[RFC] Arbitrum USDC Vault next steps (Dealing with USDX bad debt)

1. Summary:

This RFC is to outline what the proposed next steps could be from the Lazy Summer DAO & Community regarding the USDC Vault on Arbitrum that has recently suffered, what appears to be bad debt due to the USDX depeg, initially created by the Balancer V2 exploit earlier in the week (3rd November)

Summary of the proposal includes;

• Remove the Silo susdx (127) market from the USDC Vault on Arbitrum (socializing loss across remaining users in the market)
• Add trusted guardians to the protocol that have the ability to freeze markets in the future
• Decide on future actions should similar happen again in the future which could be made quicker and more in the moment.

2. Context & Motivation:

Background
On the morning of November 3rd, Balancer V2 suffered an exploit (https://x.com/Balancer/status/1985390307245244573) leading to some pools being drained and excess liquidity being removed.

One of the pools impacted was the StablesLabs sUSDX/USDX pool, leading to $1M being reported lost (https://x.com/StablesLabs/status/1985565496482398619). At the initial exploit, the StablesLabs team reported removing liquidity (through their LPs) from Arbitrum and other networks (https://x.com/StablesLabs/status/1985269082296574083) - but stressed this was normal and that

Unfortunately, the communication re. the $1M loss from the StablesLabs team, including the note that losses would be covered by the team, would be one of the last updates until Saturday 8th November - at which point it seemed users and holders of USDX had lost faith, and the USDX peg had broken into a likely unrecoverable state.

How this impacted the Lazy Summer Protocol
At the time of the exploit, the Lazy Summer Protocol had exposure to sUSDX through deposits in a Silo Market in the USDC Vault on Arbitrum. At the time, $1.48M USDC was deposited into the Silo SUSDX/USDC (127) market, out of total of $9.8M USDC.

As soon as the announcement was made by StablesLabs about the exposure in Balancer and subsequent 1M loss, Block Analitica, the Risk Manager, to the Lazy Summer Protocol, set the risk caps to 0 - ensuring no more liquidity could be added, but crucially, that the automated keepers would then be in recovery mode, continuously trying to withdraw liquidity when it becomes available. Unfortunately, because the StablesLabs team, and it’s LPs had removed all liquidity from the Arbitrum network (and others), there was then very low likelihood of any users repaying and the Silo market was at, and remained at 100% utilisation (where it continues today).

As such, the Arbitrum USDC Vault today has around $1.49M of exposure that is widely considered to be unrecoverable. The StablesLabs team posted on Saturday 8th that a ‘Voluntary’ redemption process was underway, however there is expected to be little chance of success here (https://x.com/StablesLabs/status/1987031487884202426)

I would like to stress here, that I do not think the Risk Manager, Block Analitica, can have been expected to do much more to prevent the loss that occurred here. It does appear that the losses were ultimately due to the initial Balancer exploit, which cannot be foreseen. It should also be stressed that on the same day that xUSD, and then deUSD lost their pegs due to risks being taken in the market by the xUSD project, the Block Analitica reacted early and in a precautionary way to de-risk many positions which much greater value at risk, and as such, got liquidity out of markets before the announced loss and depegs of xUSD and deUSD - saving many more times the loss of Silo market, caused by protocol exploit.

What could be next
Right now, there is (10th November 1pm UTC) - there is around 2.43M USDC still in the Arbitrum USDC Vault, with around 1.49M expected to be unrecoverable. The deposit cap was set to 0 on Thursday 6th November, and many users have withdrawn capital already (TVL down from over $10M to the 2.43M today).

The Lazy Summer DAO has the option to socialize the losses from those remaining in the pool (by the end of the vote with a delay) and to remove the Silo Market from the Vault. This can be achieved through a governance vote, setting the timelock as raft in config manager. The other option, given the length of time that has passed now and how others have removed liquidity, to leave the Vault how it is, and allow those available to withdraw, to withdraw.

Another option open to the DAO is to add a set of trusted ‘Guardians’ to the protocol, through a multisig, which will allow the majority (or whatever the multisig is set to) to freeze markets and give the DAO time to decide on a response.

Finally, the DAO and community, should in my opinion, detail clear guidelines on how the DAO and Protocol should deal with events such as this moving forward, so it is clear and can be actioned quickly should an event like this occur again. In hindsight, these details should have probably been in place prior, however I believe as a community we learn from events like this and make the systems stronger as we move forward.

3. Proposal:

Go to vote on Wednesday 12th November with a series of votes detailing the next steps, as outlined in the open questions below once alignment has been obtained.

