I’m trying to think carefully about general principle of compensation.
Actually, we can seperate the affected users into two main groups.
The protocol user at the time of exploit. This include the ones who lend out money, the one who borrow, the ones who’re using leverage, and the one who’re staking.
The users who approved unlimit or over allowance. This include the ones who have already left the protocol but forget to revoke, and the ones who’re still in the protocol.
For myself, I got effect on both scenarios. I was lending out my money in the protocol at the time of exploit and I approved over allowance for some tokens in my wallet.
As we know clearly, the incident is from serious mistake of dev’s awareness in security principle. If dev doesn’t store private key in the plain text or word file in his computer and the key is divided by multi-seg, then they can’t trigger this incident.
To be honest, 1st group should be treated as higher priority. What’s the reason?
It’s because there’s nothing they were doing wrong. They were using the protocol and their funds were totally stolen due to dev’s fault.
The 2nd group share a small part of mistake because they haven’t revoke the allowance when left protocol, or they’re giving over allowance for the protocol.
By the way, the compensation must be provided as well (but could be second priority) because the main root cause is from the dev and the protocol doing serious mistake.
Lastly, I would say that the DAO voting should consider not only BRZX holder but also include anyone who were using the protocol at the time of exploit. Fulcrum can consider snapshot right before exploit to know which wallet address should be included for voting right. The value of compensation can be based on token value at the time of exploit.