The collapse of the IRON stable coin(irony-97882.medium.com) |
The collapse of the IRON stable coin(irony-97882.medium.com) |
TFA suggests that this line:
require(_share_price > 0, “Invalid share price”);
Isn't everyone passing around uint256's these days?
If you ever run into negative prices you want them to be negative, not positive in the trillions.
Is there any better description of these coins?
It wasn't any more honest than this; it was just kept quieter with private meetings and less publicity for the collapsed scams.
I'd be looking for the banker-adjacent people in these. The folks that don't work for the banks directly, but consult; somehow always seem to have some extra connection to someone at the bank, related, married, side projects...
With DeFi, you're simply exchanging one type of risk for another. Without due diligence you're pissing your money away- as it is to be expected. And as it was brought up before, this was an unaudited contract that had been running for what, weeks? Months?
Personally, I cannot say I understand DeFi deeply enough to get into the intricacies of "yield farming" and such, so I just avoid it altogether. Only have a relatively small amount of USDC and DAI accruing interest on Compound, which has at the very least been audited [0] a few times before, but even if it were to go tits up tomorrow for whatever reason, at least I understood there was that risk.
I think the real story is the insatiable appetite for get rich quick schemes in today's world, because without that many of these projects would simply not be used. IIRC they had some insane yields of like 50k% apy on their token, anyone with any sense would know to run away from anything promising that.
To program one you need to think about all the edge cases. The programmers here likely did want >0 here. The possibility that the thing feeding price data return zero incorrectly was higher than the price legitimately being zero in their minds.
There is no court or lawyer who can interpret the spirit of the contract.
That's obviously the point, though. You are trading one set of risks for a completely different set of risks that might suit your use case much better; your counterparty being able to contest a contract in court could very well be a "bad" thing for you.
But that's exactly the point.
People are not able to interpret "smart" contracts. For normal contracts most people can understand the contract and if there is a dispute you have laws and courts who can interpret in every case.
In case of "smart" contracts even the contract developers more often than not seem to not be able to understand all consequences.
So if we are trading one set of risks for another it kinda seems to me to be a a really shitty tradeoff.
Evading the law (whether the court or a regulatory body such as the SEC [civil] or DOJ [criminal]) is typically a "bad thing" for the person or people intending to or successfully doing so.
https://www.sec.gov/spotlight/cybersecurity-enforcement-acti... (SEC Cyber Enforcement Actions, control-f "blockchain" | "crypto")
https://www.ropesgray.com/en/newsroom/alerts/2021/March/The-... (The CFTC Signals New Era in Enforcement of Cryptocurrency Trading with Action Against Antivirus Software Pioneer John McAfee)
https://www.jdsupra.com/legalnews/doj-activity-on-cryptocurr... (DOJ Activity on Cryptocurrency: A Six-Month Review)
https://www.reuters.com/world/us/us-court-authorizes-irs-see... (U.S. court authorizes IRS to seek identities of taxpayers who have used cryptocurrency)
There is no trade of risks. The judicial system is still going to assert their authority over contracts. Your counterparty will still be able to contest a contract in court. The guys with guns the court sends out to enforce their verdict are not going to be impressed with "code is the contract" and "blockchain". They will lead you to a (jail cell) block in chains (handcuffs) if you try to defy the court order.
Instead you are trading specification of contracts in a legal language where there has been centuries of experience in writing and interpreting those contracts, for specifying the contract in a new language that is still evolving and where there is not a whole lot of legal precedent on how to interpret them and how to resolve bugs.
These "smart contracts" are not decreasing your risk, but rather increasing it.
(We've seen disastrous bugs overturned by community-consensus hard fork but not to my knowledge by court order). Not yet, but it seems inevitable.
This is the true reason they needed to special case <=0.
So it is, in fact, a dumb contract. Humans want contracts that make them whole at the end of the day, that's the point of the contract: jurisdiction over the human realm.
Sorry; decentralized autonomous finance is here to stay. There will be less disasters as we go along, but they will be much bigger.
As with vending machines, they have their use cases, but they aren't lawyer "smart" and they certainly aren't legal contracts. I'm not sure how much trouble a better name would have saved everyone, but it might have done a better job of setting expectations.
https://bitcoinmagazine.com/technical/daos-scary-part-1-self...
But a lot of it's good, and more good things will come out over time. It's currently the equivalent of like 1998 in the smart contract space right now.
It's code which does stuff and if you want to be on the safer side of it, you allow time and liquidity to test them out.
If you want to assume risks and possibly higher rewards you get in early (ape, in crypto speech).
It's pretty simple.
What makes it complicated is that they are called smart contracts.
Also, it's worth noting that this contract wasn't audited, a baseline practice in the industry. Most larger contracts go through multiple waves of audits, while this was apparently released with exactly 0 (so hard for me to be shocked when there are issues).
> A code audit likely would have caught this (this type of bug is so common in software development, I’ve probably made it hundreds of times myself), but of course this smart contract was not audited. Only its sister-contract on the Binance Smart Chain, written in a different language, was.
The alternative is our current, arcane legal system - only interpretable by lawyers who charge $600/hr.
Law is law, code is code. They're two very different things. Code can't prevent someone from using violence to force you to overturn a smart contract's decision. The law can because it's enforced by the state. You could certainly choose to build a system of law that uses code, but code by itself cannot substitute for law.
> only interpretable by lawyers who charge $600/hr.
What do you think the going hourly rate would be for software engineers capable of writing bug-free smart contracts? If adoption takes off I'd bet that it will look a lot like the hourly rate of a good lawyer, or even exceed a lawyer's hourly rate given the impossibility of an appeal if the smart contract is poorly coded.
Also lawyers don't interpret contracts. They draft them and advocate on behalf of their clients in disputes. Judges interpret contracts, and are available as a public service paid for by taxes.
except for the DAO fork of course, when commit rights were law.
The lawyer problem is even worse than not being able to interpret the contract. The code isn't even a contract, legally. When conflicts arise from these deals, courts will settle them the way they always have. They won't read code and then decide that "code is law." That's something programmers made up that will also never be true.
In comp sci, the halting problem says we can never guarantee that, given some input, a program won't halt. "Halt" is another way of saying "stop without doing the intended thing," which is what we call a bug.
