Tinyman Compensation Program
It hasn’t been a straightforward task as we’ve imagined it to be when we first promised compensation. After we started doing the calculations, many questions arose that needed to be answered. We’ll try to be as transparent about this process as possible in this post as we try to find the fairest answers.
Before we dive into a discussion about the details, let us take you through the simple steps you need to take so you can receive your compensation if you were a Pooler at the time of the attacks.
1- Go to this LINK,
2- Connect your wallet,
3- Find out how much compensation your wallet is eligible for
4- If you accept the amount, click claim.
If you have any objections, DO NOT claim the funds. Instead, go to the google form in the second button and present your case.
After you claim, we will send compensation within three days. And also, there might be a little surprise waiting for you, make sure not to miss that!
I did that. Now, give us some details!
We know you’ve been expecting to hear from us about the compensation for a long time, so you should know what we’ve been busy with so far. In the first month after the events, our focus was on minimizing the damage, fixing the smart contracts, and getting Tinyman back online. Unfortunately, it took a lot of extra effort from the team, so we could only start working on compensation after dealing with all the other priorities for the whole of January and the better part of February and we could get back to our usual pace.
Calculating compensation was a major technical challenge itself that required building lots of custom tooling from scratch to do a detailed analysis of the blockchain data. We also came up with different theories for the compensation design which meant that we had to make many decisions going through each of these scenarios, which we’ll get into shortly. Our main goal was to be as fair as possible to all owners of lost funds throughout our preparation. We hope you will all be content with our work.
As difficult as it was for the Tinyman company treasury, our final decision was to compensate for all the Algo amounts along with all ASAs fixed at their pre-attack prices, to be paid in Algo. For simplicity, the Tinyman team will distribute all funds in Algo tokens regardless of the ASA type lost. We have also come up with other packages in the compensation program, one of which we already announced here. Another one awaits you on the compensation page as a surprise.
Unfortunately, Tinyman is not the money-making juggernaut as some people put out to be. The treasury funds built up by the transaction fees can only account for 10% of the stolen assets, so we had to find other ways to compensate our users. The only other way at the time was to dig into our investment funds, intended for the development of Tinyman. Using the company funds was one of the more brutal calls we’ve had to make. For this to happen, we had to ask for support from our investors. Fortunately for all of us, they also recognized our decision to put our community first and gave us full support in creating this compensation package. For all their help and generosity, we’d like to extend our most profound appreciation. We also want to take a moment to give a special thank you to Borderless Capital, Meld Ventures, and Jump Capital for their extra help; their support was tremendous for Tinyman and the ecosystem.
Scenarios that failed, the scenario that survived
Tinyman is compensating not only the stolen amounts, which sit at 1.8M Algo, but also the stuck amounts in the pools that cannot be retrieved at this point and the amounts that were sucked out of the pools through heavy arbitraging. The arbitrageur accounts were able to get out around 1.2 M Algo more, exacerbating the lost amount to a total of 3M Algo. One of the internal discussions we had was to distinguish these three phenomena and pay for only the stolen and stuck assets. We figured we could employ a percentage calculation for the pools that experienced arbitrage action and roughly come up with some compensation amounts for each wallet. Although that could lessen the total amount we are paying out, we decided it will not help dampen any damage suffered. On the contrary, it would only fuel the community’s frustration because the arbitrage happened as a direct aftermath of the attacks. Therefore, we decided to include arbitrage losses in the compensation program as well.
Another topic of discussion was around the ASA prices. Fixing the ASA prices to their pre-attack ratio to Algo was not the only option we had. When we studied all the hacked pools, we could see some ASAs that went up in price, as well as some others that lost almost all their value in the past two and a half months. Another angle was to group the ASAs according to their exclusivity. There were some ASAs that were actively traded on other exchanges, which the attackers immediately took the opportunity to dump the stolen assets, along with another group of ASAs that had multiple pools exposing them to arbitrageurs and the third batch of ASAs with only 1 pool in Tinyman.
The discrepancies were so deep that we decided to break the pools into categories. One of the ideas was, for the ASAs that were not traded in any other exchange at the time of the attack, we could take the most current price as the effective rate, as if we were hypothetically purchasing the ASAs from the market and sending them to their rightful owners. As for the ASAs that were being traded in other exchanges, we could use the rate of exchange to Algo just before the attack as the effective rate -just like we are doing now-, as the stolen assets were heavily arbitraged against other Assets almost immediately. If we had employed this approach, it would’ve resulted in a significantly less amount to be paid out, especially for those ASAs who lost significant value recently.
