TL;DR:
- A multisig inadvertently sold 720 META for $61 / META.
- This corresponds to 5.3% dilution.
- We’re putting a process in place to prevent something like this from happening again.
Introduction
On March 28th at ~15:00 UTC, the multisig responsible for handling the META dutch auction inadvertently sold 720 META at below-market-prices. I’ll outline the incident and discuss improvements we’re making.
Context
Proposal 10 entailed selling 1,000 META for USDC with a dutch auction. It would work as follows:
- First, a 100 META sell order would be placed at a price of 50% above the market price.
- Every 24 hours, its price would be lowered by 5% until the order was filled.
- This would be repeated 10 times.
Incident
As specified in the proposal, a multisig was responsible for executing this sale.
On March 28th, a multisig member intended to queue up a transaction to sell ~61 META for $720 / META. Instead, they inadvertently queued up a transaction to sell 720 META at ~$61 / META.
Unfortunately, the multisig signers didn’t catch this. For transactions like this one, Squads only shows you the raw instruction data. It also allows you to simulate the transaction, but neither of the approvers did that. So the transaction was executed.
Market response
Before this transaction was executed, the spot price of META was $567. Immediately after the transaction went through, arbitrage bots pushed the price down to $143.
But people bought, and the market swiftly recovered. Within an hour, the price was back at $486.
Long-term impact
Previously, there was 13,622 META held in the hands of the public, so this incident diluted META by ~5.3%.
Going forward
Nallok, the dynamo behind the scenes at MetaDAO, is currently working on a retrospective of this incident that we can use to guide our future actions. Here are its main points:
- This is a process failure, not a people failure: in most cases, individual freedom and accountability beats process. This was not one of those cases. When we’re dealing with 5% of our token supply, we need to be following strict protocols so that nothing ever, ever goes wrong.
- High-value multisigs need a robust process: for example, this could look like proposers taking screenshots of what they’re doing, signers *always* simulating transactions before approving, and only allowing signers who have been briefed on this process beforehand.
- We should reduce our dependence on multisigs: we’re trying to build a DAO, after all. Where a smart contract can do the job, we should use one.
Conclusion
Thankfully, 5.3% dilution is far from a catastrophic event. Bitcoin was inflating by 250% a year at our age. Still, this has been a learning experience and I’m committed to minimizing the probability of an incident like this occurring in the future. Onward!