One of the ways this translates to everyday debugging is that humans cannot ever know the range of all possible inputs or conditions to a program. We don't have that ability any more than we can give someone a list of all the words that can be made with the letters A-Z.
If we cannot write down what all the possible inputs might be, we cannot be sure that one of them doesn't cause halting!
By the same token, as useful as they are, no set of regression tests can prevent all bugs for the same reason: it simply isn't possible to come up with a set of regression tests that is in any real sense "complete" (ie: ensures no halting).
The halting problem was proved mathematically by Alan Turing and applies to all Turing computers, so we know it applies to smart contracts. In fact, the inability of the developers to conceive of one possible input (a zero value from the oracle) is what led to halting in the case of IRON.
To make the problem worse, even knowing that halting (aka bugs) was a possible outcome (a likely outcome, even), not only did the company apparently not seek any outside code audit, they locked down the contract (because it's "law," lol) so that the code can't be fixed even though it's now known to be broken.
So there's the stupidest kind of programming ever. Smart contract is a name in the same vein as the Ministry of Peace in Orwell's 1984. It is anything but smart. It is known to have bugs (halting problem) and they cannot be fixed (locked down "by law," rotflmao).
This is particularly the case with ownership of money. If you've put money in a bank, and the bank says "sorry, due to a programming error you can't get your money back," that's on the bank. They are legally required to try and get you your money back.
Similarly, legal contracts (as opposed to defi smart contracts) must contain certain elements to make them legally enforceable. These include such elements as capacity (the capacity of the signer to enter into a contract, which can take into account whether they can fully-understand the contract) and adequate consideration (whether the contract is blatantly unfair to one party). So a contract that seems reasonable but might have some complex edge-case that requires extreme fine-grain parsing or auditing to see how you might end up with no money may not be legally-enforceable at all.
In the defi world, it seems like you're entering into a contract that's written in code, but there's no requirement to be able to actually parse and have the capacity to understand all the code that is written in the contract (or omitted, in the case of edge-cases the programers didn't think about). This seems like it wouldn't fly in any legal contract.
Aside from the amusing programming error, the main problem with much of the "smart contract" activity today is that doing anything remotely interesting requires an oracle. An oracle is basically a server that reports the outcome of an event. And servers can be attacked in ways that systems like Ethereum can't.
So a lot of the hype around Ethereum and its "smart contracts" is really people just misunderstanding the security model. The weakest link is a server in a dorm room or data center reporting a number.
Here the oracle is doing the right thing. But it could easily go the other way.
Isn’t that just a Ponzi scheme?
And TITAN is printed by the system itself, whenever IRON is < $1?
Outside of abusing the oracle, that seems like a pretty pickle.
Smart contracts being immutable is a joke, almost. And more importantly, even if they were immutable, proving that formally for a Turing complete language is impossible.
Bitcoin smartly avoided this by making its smart contracts dumber.
https://www.bloomberg.com/news/articles/2021-06-17/mark-cuba...
I read about it. Decided to try it. Got out. Then got back in when the TVL start to rise back up As a percentage of my crypto portfolio it was small. But it was enough that I wasn't happy about it.
But in a larger context it is no different than the risks I take [in] angel investing. In any new industry, there are risks I take on with the goal of not just trying to make money but also to learn. Even though I got rugged on this, it's really on me for being lazy. The thing about de fi plays like this is that its all about revenue and math and I was too lazy to do the math to determine what the key metrics were.
The investment wasn't so big that I felt the need to have to dot every I and cross every T. I took a flyer and lost. But if you are looking for a lesson learned , the real question is the regulatory one. There will be a lot of players trying to establish stable coins on every new l1 and L2. It can be a very lucrative fee and arb business for the winners.
There should be regulation to define what a stable coin is and what collateralization is acceptable. Should we require $1 in us currency for every dollar or define acceptable collateralization options, like us treasuries or?
To be able to call itself a stable coin? Where collateralization is not 1 to 1, should the math of the risks have to be clearly defined for all users and approved before release? Probably given stable coins most likely need to get to hundreds of millions or more in value in order to be useful, they should have to register.
read: "ponzi scheme". This is pretty funny.
I guess they are comparable in the way that they both require a inflow of capital, is that what you're saying? That would make them similar to pyramid schemes and startups too. "Ponzi scheme" is more specific than "scheme."
The difference between this and a startup is obvious- a startup intends to become financially independent at some point
The article mentions a boundary condition ("_share_price > 0"), not an off-by-one error.
And these are discrete numbers, so I don't see the problem.
A huge fraction of off by one errors are > vs >= or < vs <= in a for loop.
This space is a giant house of cards.
Crypto is reinventing the same system as traditional finance and hitting all the same problems that we encountered in the last 100 years.
At least here everybody who opens their eyes can see that it's a house of cards.
>EDIT: I’ve since learned that the developer(s?) behind this are already the laughing stock of the DeFi community, having wrecked each of their 3 previous projects (now 4) — though this might be their biggest hit yet
And people poured $262 million into this?
https://www.bloomberg.com/opinion/articles/2021-06-17/titani...
> Other on-chain stablecoins like DAI are over-collateralised. For every $1 of DAI, there’s ~$1.75 worth of crypto assets in the DAI system.
What's the best DeFi project? One where the value proposition is actually clear, there are actually people using it and it's actually at parity or better than a traditional financial system offering?
require(_share_price > 0, “Invalid share price”);
https://github.com/IronFinance/iron-contracts
Is it in a different repo? Does it exist?
https://github.com/IronFinance/iron-polygon-contracts/blob/m...
> uint256 private constant PRICE_PRECISION = 1e6;
yikes :D
(If verified source is published, you can see the actual code; else you'd have to decompile the EVM bytecode. But basically 100% of the time, if verified source isn't provided then it's a scam, so it's safe to just ignore things without source. And, of course, even if verified source is published, there's still a high chance any given contract picked out of a bucket will be a scam, but at least you can review the code and spot the backdoor.)
Who did the transaction though? These people? The eth network? Was it considered money? And where? Do these people live there who did the transaction? I am not saying you are wrong but this 'war on X' attitude never was a great idea, it also does not work as it is not a singular entity that is to blame. It is a vast network spanning countries.
