[Discussion] Remove Curve DAO Whitelist

Summary:

The SmartWalletWhitelist contract requires any contract wishing to interact with Curve DAO to first pass a vote of approval by the DAO. This proposal is to retire the whitelist contract and make access to Curve DAO universally permissionless.

Background:

The whitelist requirement was created as part of the initial implementation of Curve DAO. It imposes a requirement that any contract wishing to interact with the DAO must first pass a vote of approval by the DAO (51% approval, 30% quorum). This includes the right to lock CRV and to participate in DAO governance. As per the Curve Github Docs, the original rationale states “The account which locks the tokens cannot be a smart contract (because can be tradable and/or tokenized)”. The concern was that certain contracts may undermine the locking feature of veCRV and whitelisting was a precautionary measure to prevent governance attacks. As it happens, EVERY platform whitelisted to date has relied on tokenization of veCRV as a central design feature.

The whitelist requirement has failed in its intended purpose. On the contrary, it creates a walled garden that has the detrimental consequence of stifling innovation, deterring developers from building applications that integrate with Curve DAO.

Some Whitelist History:

Only 3 contracts have been successfully whitelisted to date:

Yearn - August 2020
There was a lot of support for this. Curve was stretching its legs, DeFi summer was raging. The rationale for approval assumed that Yearn had no intention of tokenizing veCRV, and Curve was only helping them boost their yield farming products and enabling voting rights. Genie came out of the bottle in November, when Yearn released their “Backscratcher” Vault, creating the first instance of tokenized veCRV.

StakeDAO - January 2021
Having a close relationship with Curve core team, this proposal faced no controversy and easily passed its whitelist approval vote. They implemented their own wrapped veCRV to compete with Yearn.

Convex - April 2021
This proposal had a lot going for it. Convex found a product-market fit not captured by the previous protocols, it was headed by people deeply involved with the community who understood Curve, and it wished to share ownership stake with members of Curve DAO. Its novel use cases and aggressive execution has made Convex the most powerful entity in the Curve ecosystem. Its wrapped veCRV is so popular that Convex is nearing a majority stake in Curve’s governance.

A number of proposals to whitelist have failed. Reasons include (1) Failed DAO vote, (2) Developers chose to build on already whitelisted platforms, (3) Project abandoned. Failed whitelistings include:

Pickle Finance, VolumeGauges, Aave [2], Frax, Earning.farm

Whitelist Consequences:

Whitelisted platforms have enjoyed a significant advantage in building influence over Curve DAO. Each platform seeks to attract CRV deposits by offering all of the financial benefits of owning veCRV while bypassing the lock period. Voting rights of the deposited CRV are captured by the platform, which is either retained or redistributed to a second layer governance body. The history of wrapped veCRV has proven that the most lucrative wrapper attracts the majority of newly locked CRV.

Chart below shows the decline in individual CRV locking over time (other), as whitelisted contracts gain dominance. As organizations grow to become the dominant governance participants in Curve DAO (orgs now own ~44% of all veCRV), we must ensure that the competitive landscape is open to all. The whitelist creates an unfair advantage to a select few organizations, inhibiting new entrants and creating monopolistic power centers that could become a single point of failure.

Screen Shot 2021-10-19 at 5.31.23 PM929×387 23.5 KB

Screen Shot 2021-10-19 at 5.31.13 PM927×387 25.4 KB

Appeal to Convex:

I’ll preface by disclosing that I regularly participate in Convex, a significant portion of my net worth is tied to it, and I only vlCVX.

Anyone paying attention can see plainly that Convex is dominating the Curve DAO war. And their success has been well deserved. So on the topic of repealing the whitelist, Convex is in an uncomfortable position. The easy way to keep expanding power is to not give an opponent the opportunity to take market share. Repealing the whitelist could be easily interpreted as opening the floodgates to potential rivals.

But the way to ensure long term prosperity for Curve, and thus Convex itself, is to relentlessly maintain a policy of supporting permissionless innovation. The whitelist is a form of permissioned access, and it turns away developers who might otherwise produce something of value to Curve. Convex depends not only on Curve for its success, but also on its wider ecosystem. Yearn products are integrated into Convex, yet Convex’s piece of the pie isn’t made smaller by the existence of Yearn. Together they compound the size of the pie.

We can choose to support a free market with a rich ecosystem of developers coming up with novel applications, who challenge us to keep improving our product, and whose products we integrate, together compounding value creation for the entire Curve ecosystem. This is the value of open source development and its why we are all here expending our energy to build a new financial system. We believe that open will always win.