However, the final decision was to get rid of the whole category structure, with the sole ambition of supporting the ecosystem. Although it may not have more business sense to it, protecting our treasury doesn’t mean anything if we didn’t look out for our community first.
To recap, you will be compensated for:
- All the hacked amounts, both Algo and ASAs. ASAs will be calculated with their price to Algo just prior to the first attack hitting their pools
- All the LPs stuck in the v1 pools
- All the amounts that were arbitraged out of your LPs
- Any successful withdrawals (burns) will be reduced from the compensation amount.
Eligibility criteria
In the compensation program, we are compensating almost every wallet with LPs that suffered hacks. The only exclusions are:
1- The wallets that lost less than 1 Algo during the attacks,
2- The wallets that minted on Tinyman after the block: 18403162,
The reasoning for the first case is pretty intuitive, we’d like to keep the whole thing simple by not paying insignificant amounts. We’re sure that you’d also see the effort of compensating less than 1 Algo would be in vain.
The second case is a measure we had to take against some findings we came across in our observations. This is only up in place against the wallets that added liquidity (used minting function) after the 3rd of January, about 36 hours after the attack, specifically after the block: 18403162. Those who chose to use breached Tinyman contracts after this date, while avoiding our messages, alerts, and communication on every front, presumably just to be able to earn some swap fees off of increased traffic in Tinyman, are ineligible for compensation. Before this date, Tinyman already had employed all changes in the UI, alerted the public about the events, and laid out a clear guideline for all users. We have done everything in our power to notify our users, so we believe that all those users who deliberately wanted to get in those pools were running the full risk of losing their funds.
What does Tinyman treasury look like after compensation?
It has seen better days :)
But, we have made a promise to compensate for the losses and today we are doing it. These things do not have a precedent, they don’t come with an instruction manual. We had many doubts over whatever path we took, maybe we still do. In the end, we had to keep the community’s best interest in mind and take the leap of faith. We need to underline the fact that even though our desire was always to make full compensation, we wouldn’t be able to do it if our funds were simply insufficient to cover all the losses. Thankfully, with your swift response removing most liquidity in the first couple of days and our very supportive investor board, we didn’t have to make some hard choices like partial compensation or imposing deadlines. We are happy to be able to keep our word and finally roll out the program.
We’d also like to take a moment to thank some ASAs for their support during the compensation phase. Our first on the list is Tinylock for their cooperation, responsive communication, and most importantly for their new ASAs that got airdropped to all holders except for the hackers. Similarly, HODL token, MoonX, and Zoon swapped their ASAs and locked hackers out of the stolen amounts. They are still getting paid for the hacked ASAs with the pre-attack prices, we hope that these funds will contribute to the development of their projects.
Doing the right thing…
When we announced our hacked amounts, they were in the range of 1.8M Algo, but we realized that the damage we were looking at was much more than that. That was because of the heavy arbitrage that took place during the time of the attacks. These arbitrageur accounts cleared a hefty sum of money in a matter of days because they were efficient and well-prepared for any price discrepancies in our platform. Although they are not at fault in any of these attacks, their activities nearly doubled our losses incurred to around 3M Algo. We know that these accounts have not done anything illegal; however, their earnings might have painful costs to some users. We aim to build an inclusive community that helps each other grow more robust rather than one that competes and tears itself apart. Maybe this is a naive way of looking at life, but if we want to grow as a society, we need to take responsibility as individuals first to build something bigger than us.
Tinyman's philosophy has always been to treat others the way you want to be treated yourself, and even if it means enduring the pain along the way, we will always remain true to this character.
If this resonates with you, we ask you to share any amount of your gains made during attacks with the community by sending funds to our compensation fund. We will keep these accounts anonymous if they want to remain that way. If you wish to help or not, it is your decision. Any support you give will only strengthen this project and its community.
Our compensation fund wallet is:
K3G7XHS3V4547EFGKMYXLVIEBEGG6ZYDU5IWM73D3U75RNIBPF2KPKRCWA
If and when they send funds here, we’d like to thank them for their cooperation by gifting them special edition Tinyman NFTs. Their donations will be remembered as long as Tinyman stands; we give you our word.
Moving past compensation and looking ahead!
We’re happy that we’re finally getting past this stage and have started focusing solely on Tinyman product development. There are so many things to do moving forward, and we are very excited to get started. This was another significant milestone for Tinyman and its community. We want to build a long-lasting product; that would not be possible without a solid foundation. We hope that this act will strengthen us and lead us to many more adventures.