Focus directly on the entity doing the money transmission in this case- the smart contract IRON. They take in USDC and give out IRON and TITAN. IRON and TITAN are money substitutes. Money transmission includes anyone by any means conducting exchange of one type of money for another. Functionally that is what this contract is doing. The code didn't write itself, there are people behind it that released it, and they wrote it to conduct money transmission (a specific purpose). You don't even need to bring ethereum into the conversation to prove they are in violation.
I'm not sure I understand your comment about 'war on X' but I think it is a problem when there is an arbitrary application of these laws and unfair dealing that we see by regulators within the crypto industry. Maybe this is natural (self interest), and maybe it isn’t entirely their fault (limited resources).
I saw a twitter thread from a lawyer saying the SEC doesn't determine if something is a security, the courts and congress do. Then why are we obsessed with the SEC’s opinion? I speculate that we just need court cases and we do not need the regulatory authority to bring the court case. Maybe that is the problem to solve.
Someone has to make this into a meme. It will definitely be my excuse for my next multi-hundred million dollar value destroying software bug.
The biggest issue for me wasn’t TITAN itself, that was a risk I considered and had a plan to manage.
What really got me was the Polygon network crashing and breaking all of the safeguards I had put in place.
There is evidence that a DDOS attack was carried out against Polygon while this was happening, blocks were packed with self transfers for 0 MATIC.
This took down rpcs and shot gas fees through the roof, preventing many people from exiting their positions.
If it weren't for the Polygon network going down my stop loss protection would have exited my pools and limited my losses to around 10% instead of 100%.
Reminds of my retail trading days and waking up to see a stock gap below my stop loss during after-hours.
This is one of the fundamental flaws with many L2 networks. The lower fees are enabled by a centralization of the versifiers which makes them more susceptible to high loads and DDOS attacks like this.
BTC and ETH have both been the victims of DDOS attacks in the past, but it takes orders of magnitude more money to do it because of the high gas fees on those networks.
I kind of agree with you, but then, since it would fit for integers, I can’t think of a better name and could live with some generalization of “off by one”. I’m not a mathematician but maybe something like “off by n; n -> lim 0”
EDIT: Or maybe “comparison error”. I like that the best. But calling it an off-by-one seems wrong, especially as what we usually mean by that is something more like not handling the last iteration of a loop correctly.
“I think you are off by equals here”
Much later I learned all you had to do was copy and paste a Solidity program and then promote it.
Guess I dodged an ethical bullet in my ignorance, but still...
Pyramid Schemes have the originators (the "top" of the pyramid) win lots of money, while the base (the "bottom" of the pyramid, where most people are) losers. And the top barely did any work to get there: they just took the money from people below them.
The general rule is that if the majority of money does not come from selling to retail customers (either directly or downstream), but rather from recruiting new members, then it's a pyramid scheme.
Aunt Meg, is that you? I told you to stop it with the essential oils already.
On a forum I used many years ago a regular was forever pushing an MLM and I investigated how it worked, just to try to understand how screwed he was rather than out of any misunderstanding that MLMs are a good idea.
It was one of those health juice MLMs, and what I realised was very clever was that the business structure was set up so as to on the one hand make it less obviously an MLM, and then on the other hand ensure the scammers were insulated from the scam.
There's a pretty ordinary over-complicated compensation package, with tiers of distributors getting a percentage from those beneath them in a structure that sure looks like a pyramid - and imaginary "consumers" who buy at the supposed retail prices at the bottom of the pyramid. But the juice itself is bought exclusively from a separate company at an inflated price.
If the government shuts down the MLM company, few there were getting rich, it's just a handful of people out of an office somewhere. The big money flows into the juice manufacturer selling this awful tasting muck - and they can claim they know nothing about any pyramid scheme. Selling cheap juice for lots of money isn't a crime it's just capitalism.
This has been the problem with smart contracts since day one. It is that simple.
Thank you! I've tried to put it into words before but I think this is as close to perfection as one can get while describing why smart contracts are not what people believe them to be.
This has been seen in practice, for example in the Fulcrum hack:
https://gist.github.com/alexvansande/edcc9fe935b61526766c956...
https://dappradar.com/blog/defi-flash-loan-attack-what-just-...
It doesn't have to be an API. Side channel attacks can provide unintentional oracles. For example, if you have a password checking function that takes longer to return a false result for "close" inputs, then it leaks information that can be used to crack passwords (simple O(n) string comparison would be an example)
My uneducated inference is that an oracle is a data source and you can hook into it from the smart contract. The oracle seems to live off-chain and live on a traditional server/DB.
Please correct me if the above is way off!
[0] https://docs.iron.finance/iron-finance-on-polygon/titan-dist...
[1] https://www.coingecko.com/en/coins/iron-titanium-token
edit:
On further inspection, it seems like they'd just need to get the price up to the 6th digit[3]. I'm not sure it's feasible though.
[3] https://github.com/IronFinance/iron-polygon-contracts/blob/m...
This is exactly what crypto-enthusiasts claim is going to happen to the US Dollar and I've never heard mention of crypto taking pity on fiat by offering to give them crypto when the bottom finally falls out of fiat.
So why should anyone else be responsible for people who took a calculated risk that blew up in their face?
Yes, this sucks for them. But this shit happens. Don't throw good money after bad.
Profit.
There are a lot of people with USDC locked up in the contract and they might be willing to pay a share of it to unlock it.
A calculated risk is that you put money into something which may end up losing all of its value; not that your collateral becomes locked in a safe with an accidentally lost key. They had a reasonable expectation that even if the value was totally lost, they wouldn't have their collateral locked forever. Their investment, yes, but not their collateral.
Sure, one always has to account for extreme scenarios when doing anything, like the risk of a critical flaw in the code. But to give another extreme gambling scenario:
Let's say you put your car up as collateral for a huge gambling bet. You of course take a calculated risk that if you lose the bet, you lose your car. Then let's say you back out of the bet after putting up the collateral, or you even win the bet, but there was a mixup at the casino and they thought you lost the bet and they took your car without you realizing it and it's on another continent now.