4. Open Questions:

USDC Vault on Arbitrum

• Should the loss be socialized between the remaining users within the Arbitrum Vault by removing the Silo 127 Market from the Vault, or left as it is?
• Should the SUMR rewards which are to be renewed on the USDC Arbitrum Vault on November 11th be cancelled?
• Should a new USDC market be deployed on Arbitrum?

Guardians

• Should guardians be added to the protocol in order to allow freezing of the markets to allow time to be taken to take agreed actions in future?
  – If so, I propose at least 5 community members are put forward (either self-delegation or through nomination and confirmation they wish to participate) onto a cross-evm chain multisig.

How to react in future

• As a community and DAO, we should have clear action points on how to react in similar scenarios in future.

5. Next Steps:

• Gather community feedback on the steps above.
• Iterate based on discussion
• Promote to multiple SIPs, and aim to go to vote by Wednesday 12th November on at least the Arb Vault Socialising vote (if needed) and ideally appointing guardians.

Tagging @Recognized_Delegates for their input in particular.

Thanks @chrisb for outlining this clearly, and for the structured next steps.

Given the current situation, I support removing the Silo sUSDX (127) market from the Arbitrum USDC Vault and socializing the loss across remaining depositors. While unfortunate, it’s the most equitable path forward now that liquidity recovery seems practically impossible. Leaving the vault “as is” only prolongs uncertainty for users and operationally complicates reward renewals.

1. In this case, I would make sure that Lazy Summer DAO does its best to make the depositors whole (+ snapshot of the users), once such possibility would present itself - either via Silo Finance or StablesLabs.
2. Once this market would be removed, can we consider the Arbitrum USDC Fleet to be functioning as before? The DAO can keep adding new strategies, and users safely deposit?

I also agree with pausing SUMR rewards for this vault. It’s not ideal to incentivize deposits into a pool carrying unrecoverable (as-of-now) debt. Those rewards can instead be redirected to strengthen the other Arbitrum fleet, or else wait until new Arbitrum USDC Fleet is deployed.

1. Here, I would like to add that this (pausing rewards) would apply only in case we decide to keep the strategy and the vault as is. If we decide to remove the strategy and socialize the losses, then the rewards can keep flowing.

In case the fleet and ark remains untouched, I would be definitely up for launching a new USDC Fleet on Arbitrum and making sure that SUMR rewards flow into it from the get-go.

On governance structure, I fully support adding Guardians via multisig with clear, pre-defined authority to freeze markets in emergencies. This would allow a swift response in future crises without compromising decentralization. Here I would emphasize the need to codify a “Crisis Response Framework” outlining triggers, roles, and communication protocols for similar incidents.

Each event like this strengthens the protocol’s operational maturity, and imo documenting these learnings is key.

I agree that socializing the loss from the sUSDX market is the most pragmatic path forward; it’s a necessary one-time event to restore vault health and provide a clean break from the current uncertainty. This decision directly impacts the rewards, and I strongly agree with @jensei ‘s logic if we socialize the loss, the SUMR rewards must continue. I also fully support establishing a Guardian multisig as a vital step for protocol resilience.

its a tough choice, but I do not think that socializing losses is the way to go.

Thank you @chrisb for the transparency and information.

In addition to this, I was impressed by the actions of @BlockAnalitica and I think a review or update from them on their actions and what went well vs not etc would be great.

Additionally,

1. I think that all users within this vault after Nov. 3 should receive additional SUMR tokens, and the users who are left with the bad debt should get the commensurate amount in SUMR tokens. (1.48M)

2. I believe a new two new USDC Arbitrum vaults should be deployed. One higher risk, one lower risk.The new risk tier as a learning and improvement from the sole one prior.

CC @jensei @chrisb @Recognized_Delegates

There are numerous lenders to this "set it and forget it” USDC Arbitrium vault returning to their Summer.fi portfolio dashboard in the last few days finding out their Lower Risk allocation is now priced at $0.

Some of these are retail funds. Socializing these failures tells the entirely wrong story to future lenders and token holders.

We need to make this right. Please consider @samehueasyou and others’ suggestions for helping affected, remaining lenders.

Hello, I’ve also been affected by this exploit. I had 5.15K deposited in this vault.
I specifically chose this vault because it was labeled “low risk,” so we clearly weren’t properly warned about the risk.
At the very least, we should be properly informed about what happened.
Do they expect us, the vault users, to bear the entire loss?
Is there any solution being considered to recover the funds we deposited in their custody?
I would like clear and precise information on what happens from this point forward, and I expect the recovery of the deposited assets.