That’s why I can say that as a stakeholder, my interests are aligned with Convex when I support removing the whitelist. Always take the long view, and see that what is good for Curve is good for Convex. Take some time and consider the long term consequences of choosing to enforce or repeal the whitelist. I think you will agree that repealing the whitelist is good for Curve and that what is good for Curve is good for Convex. If in doubt, vote with charlieoliver.eth.

For:

Remove whitelisting requirement for contracts wishing to interact with Curve DAO

Against:

Preserve whitelisting requirement for contracts wishing to interact with Curve DAO

I agree. The whitelist made sense at the start, but now that CRV has been around a year and is well distributed across many lockers and a few DAOs, it is time to open the flood gates. Let’s end the monopoly.

“With quite many wrappers done in a good way, it’s a sensible thing to do”

Fully onboard with that! I had been questioning the relevance of the whitelist while observing Convex tremendous growth over the past few month. I appreciate Convex very much and CVX represent a descent chunk of my holdings, but we should level the playing field to foster competition and innovation.

There is something about a “whitelist” that is fundamentally anti-Curve, very much against what I believe Curve represents within DeFi. While I’m sure there were good reasons to include a whitelist in the beginning, that time has past.

I don’t believe this will hurt existing projects that are already whitelisted, quite the opposite. If Curve is viewed as closed, anti-competitive, where some projects are more equal than others, it will likely have a negative, long-term impact on growth.

Competition is a good thing, we want whitelisted projects like Convex to be constantly innovating, building on the great work they have done to date. Besides, with their current lead and strategic focus on Curve, it will be very hard for newer projects to catch them as this point, so long as Curve itself continues to grow. But if DeFi begins to view Curve as unfair to projects because of a whitelist, long-term growth will be impacted.

Having said that, I would really be interested in hearing a thoughtful response from someone who supports keeping the whitelist, as I would like to understand the counter-arguments in more detail. My current view is the whitelist is anti-competitive and should be removed.

Many of the whitelisting requests seem to involve creating liquid veCRV wrappers that are either incentivized through the protocol’s own token emissions or incentivized through CRV gauge weights that CRV holders must fund.

It’s already bad enough that Convex shortened the lock window from 4 years to 16 weeks. The shorter time span, in my opinion, misaligns the incentives of people committed to the protocol long-term, and attracts shorter term participants. At least there is still a time-lock in place for Convex.

Removing the whitelist altogether would open a flood of protocols trying to wrap veCRV into liquid alternatives, further exacerbating the misaligned incentives problem. For this reason, I’m more inclined to keep the whitelist, and would liberally vote in projects where liquid veCRV wasn’t their main or only pitch.

I 100% agree with you. Removing the whitelist means there will be protocols that are misaligned from curve.

“stifling innovation” I don’t understand this argument. Who could give an example?

I’m also more inclined to keep the whitelist for a reason: The whitelist really does something > It’s pretty good spam filter.

I feel it is inevitable that there will be participants who will attempt to take advantage of the curve ecosystem and its users. When such a thing happens, people will ask for a blacklist to remove bad actors. Functionally, a blacklist is no different than a whitelist. If the fear is that Convex will control so much voting power that it will be able to block all new applications, then the same would be true if a blacklist exists.

If no whitelist and no blacklist, curve users cripple themselves from being able to remove bad actors.

I like the spirit of the proposal, but it’s my belief that the end result would be to add a blacklist or re-add the whitelist. Whitelist makes the most sense, because in the case of a blacklist, what happens to the locked veCRV? Does it remain locked for 4 years? Will their contract even have a way of recovering it after an unlock? Most probably won’t be built with a method of removing CRV from their contract. I feel this creates more problems for curve and participants alike.

The most recent example was Earning.farm . While I was personally not super enthusiastic about their project, it seems like they were coming from a good place trying to build on top of Curve, and who knows, maybe they would have helped on-board thousands of new users to DeFi with their product, but because of the failed whitelisting, this is not gonna happen.
@WormholeOracle has mentioned 5 other instances in his original post.

If we really want a permission-less protocol, we should trust users to act as spam filter via their decision to allocate or not their capital/CRV to another protocol instead of relying on whitelisting.

I agree, trying to avoid turning veCRV into a liquid asset is the most compelling argument in favor of keeping the whitelist. That being said, veCRV already became liquid with both Yearn yvBoost and Convex cvxCRV, so the whitelisting did not prevent that from happening, and facilitating the emergence of alternatives to Yearn and Convex should be a good thing to slow down / reduce voting power concentration in those two protocols.