In both scenarios, you hope that you can at least get some kind of compensation from the people you entrusted the collateral to, since it was just a complete fuckup on their part. You know you're not guaranteed to get anything, but I think it's reasonable to try to ask for compensation. If you just took a bet and the value plummeted, then you know it's tough luck for you and just a standard high-risk high-reward scenario that you ended up on the losing side of, but this is something else.
(At least if I'm understanding this properly and the collateral really was purely collateral. Seems to be a bit complicated because they were attempting to make a... stablecoin... pegged to an intentionally volatile asset, somehow.)
>This is exactly what crypto-enthusiasts claim is going to happen to the US Dollar
It's mostly just Bitcoin maximalists who think that, and they're a small subset of people who own Bitcoin. This is Binance Smart Chain (basically a copy of Ethereum), and I'm sure some BSC/Ethereum users believe something similar, but it's a much smaller percentage than even Bitcoin's small percentage.
Also, I don't think they think every dollar is secretly embedded with nanobots that'll encase the bill in titanium after someone at the Fed trips and falls on a big red button, which is what would be analogous to this. I think they think the dollar will lose most or all of its value due to hyperinflation. I think that's a completely unfounded belief based on an unfounded philosophy, but it's a different and entirely unrelated thing.
Reasons why this might NOT work:
1. The oracle "broadcasts" the price to the network, which other services may rely on. Broadcasting a false price could hurt those services, and the oracle would lose credibility.
2. The oracle's price is somehow tied into other blockchain mechanics (i.e. it can only report a price that the network consensus agrees is true)
I'm not sure how #2 could be true, since the purpose of an oracle is to provide information that the blockchain can't determine on its own.
EDIT: More info on the price oracle in use here: https://docs.iron.finance/mechanism/pricing-oracle
Still not sure the exact mechanism, but #1 seems to be the concern. Chainlink can't readily tamper with the price feed that may be in use by others.
edit: Nevermind, I misread. It's -0.0961, apparently.
I don’t know what the Oracle is using but it would be amusing if something else means the price is “stuck” at zero once it hits zero.
[1] https://www.cnbc.com/2020/04/26/why-oil-prices-went-negative...
In a ponzi scheme, the perpetrators will not willingly directly reveal that it's a ponzi scheme.
In cryptocurrency, the perpetrators are honest and transparent about it being a ponzi scheme, but surround it in so much techno-babble that they make it sound like a ponzi schme is what you WANT.
There were ponzis some years back like OneCoin and BitConnect.
I think this isn't quite right in all cases. I think some people know it's a Ponzi scheme and genuinely do want a Ponzi scheme. They just want to get in and out quickly. It's gambling. Sometimes you're a victim and you lose money, and sometimes it works out and you make money.
> If the price of IRON goes down from $1 (good) to $0.95 (bad), you just issue some TITAN (worth $65) to buy some IRON until it’s worth $1 again. And if IRON keeps going down, you just issue some more TITAN (worth $60) and buy more. And if IRON keeps going down … [you can fill in some more iterations here] … you just keep issuing TITAN (worth $0.000000035) and at that point you’re not accomplishing much. If you could sell 286 trillion TITAN at $0.000000035 each you’d raise $10 million. That’s probably hard. There are 285 million IRON (formerly worth $1) outstanding.
So probably not a Ponzi scheme but also not a scheme that was created by someone who can think two steps ahead.
What you're describing is what they tried (and failed) to avoid. How can you make it to the "I’m wondering if this can last mathematically?" part of this article and still think there's a mastermind behind all of this?
The main innovation is that there's no one to sue. The founders can just print themselves a bunch of coins and remain basically anonymous.
They also bypass regulation, because its on the web?
Regulators are asleep at the wheel. This entire category of 'technology' should have been snuffed out years ago for the good of us all. Now, look around us as GPUs and other chips are out of stock, cities face blackouts due to coin mining, and the major use of these coins is to fuel ransomware attacks that take down critical infrastructure.
All entirely pointless - or even outright negative - activity.
This is more like if you bought a lot of dollar bills that were 75% backed by gold and %25 backed by Dogecoin. They are comparable in that both keep working as long as no one tries to cash out, and money keeps coming in.
So...a Ponzi scheme?
Literally no conceivable parody could work as an actual parody, I think. There are coins people are getting rich off of with names and logos like "Pregnant Butt", "CumRocket", racial slurs, etc.
There's absolutely no doubt in my mind that if it hasn't already happened, coins named "Scamcoin", "Rugcoin", "Ponzicoin", "This is a scam coin, please ignore", "If you invest in this you will lose all of your money and be the laughingstock of your friends, family, and communitycoin" could probably quickly reach million/billion-dollar market caps.
You could make a token with a smart contract which self-destructs itself at a random time, and explicitly disclose this fact, and it'd still probably get a huge market cap and retain it up until the day it explodes. Or you could make one that does this, don't disclose the fact, have millions of dollars flow in without a single person ever looking at the code, and get the same result. (Doesn't matter if you do or don't publish the verified source code; if you do, no one will look at it, and if you don't, no one will notice/care that you didn't before investing their life savings in it.)
Poe's law doesn't even quite describe it, because it's not that you can't distinguish between parody and sincere absurdity. There's just no difference between the two in terms of actual real-world outcome. Whether you make an intentionally or unintentionally terrible coin, and whether or not you're open about it and whether or not people are aware of it, it's still going to receive a ton of investment.
And it pretty much makes sense why this is and will be the case (unless the US government starts cracking down). People are buying because they find it entertaining and think other people will find it entertaining and buy and that they'll think other people will find it entertaining and buy, etc. And then they just wait until their initial investment multiplies a bit and they try to get out before the inevitable collapse. It's a fast-paced psychological arcade game. In some sense it's a distillation of Wall Street to its purest essence, for better and worse.
As someone who doesn't know much at all about crypto, it seems insane that apparently coins can be closed source? But how? How does the chain know what code to execute?
That's two items, but there's more. However, cyberpunk in the early 90s was so gonzo that it was not an obvious parody to many readers.
completely unusable as a currency, even maximalists cant seriously tell people to use it as such. "cryptocurrency" at this point means less useful than any currency in any mmo
Coins that support smart contracts show that "cryptocurrency" isn't a great term. Even if you never try to use ether as a currency (and indeed, most people don't), Ethereum can and does still do lots of things completely unrelated to finance in any way, with ether just serving as computational fuel.