Hi everyone,

I want to share a very clear and accurate recap written by @InstantZen on Discord, because it perfectly captures the situation that users like me who currently lost all our funds are facing. I think it’s important that this summary is also visible here on the forum for transparency and for anyone trying to understand what went wrong.

Here is the recap:

Summary of the Situation (credit to @InstantZen):

1. Depositors relied on the vault’s “Lower Risk” label & “set it and forget it” messaging (source) as a meaningful, curated indicator of reduced risk within Summer’s strategy set.

2. Depositors did not choose the Silo sUSDX/USDC (127) market exposure, which was introduced automatically by the vault’s strategy allocator.

3. The Silo market used a hard-coded $1 oracle, preventing Summer’s liquidation + socialization logic from recognizing the depeg and triggering protective mechanisms.

4. The protocol lacked emergency guardians or pause controls at the time of the incident, making rapid intervention impossible during the depeg window.

5. The Summer.fi UI did not surface timely warnings to existing depositors, and no alerts appeared on the portfolio dashboard where users monitor risk.

6. Early users were able to withdraw fully, while later users absorbed the entire bad debt through no action or fault of their own.

7. No user action contributed to the failure; all loss resulted from systemic issues in strategy integration, oracle design, and missing operational safeguards.

As another Discord member, Javier, highlighted:

Silo had hard-coded their 1:1 USD peg directly into their oracle - but this is the exact due diligence we expect from the risk curator. That’s exactly what users are paying for by using Summer.fi and BlockAnalitica services.

I can still see in the tooltip on Lower Risk vaults the following: Lower risk Vaults contain no exposure to peg or swap risk. - it’s stated that there’s no peg risk, but the risk curator is accepting using hard-coded oracles…

Why I’m Posting This

I am one of the users who lost 100% of my funds in this vault. And given the facts above, I believe it is fair to say that this outcome was not caused by depositor behavior, it was the result of system-level failures.

A “Lower Risk” vault should never put users in a situation where a complete loss is even possible.
Depegs, market stress, or smart-contract adjustments may cause partial losses, that is understandable.
But losing ALL deposited funds in a supposedly low-risk, curated vault simply should not happen under any reasonable interpretation of what “risk-managed” means.

This is why many of us feel that Summer.fi needs to take responsibility for this failure.
Users should not bear 100% of losses that came from:

• a mis-designed oracle,

• a strategy allocation decision we did not choose,

• missing emergency controls, and

• the absence of warnings in the UI we rely on.

If the goal is to build trust in this ecosystem, then events caused by systemic design issues should not be pushed entirely onto end users.

I hope the DAO and the team seriously consider meaningful compensation or support for those who suffered total losses due to failures that were not ours.

Hello, I completely agree. Those of us waiting for our deposits deserve some kind of satisfactory response. This can’t be a case of “if you’re late, you’ll get nothing…” It’s simply unacceptable. What happened will either make a platform disappear or strengthen it in the eyes of other users, but only if it provides valuable solutions. We’ll continue to wait.

Where can those affected contact each other? Telegram? Discord? Thanks.

The way this matter has been handled completely discredits Summer.fi in my eyes. We were sold (with commission!) the idea of “set it, forget it”… when in reality it’s “you have to check your balance very frequently to be among the first to claim your money in case of problems, otherwise you’ll lose all your assets.”

I suppose that the summer.fi team is working very hard now for the refinancing and recovery of this vault. Could we have from the admins some clear information about the timelines? When will be able to withdraw our deposits? Is there any activity required from the depositors?

I agree, is there a way for us to stay updated?

The following RFC was just posted in connection to this topic: [RFC] Arbitrum User Reimbursement, Insurance Fund, and Other Improvements

Hi Summer.fi Team and DAO Community,

I am writing as a user who has been personally affected by the bad debt situation in the Arbitrum USDC Vault caused by the USDX de-peg.

I deposited my funds into this vault specifically because it was labeled as a “Lower Risk” product. The marketing and interface indicated that it was a “deposit and forget” strategy without exposure to de-pegging risks. The fact that the losses were socialized among those of us who didn’t withdraw in the first few hours feels unfair, as we trusted the protocol’s risk management and the oracles provided.

I fully support the recent proposals regarding full user reimbursement. Whether it is through SUMR tokens, treasury funds, or the insurance fund, I believe it is essential for the protocol’s reputation to make users whole.

Here are my details for the record:

• Impacted Wallet Address: 0x8C0A0c6425B52f674A43ecf2BC714982d8ae7dC1

• Estimated Loss: 1.97K USDC

I have been a loyal user of Summer.fi and I hope the DAO votes in favor of protecting the users who trusted this platform.

Best regards,