt until someone unstakes it. This means unaffected long-term believers of the project could buy shares of affected people that want to exit early for a higher than current price they both agree with . This allows even more options for affected people for recovering funds faster, while speeding up the whole compensation as a whole. No one has to participate if they don't want to and this allows those who support the platform and our vision to get behind our future growth. We are researching how to make this market possible so everyone in the community can get involved.

4. Self-criticism: Less is sometimes More.

We have learnt a lot of valuable lessons from this event. As a young aspiring project, we have had explosive growth thanks to being aggressive adding fast vaults and being innovative with our platform.

Eleven has grown very rapidly thanks to this strategy, but the platform is mature enough where any mistake can be tremendously costly. In Smart Contracts, speed of creation and innovative custom code is great, but it automatically means higher risk of exploit.

We focused on being first movers and innovative with Nerve vaults, which had a lot of custom code and complex strategy. Auditors are in high demand and take a lot of time to take requests, so we thought the cost of waiting was too much. We won’t ever make this mistake again.

From now on, every new strategy we create, will be instantly sent for auditing before its released. Also, if a strategy doesn’t improve too much by adding overly complicated features, it shouldn’t be worth it. Less is more in this case.

We are also improving our testing suite, looking for extra devs, adopting best practices and recommendations from experts in the field to ensure this won’t ever happen again.

4. The Future of Eleven!

Alright, but what about the platform future and roadmap?

Below, we will cover everything regarding this, in chronological order.

In case you missed it, soon, The Thirding will happen, where BONUS_MULTIPLIER on Masterchef will change from 3 to 1 at block 8874000. This means ELE per block will be 1/3 of current emissions.

We are confident the Recovery Plan still guarantees that ecosystem is sustainable and deflationary and this event plays a key role into this.

We had on goal on mind since day one. To be the best LYF platform with biggest offering in the planet. And we believe we are closer than ever.

BigFoot was born as an early experiment, and we learnt a lot from it, especially the parts that we didn’t like (many!) to make a much better final product we are proud of.

Key features of upcoming LYF platform:

  • BigFoot brand is dead —lending and leveraged farming will be fully integrated in main Eleven.Finance UI as part of the ecosystem.
  • Lending banks will be renamed. First banks will be: eleUSD, eleBTC, eleETH and eleMATIC.
  • Our goal is to have the most competitive APYs in BSC and Polygon for lending single-staking and that other protocols start using our banks to inject as much TVL as possible. This new branding will make them instantly recognizable.
  • UI has been completely reworked from the ground up to offer a new better user experience.
  • All Eleven.Finance vaults will be fully compatible for leveraged farming. We will slowly add the most requested ones, but the possibilities are endless.
  • Slippage optimization: we will use protocols like Curve to swap assets into the farming position with the least price impact possible for the users. This is really important when you are leveraging your positions.
  • Farmers will be able to select which bank to borrow from for any farm.
  • Farmers can increase or decrease (both ways!) leverage of any opened farming positions without closing their position or any extra costs. If you increase your leverage, the platform will automatically borrow funds using your collateral and accumulated profits. Yes! This means you can actually easily compound your already auto-compounding position!
  • This lending protocol will contribute immensely from both sides to ELE ecosystem. The Lending banks will buyback ELE from Lending APY fees, and the borrowed farming positions will inject money in real Eleven vaults that are constantly doing ELE buybacks.

The launch will be in the upcoming days after fully complying with the pending Certik audit.

In case you were unaware, Eleven.finance has been accepted in Arbitrum devnet. Top DeFi projects like Uniswap and SushiSwap are already developing their platforms in devnet and we will finally enter ETH ecosystem. The fees will be much more affordable which will allow for interesting strategies. The potential is exciting!

Once devnet is over, everyone will be migrated into mainnet once it goes live. There is no official exact ETA yet, but we will be ready for when it comes!

We are not married to any chain — we constantly analyze the more trending ones and prioritize development based on that, but we have no limit in our mind. Our platform is built with the intention of supporting any chain. Including Leveraged Farming.

The next ones we have on our radar are Fantom and SOL.

Our vision and final goal, is that in future, the user won’t find any reason to leave the website as he has everything he needs already in it. For this reason, we will implement Zap Feature where user can convert their funds to the LP or asset the vault is utilizing so he doesn't even need to interact with any other AMM/project to use our vaults!

This is a secret we have kept for a while, but since updated roadmap has been highly requested here it is.

Eleven.Finance is launching a new Swap project that will fully integrate within the platform and contribute endless possibilities to our ecosystem!

Before you go like… what? A Swap project? What does Eleven have to do with that? Let us explain the reasons behind this decision:

  • For Leveraged Farming, we need to optimize the swapping and slippage fees using swap protocols like Nerve or Curve. They are great but if we are going to use them, why not build our own one?
  • Our Swapping platform will be forked from Curve and will initially focus on StableSwaps but we are open to Cryptocurrencies that are involved in our own platform.
  • We will have lower fees than any existing protocol, to incentivize other projects like 1inch to integrate it and attract traders and volume. We don't need this, and that's great, because we can afford having almost no fees!
  • Having our own LPs, our own swapping protocol, our own source of trading fees, we will be able to make vaults for our own LPs which makes attracting liquidity easier and opens a lot of new possibilities.
  • Every product works to make ELE token better. This is no different, there won’t be any new token released and this new product will also buyback burn ELE and contribute to deflation.

ETA of this project is still not known as it is the last item on our current roadmap, but we are already starting to prepare the infrastructure to make it possible. More updates in the coming months.

5. Wrapping things up

Thanks for making it this far! This article has been complex and content rich, it’s taken lots of hard work from many people, including our great community. Thanks to everyone who has stepped up and stepped forward during this challenging time. We feel we’ve struck a balance with the plan of fairness while continuing to allow Eleven to grow and prosper. This way we can develop, innovate and build out our roadmap to fulfil our vision of the Eleven Finance ecosystem being a true leader in the defi space.

Thankyou :)