The interesting part is fully trustless peer-to-peer networks, not e-currencies. E-currencies are just an example of one thing you can run atop such a network protocol. They've already existed to some extent for a long time via protocols like BitTorrent, and these just expand on those ideas.
I recently needed to buy something from a merchant, who was not able to acquire a traditional credit card merchant account, or a business checking account. I had three options to pay to that merchant: cash in the envelope, money order, bitcoin (merchant also run a promotion for bitcoin method of payment, discounting the total of the order by 20% when paid by bitcoin).
Bitcoin turned out the best option out of these three.
Here's a snapshot before it shut down: https://web.archive.org/web/20140312233243/http://ponzicoin....
Searching for Diamond Coin Token or DIAH token got me results for DiarrhoeaCoin!
I mean, there are some people there basically saying "yeah, I brought $0.10 worth of it, now I just have to wait until I'm a millionaire", even those I can't decide if they are joking or not.
An independent auditor, with reputation on the line, could, for a fee, offer independent coin analysis and risk assessment. Perhaps something similar to the Underwriters Laboratories model... knowing a coin was "Coincheck-certified" or something could give similar confidence to knowing the UL sticker on a lamp means it's a bit less likely to burn your house down.
I don't think this will matter. Moody's and S&P are two rating agencies that both failed to give useful info before the 2008 financial crisis. Their reputations weren't affected much as far as I can tell.
Con artists are good at what they do. People are a thousand times easier to hack than a database server. And there's no security patches for human emotion; we are full of 10,000 year old zero days.
As a sidenote, I almost always got out just before a crash by when I was playing with altcoins by waiting for people to get over the top enthusiastic in their subreddit and then selling everything. Might as well have been luck though, so don’t try it ;)
https://ironfinance.medium.com/iron-finance-post-mortem-17-j...
I've seen some pretty amazing examples of charismatic people spewing absolute nonsense with the audience hanging on every word like they are a genius. Put far more interesting ideas in the mouth of someone with no charisma and they are ignored.
Humans are merely clever. We are not truly intelligent.
If a stablecoin issuer like USDC can make arbitrary decisions to null any USDC token and they use that power, that is a good argument for the point that they are not following aml/kyc on every hop or transaction of USDC, even though they are allowing the transfer of dollars behind it. USDC can be charged with violating money transmission / bsa / aml/ kyc requirements.
Yep, short of the fed issuing USD tokens directly that's always going to be how USD stablecoins work.
>so what's stopping coinbase from just nulling the locked usdc and minting 262MM new ones
Nothing, other than that they have zero incentive to do it. I doubt whatever goodwill they get will come close to the $262 million that they don't have to pay back.
But now that I've looked at their website, I think I can say that the writing just has a low budget BS-y tone to it.
I'm not claiming to have an infallible BS detector. But this thing in particular gives me an overwhelming sense of they're trying to sound intelligent to people like me who don't understand a word.
They sound very like the writers of spammy financial news that clogs Google search results for public companies these days. The ones that aren't actually bots, I mean.
"Market shocks provide the best stress tests for stablecoin pegs, and IRON’s strong peg retention should go a long way to grow trust in our community. IRON has shown itself to be a shock-proof stablecoin, and the stabilizing protocol is now battle-hardened."
Runner ups are Compound and Aave — two large overcollateralized lending platforms. And the Maker: the USD-pegged “stablecoin” which gives anyone who doesn’t want ETH price exposure access to these DeFi tools. That’s the area where a lot of people think there’s room for improvement, hence all the experiments like the project this article is about.
Most of the stuff people use essentially seems to be one form or another of shuffling the unit(s) of account around, like the ones you listed.
You have a cryptocurrency. What are the uses for the cryptocurrency? Well, you can swap the cryptocurrency for another cryptocurrency or let someone else borrow the cryptocurrency in exchange for some more of the cryptocurrency or use the cryptocurrency to obtain a cryptocurrency that's a derivative of another cryptocurrency so you can make more of a different cryptocurrency. And what can you do with that cryptocurrency? Well, you can swap that cryptocurrency for another cryptocurrency or...
There's a bit of a "pull yourself up by your bootstraps" thing going on (in the initial sense of the term).
Despite the cynical question, I'm genuinely fairly optimistic about the future of smart contracts and Ethereum. I think there are some interesting non-ouroboros ideas in the space, like Kleros, but none of the ones I've seen seem too popular, valuable, or useful yet. But I could be missing some, and I know it's still the very early days.
You can easily get 50%+ APY a year on various stablecoins and crypto.
The point where the two realms intersect is challenging but needs to be handled appropriately. It would be great if some of the terms of legally binding contracts could be delegated to automated systems. And when two parties do not actually share a common legal system, then code-based contracts can facilitate transactions that would otherwise probably never happen.
You can hit the developers and the computer has much has you want but no amount of violence will fix the "_share_price > 0".
PlusToken was certainly a Ponzi, I don't see anything in this article that suggests IRON is/was one.
I would very much like to see regulators purposely engage in these activities, and then directly pursue those within their reach. There's no reason to wait for more citizen victims when the model is proven and the government has the resources to set the stage to demonstrate the failure scenario. This is simply a more elaborate sting versus putting a car on the street to be boosted.
However, I'm not a lawyer and I imagine this is likely more complicated than that.
Clearly the programmers didn't fully think though what would would happen if TITAN reached and got stuck at zero value.
> quite trustworthy
As someone being used to write fixes to code that is 20 or even 30 years old, I had to chuckle.
And the unexpected results may be billions of dollars worth of assets lost. Like most of SV, most of the cryptocurrency space is "move fast and break things", but breaking things entails a little more than an app being down for a few hours.
However, I can think of an exception. Augur is a prediction market that doesn't use a trusted source to resolve bets. It doesn't get a lot of use these days, and probably won't before scaling resolves gas prices, but the bets that have been live on the system have resolved correctly.
* (A lease in your name on Lexus that they will cover the payments on so long as you keep consistently bring in a statistically unlikely amount of product every month for the entire 72 months you were signed up for)
The rating institutions won't take a big hit for blowing a call that 90% of the industry also blew.