If we think of DAOs as ever-evolving organisms in an ever-evolving environment, it seems like tokenization of veCRV is the natural course that has been taken. My view is that we should let it play freely and see where it goes. If we end-up with a system controlled by a few misaligned parties that are extracting most of the value to the detriment of other stakeholders, then it will be time for the team/community to fork the project and restart while incorporating the lessons learned. If we ever get into such situation and most stakeholders feel this way, liquidity should migrate quickly (we had an early illustration of that with the billions of TVL going from Uniswap to Sushiswap in a few days back in August 2020). This is not ideal because it will require some changes for all the protocols integrated with Curve, but this is definitely possible and that’s the beauty of open-source systems. Of course, this is just my opinion and people can see things very differently.

Has anyone considered that government organizations could go after Convex (SEC?), and that without legitimate competition to Convex, Curve is at significant risk?

Wouldn’t opening whitelisting potentially reduce this attack surface by distributing Curve voting power between many DAOs?

This. Crypto enthusiasts ostensibly value a globally permissionless platform to build a new financial system. That hasn’t always been pretty. “Spam” is a derogatory term for any product that the observer considers low quality. It’s elitist! And worrying about “spam” projects makes the assumption that CRV holders are dummies who will throw their CRV anywhere they can get a quick yield. If we believe people are responsible free agents, we should trust them to vote responsibly with their CRV allocation by choosing the home for their CRV that suits their risk profile.

The argument is going around that a “spam filter” is a good thing, and it is just so disingenuous and against the very core principles our space is built on. Let people build and fail, and let others learn from the past mistakes. Remember when there was an 8-9 figure DeFi hack practically every week for awhile? How much worse off would we be if our design principle was that we couldn’t allow those protocols to experiment and fail? If they needed permission to try, I’m confident we wouldn’t magically learn how to build more secure systems. “Spam” is part of the deal when you choose to build in this space and it makes us better.

Remove Curve DAO Whitelist => Creation of a blacklisted contract

=> Question : What happens to the veCRV in a blacklisted contract ?
Is it better to have a whitelist or a blacklist ?

I prefer to keep a whitelist that works perfectly

I’m having a hard-time believing that you’re NOT purposefully arguing in bad-faith. 8-9 figure hacks are not a good thing at all. Those are real people that lost real money with those protocols. Those are not “experiments” that need to happen.

And for you to suggest that the overall crypto community values the same things also seems hilariously bad-faith. DOGE and SHIBA have huge market caps. Do those investors care about anything other than making money?

No one has managed to offer an example of “innovation” being hurt by the whitelist. Earning.farm was a Convex clone that didn’t offer anything new, so everyone can stop using that example.

The timing of this proposal is highly-suspect. It should absolutely be voted down.

The whole point of crypto is to create a more free, fair, and equal financial system.

We should create opportunities for the people who can build a better system and for anyone else who’s willing to fund those people.

Whitelists undermine these principles.

Let’s see people identifying and discussing high quality projects.
Let’s see devs rising to the occasion.
Let’s get rid of the oligopoly and the spam filter that was never necessary.
Let’s make Curve as integrated as possible, which will make it ever more relevant.

The opportunity to innovate and to propose is always there.
Stake DAO innovated => whitelisted.
Convex Finance innovated => whitelisted.

I think we will continue to whitelist all innovative projects.
Healthy competition is always good, but it must remain fair.

The interest of users is in a whitelist, not in a blacklist…
(No one answered my previous question: Is it better to have a whitelist or a blacklist ?)

We are getting a bit off topic here, but it’s basically a matter of having different views of the world, there is no right or wrong:

• You basically believe that most people are not capable of thinking for themselves and their freedom should therefore be restricted by a superior power to protect them against themselves.
• We (I assume @WormholeOracle broadly share the same view even though I don’t know him personally) believe that individuals should be empowered to choose for themselves.

Sure, real people have lost real money in those 8-9 figure hacks, but it was their choice to participate in the high risk / high reward endeavour that is blockchain activity in its current form. Everybody read the disclaimer and I am fairly sure most people did not bet the farm on one single position, because most people are actually intelligent and capable of researching, learning and understanding risks. Of course, you will always have a few outliers that lost everything because of lack of understanding/risk management, but those people are the same that would equally put their financial safety at risk in any other form of activity, would have they not been able to participate in the given hacked protocol. Hopefully those people will learn from this loss and do better next time… some will, some won’t, but those few outliers should not penalised the silent majority that actually benefit tremendously for being able to access this open financial system.