Fantastic. I genuinely was just coming up with those on the fly and did no research to see if any existed, but added "if it hasn't already happened" because I was still confident enough that some very likely did exist and very likely were successful.
My post with your reply feels a little like movie scene dialogue. (Perhaps Aaron Sorkin.) What a time to be alive.
If you just have a large amount of a worthless asset and you convince other people to buy it on the market to pump the price up (mainly via social media and “influencers” these days) and then you dump it at the top then you have a…
See: Herbalife and Ackman vs. Icahn.
Or AFLAC. (I'm not saying they are an MLM, but I've been personally approached for a "job" that seemed to be sales with no qualifications needed and I wondered)
There's more detailed information on a different page[2] including the following quote which I think supports the general rule I listed in my original comment:
> ...[Amway's] sales plan was not an illegal pyramid scheme. Amway differed in several ways from pyramid schemes that the Commission had challenged. It did not charge an up-front "head hunting" or large investment fee from new recruits, nor did it promote "inventory loading" by requiring distributors to buy large volumes of nonreturnable inventory. Instead, Amway only required distributors to buy a relatively inexpensive sales kit. Moreover, Amway had three different policies to encourage distributors to actually sell the company's soaps, cleaners, and household products to real end users. First, Amway required distributors to buy back any unused and marketable products from their recruits upon request. Second, Amway required each distributor to sell at wholesale or retail at least 70 percent of its purchased inventory each month -- a policy known as the 70% rule. Finally, Amway required each sponsoring distributor to make at least one retail sale to each of 10 different customers each month, known as the 10 customer rule.
Lastly, just because people disagree about the nuances of the rule, does not mean the rule doesn't exist. I feel very comfortable with my original statement, and those in favor of e.g. Herbalife would vigorously argue that meet my definition of MLM, while those who think its a scam would argue that they don't meet it.
1: https://www.consumer.ftc.gov/articles/multi-level-marketing-...
2: https://www.ftc.gov/public-statements/1998/05/pyramid-scheme...
Bill Ackman declared: 'Herbalife has actually been shut down by the FTC, they just haven't realized it yet'
But Herbalife management, and Carl Icahn, said that the FTC had determined it was not a pyramid scheme despite the $200M fine.
The chair of the FTC denied that they determined it was not a pyramid scheme - but at the same time, they carefully didn't say it was.
I'm just saying you can't really treat the FTC as the ultimate authority, because even they don't know.
They literally handed their money to a computer program that works outside of human control and cannot be interfered with... which means if something goes wrong no one can intervene and sort it out. This is a risk they took willingly. It's not the first time a computer program malfunctions, and won't be the last.
That's true in general, but in this rare case anyone's USDC can actually theoretically be recovered in full if the price ever manages to get just barely above 0 for a period of time and they pull it out during such a period.
If nothing can be done, you have to just take the loss. But here something can actually be done, and it's not like it's infeasible. Just hard.
If it's possible, what would make it difficult? Or what would make it impossible?
I kind of thought that there isn't normally any requirement for any particular volume of trading to set a price.
Similarly the expectation for anyone trading crypto surely has to be that it’s a risky volatile asset class where you can lose all your money in a variety of exciting new ways, and if you are parking some of that money in dollar stablecoins some of that expectation ought to carry over. If you want to put your money somewhere safe, there are banks and money-market funds and Credit Suisse supply-chain funds, and if any of them go bust then that is a potential financial-stability problem. If you want to put your money somewhere safe for crypto, there are stablecoins, and if any of them go bust then that is a brief distraction from the crypto exchanges losing their customers’ money in other ways."
While Chainlink has its own host of issues and risks, there are still valid reasons why companies are paying them and their node operators good money to feed price contracts for ERC-20 token pairs.
[1] https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0c...
Or... you could just lie about the USD and issue a stablecoin anyway.
I see exactly zero existing definitions of ”ponzi scheme” that mentions any "central actor" so you seem to be creating an entirely new definition purely to avoid the "ponzi scheme" label.
If you're having to google the definition of the term maybe there's still a little more you need to learn about it.
Decentralization is a spectrum. But I would argue this approach is far more secure than naive oracle implementations.
Not all applications need oracles. It depends on whether your smart contract needs information about the world outside of the blockchain.
And what does it mean that they could exit, when the contract itself was completely broken in the meanwhile?
In this case people wouldn't have been able to exit due to the bug, correct.
Most people don't monitor the finer details of their investments 24/7.
12 hours is better than nothing, but it's unrealistic to expect everyone to stay tapped into news feeds about their crypto at minimum twice a day.
It's not an argument that's going to convert many people, but at least it's honest.
Imagine for example if a mortgage contract contained some bizarre inscrutable loophole that as-written would give the first 3rd party to notice it total control over over the house.
This would of course be laughed out of court because that part of the contract wouldn't be enforcable under contract law.
"Code is law" is more accurately written as "code is not law at all".
That's a really good point. They are arguably neither "smart" nor "contracts". Maybe a better term is "automated blockchain agents" or something similar?
A ponzi scheme is a description of a certain type of fraud. We can reduce it to it being the fraud of claiming new capital as investor dividends. It's a little more complex, but at its heart, that's what you got to do.
If there is no lie about the source of the money, it's not technically not a ponzi scheme.
Nobody wins in an argument over which definition of a word or phrase is correct.
Whatever happened to the debates over whether something was ironic?
And I'm not saying don't say it's like one, I'm just saying it's technically not one.
> new money is needed to pay old money
WOW that's a broad definition. Turns out my 401k is a Ponzi!
Do you know the difference between, say, a pyramid scheme and a Ponzi scheme? Or is "new money is needed to pay old money" the most nuanced understanding you have?
The label is also controversial, but it should be an undisputed fact that people call it that, and it's obviously not particularly similar to Madoff's scheme.
Similarly, it's not hard to find people calling (particularly public) pension funds Ponzi schemes.
Citation please.
> Do you know the difference between, say, a pyramid scheme and a Ponzi scheme?
A pyramid scheme can make money for all participants but makes much more money for people high on the pyramid. Rising up the pyramid depends more on recruiting skill than time of entry.
A ponzi scheme doesn't actually make any money but merely redistrubtes money from later investors to earlier investors.
Homeless people buy a tent as a fallback for a house. That doesn't mean they want to live in a tent for the rest of their lives.
They may very well make/adopt some cryptocurrency as the new primary fiat by then, but I kind of see the idea of Bitcoin keeping the US government in check similarly to the idea of gun ownership keeping the US government in check.
Out of curiosity, can you describe an example of how it could potentially serve such a purpose, even in a hypothetical contrived scenario?
Are you a slack-jawed puppet of the charismatics, or is it just everyone else?
To make this more than just a rhetorical question, one could take a poll - who took Adam Neumann seriously, because he seems to me like the epitome of a "charismatic" who walked away stupendously wealthy from a fiasco (WeWork) without serious penalties.
I don't think I'm smarter than everyone else, but I also don't think Neumann and WeWork were anywhere near something that made sense to me.
I was being a bit hyperbolic for effect.
If I write a smart contract and publish it to github, but someone else deploys it, is the other person doing the "money transmitting"? What if we don't know who actually published it (which is very possible since all you need is a small pile of ETH to deploy)?
Interestingly, this is actually what happened when curve (decentralized exchange) launched their token [0]. Some "random person" deployed the contract and then a few hours later curve said "yeah, that's our contract code, we'll use it". People hypothesize that someone from curve launched it in an attempt to avoid certain laws.
[0] https://cointelegraph.com/news/anonymous-developer-deploys-c...
I think people are trying to use the idea that ethereum works differently than AWS, but that doesn't matter. The point is the owners or writers of that code wrote it and put it out to the world with intent or purpose to do money transmission. They published that code, paid the gas fees to do so on ethereum. Now anyone can interact with it.
If you want to prove that ethereum is different please state step by step why it is the case.
The difference is that you have full control and ability to change the application that is deployed to aws. On Ethereum, you have whatever control you gave yourself, which in most cases is 0, you're not able to modify the application, or even take it down (this is desirable so people don't have to trust you).
To me you're not involved in the process if you have no control over the application that is doing the "money processing".
The people behind Bitcoin were basically thinking: Ok, our banking system failed because of low inflation and a savings craze. Let's make both of those worse so that it will never become possible to run an economy on top of Bitcoin.
Fiat banking failed because an aging population has a strong saving preference to the point that it chokes out businesses. The idea behind saving is that you release production capacity in the economy so it can be used on something else. The population isn't going to stop aging. The problem is going to get worse over time. There won't be a something else unless the government artificially uses the savings on that something else.
1992.
The internet was the domain of colleges and government institutions. The Eternal September would begin one year later.
1992.
The Super Nintendo Entertainment System just came out to most of the world, with North America getting it the year before and Japan two years prior.
1992.
One whole year before Doom would come out.
1992.
Windows 3.1 when it was still a DOS shell was released.
We were beating our heads against 386 processors praying for 486s, hopefully with the math coprocessor so we could actually get something done.
Even then, we knew. And now it's nearly 30 years later and it's just as true then as it is today.
The current financial system becomes more robust every time a black swan event like 2008 occurs.
"[EDIT: I’ve since learned that the developer(s?) behind this are already the laughing stock of the DeFi community, having wrecked each of their 3 previous projects (now 4) — though this might be their biggest hit yet]"
Screwing up the maximum supply seems like an enormous blunder while I kinda understand the assumption that “price > 0” if they’re supposed to be backed by 75% usdc.
Probably a rhetorical question, but they might decide that it's a price they can pay for trust in their system.
Not sure if I understood where the real value currently is though.
If USDC can revoke any p2p transaction of USDC, that means that they can revoke the transmission of movement of dollars/reserves that USDC token represents. Implicit in that, means they have ultimate control or authority of all p2p transactions or transmissions, and they are not doing kyc/aml on all p2p transactions, thus in violation of money transmitter laws.
Many of those same people could make and were making money through other forms of cybercrime for years. Even without cryptocurrencies, new technology will always keep coming out that'll facilitate and potentiate more cybercrime.
To me, the answer there is and has to be geopolitical. Whatever crime they're committing, if it's against a foreign national, they have zero fear of repercussions, and that lack of fear is totally rational because there's basically no chance they'll ever face repercussions even if their real name and address is plastered in a million places. If they knew they could be extradited, or at least sentenced to serious prison time in their own country, and that there was a significant chance of it happening if they were to be identified, then I'm convinced most of them would behave differently.
They are comparable in one way however.
I think a lot of people saw The Wizard of Lies and "Ponzi scheme" is the only financial scheme they're familiar with, so it gets thrown around a LOT.
There's pretty much a rule of thumb that tokens should always be open source, in part because it's much easier to hide a backdoor if you don't publish the source, and also because cryptocurrency communities generally share the open source, high-transparency ethos. The #1 Ethereum blockchain explorer site has a system that lets you submit source code for a contract, and they verify that the source code compiles to the exact same bytecode.
You can very safely assume that if there's no source, it's malware. For every single instance I've seen where a project doesn't publish the verified source code, it's always been because the code is backdoored.
You can decompile bytecode, but scam projects will often add a ton of obfuscation or even specific things to confuse the decompiler and make it fail to decompile certain parts. Better decompilers will keep getting written, so you theoretically won't ever be able to truly hide what your code is doing even if you don't publish source, but it's sort of moot because verified source code is bare minimum "table stakes" for anyone (competent) to interact with your project.
The caveat being that most investors are non-technical and don't have a clue what any of what I just wrote means and will just invest in whatever if it has a name and a logo. But in that case, they'll invest in a scam project whether or not they publish the source code. And for the percentage who do at least know that no source = scam, they'll still invest in every scam that does have source code, which is most of the scams.
(Though I guess it would be hard to imagine how that wouldn't be the case, if you're assuming the same reference compiler is used and that each release, no matter how minor, has a different version. A non-deterministic compiler is probably a bad idea, unless you're trying to make a Malbolge-type language or something.)
In theory perhaps you could discover some major compiler issue where benign-seeming source code generates malicious bytecode for a certain version, and then use that specific version to deploy and verify your contract, but I'm not aware of any such issues. I imagine there would probably have to be an incredibly big fuckup for that kind of bug to occur.
https://etherscan.io/address/0x1a2a1c938ce3ec39b6d47113c7955...