Same stand for pointing out the huge market caps of DOGE and SHIBA, sure, a lot of people are here for the money (at least at the start), but they are freely deciding to buy those tokens, and hopefully most are just putting money they can afford to lose in those risky bets, because most are intelligent human beings. And sure, some will lose when those tokens start selling off, but we should also consider the other side of the equation which is many of those same people would also have made some good profits. What legitimacy you, I, or anyone has to tell other people what they should or should not do with their money?

Again, I think there is no right or wrong here, just different believe systems. At the end we should put that decision for a vote and see what vision the majority favour.

On that point, may I ask why is the timing suspect? I must be missing something.

I am not sure I understand why you want to substitute a whitelist with a blacklist.
The point we are discussing is to move from a permissioned system to a permission-less one. Sure we could add a blacklist mechanism on top, but I don’t really see the point (linking back to the more fundamental discussion above about trusting users to make their own choices with capital allocation).
In which scenario do you think a blacklist would be beneficial?

Big picture, the point of this proposal is to help avoid the governance getting more and more concentrated into a few hands. @0x_Degenerate made another good point regarding why we should pursue that.

I don’t think liquid derivatives of veCRV are the “natural progression”. They only happened because veCRV voters at the time let it happen. Had people realize how distorting to the incentives structure they could become, I question whether the votes would pass again.

Projects that seek to circumvent the time lock attract many short term participants, which I am concerned will be the case if this passes. Once the cat is out of the bag, it’s really hard and messy to wrangle it back in with a “blacklist” as some have suggested here.

FWIW, cvxCRV is not liquid CRV. This token is only entitled to Curve fees and emissions. CVX which is time-locked (albeit much shorter than veCRV) is entitled to governance, which is where the alignment needs to be created. This locking ensures voters are in aggregate aligned with the protocol at least over the medium term.

The value of governance has never been more apparent than it is right now. We have found traction. I do not believe there is a compelling reason to change course.

If historically, there has not been agreement on whitelisting an individual project, how can there now be agreement on removing the whitelist in its entirety? What has changed, other than framing the argument as a philosophical one? We should be practical and specific rather than philosophical and general when considering whitelisting. Making a philosophical argument tugs at heartstrings without speaking in specifics. If we move want a more open curve, it should be done with prudence, evaluating merits on an individual basis. This does not seem like a decision to bookend.

I see what you mean that the existing veCRV derivatives aren’t true liquid veCRV because they all forfeit the governance right. We might find ourselves with a veCRV derivative that directly passes governance power back to depositors, no lockup, just liquid veCRV. I’m trying to imagine a scenario involving liquid veCRV that becomes successful enough to undermine Curve governance. Maybe it would help if you could outline a possible scenario?

In the case of Convex, there are a couple of forces at play. True, vlCVX may be moderately aligned with Curve via the 16 week lock. But they are primarily aligned to Convex, getting a cut of the CRV earned on the platform, paid as cvxCRV. The cross compounding between CVX and cvxCRV reinforces their tokenholder’s commitment to Convex’s success. In a roundabout way, the individual comes to align with the long term interest of Curve because Convex has a long term interest. That long term interest originates from the enormous stockpile of veCRV forever held in its coffers.

What we see in Convex is an entity that has its own interest in Curve, distinct from all its participants, and yet it is able to bend the behavior of those participants to suit its needs. Participants, of course, are handsomely rewarded for serving Convex’s will.

Any organization successfully capturing veCRV would similarly need to create a moat that keeps its fickle constituents aligned to itself. People are naturally shortsighted, but the organization has a more or less permanent commitment. I’m not sure if there’s a plausible scenario where an organization doesn’t make any attempt to rein in the shortsightedness of its users, and still it manages to last long enough to become a dangerous competitor.

Every veCRV owner has a long term commitment to Curve, although it may mean something different for every owner. In the case of Convex, there’s a preference for maximizing Ethereum gauges (Convex’s boost service only works on Ethereum). There’s a preference against supporting StakeDAO or Yearn (its two main competitors). There are others I’m sure you could identify. Convex has a long term alignment because it owns veCRV, but it expresses that alignment differently than you or I or Yearn or Curve’s founder.

Along with the importance of incentivizing long term alignment, we should consider whether priorities of our veCRV holders are diverse enough to avoid any major pitfalls. Since organizations are becoming the most dominant veCRV holders, and organizations have priorities separate from their participants, we really shouldn’t get comfortable with the idea that 1-3 organizations is good enough to cover all our blind spots.