Increasingly I think they're the smart ones. I'm sitting here working my butt off for a few thousand dollars a month, while these guys raised hundreds of millions of dollars without even being able to grammar check a sentence. Who's the real sucker?
They still get a lot for free scamming others. Just do not think that a 100m$ ICO means they raised that. They cannot get anything close to that out.
Edit: whoops I never knew what became of Groupon but I see it was a massive scam altogether. Seems the investors could have known that from the first time they met the founders by just typing some names into Google. How does that work?
They almost always seem to get bingo; the companies and the people that rely on them take the hit.
https://www.nationalobserver.com/2016/02/18/news/did-kevin-o...
I would consider all the founders and early investors who knowingly promote the ponzi scheme as con artists.
I google the definition to charitably give your argument the benefit of the doubt. I don't see how you think phrases like the following make for effective communication or a strong argument:
> If you're having to google the definition of the term maybe there's still a little more you need to learn about it.
Either:
1. I'm trying to dodge the label "Ponzi scheme" for a reason you haven't provided (maybe you think I have millions invested in this shitcoin?)
2. This isn't a Ponzi scheme, and you don't know what a Ponzi scheme is
There can be multiple operators.
I see zero good reasons why decentralized schemes can't be ponzi schemes.
Your argument is akin to claiming that a three legged dog is not a dog because dogs have four legs.
I wouldn't be so uncharitable as to presume to know why you have chosen to make this argument.
I think your argument would be clearer if you took a step back and explained why you think that "central actor" is such a critical part of the meaning of "ponzi scheme" rather than a incidental feature common to ponzi schemes.
https://digitalchamber.org/wp-content/uploads/2018/02/Smart-...
> Is A Smart Contract Always A Legal Contract?
> No. Because a smart contract is computer code, a smart contract may represent all, part, or none of a valid legal contract under U.S. law. Smart contracts function – in whole or in part – to give effect to legal contracts. Thus, smart contracts are the programmatic means by which some or all of the terms of the legal contract are performed. It is the underlying contractual terms that are given legal effect.
That legal contract and the contractual terms is what is evaluated and governed by the legal system. Smart contracts are fancy business logic snake oil salespeople are attempting to sell as the law of the land.
When I get my car fixed at the mechanic, I am paying for the service but at no time do I transfer ownership to him. One procure we could follow is for him to do the repair, give me my car back, ask for payment, and then pursue me in court if I refuse to pay. But instead, the procedure is that he just keeps the car in his garage until I pay. (If I want to call the police to get my car back, I can, but now I have to explain to them why I'm not paying, and enforcement is much easier.) This forces me to respect the agreement we made - repairs in exchange for money - in a more robust way than any contract ever could.
Except when they don't, which is... most of the time?
It's true (and I would hope obvious) that a smart contract doesn't play like a legal contract, but aren't the vast majority of them intentionally doing things that are orthogonal to contract law?
Or irrelevant to it? You can buy Beeples all day but you still don't own a copyright, and this doesn't seem to be a problem for anyone.
On a blockchain, this is absolutely false. The nodes interpret smart contracts. The "legal system" needs to be applied by some kind of oracle or by force to a node operator.
Smart contracts are authoritative in their native environment.
> but generally when a person is trying to evade some legal authority, it's probably not for reasons good for society
Reminds me of the "nothing to hide" argument, that only someone trying to commit a crime would need or want protection from the legal system. History paints a different picture.
Oh wow. If only this were true. If only they were so diligent in punishing other kinds of things.
Here's something I read recently, from the aftermath of the Libor scandal: https://www.sec.gov/news/statement/stein-waivers-granted-dis... . Really highlights how crazy this whole thing is and how there are really two qualitatively different classes with two different sets of rules in our society.
All the different ways people evade authorities is a large topic. But, you're right, friends in high places help.
There's severe punishment for crimes committed by regular people, and no punishment for crimes committed by wealthy people, even if all things considered the latter manage to harm millions of people with their actions.
It doesn't need to be. It's basically a bug in the code. They didn't consider TITAN price being 0 to be possible, so they didn't write their code in a way to handle it correctly.
A random guess for why they had the price > 0 check. They might have had code like this:
// Returns (usdc_to_withdraw, titan_to_withdraw)
def GetWithdrawalAmounts(iron_to_withdraw):
usdc_price = 1 // guaranteed: USDC price in USD (aka USD/USDC)
titan_price = GetTitanPrice() // TITAN price in USD (aka USD/TITAN)
iron_price = GetIronPrice() // IRON price in USD (aka USD/IRON)
usdc_to_withdraw = iron_to_withdraw * iron_price * 0.75 / usdc_price
assert titan_price > 0
titan_to_withdraw = iron_to_withdraw * iron_price * 0.25 / titan_price
return (usdc_to_withdraw, titan_to_withdraw)
If you want to handle the ability to withdraw USDC even if the TITAN price is 0, you have to make the code more complicated. Likely not just this function, but the system as a whole, because it'll mess up all the accounting.
Where? As far as I saw there was one bank that thought it was obeying a discreet request from the government, and a bunch of banks where traders said usual trader nonsense (which is "malicious" in a sense, but it's very much part of the norms and culture of trading and the expected functioning of a market, just like a good lawyer should make their case as strongly as possible regardless of their personal beliefs about what happened).
> even if all things considered the latter manage to harm millions of people with their actions.
Who was harmed? If there was any effect of Libor fixing, it was likely that people paid slightly lower interest rates on their mortgages.
Most large defi projects are not anonymous. Many have VC backing, are on discord, etc.
The risk needs to be balanced with the risk of funds lost because of a smart contract bug that can't be fixed. Different projects make different choices here.
>I see zero good reasons why decentralized schemes can't be ponzi schemes.
Do you know who Charles Ponzi was or why Ponzi schemes are named after him?
Do you know what he did or what Bernie Madoff did? They operated the Ponzi scheme. That's why they were a critical part.
This money really was going into the smart contract, wasn't directly given to old investors, wasn't being siphoned directly into the operator's pocket, all unlike a Ponzi.
You don't know what a Ponzi is and you're trying to save face, I get it.
> $272 million worth of USDC is still locked up in in the contract. Why hasn’t everyone recovered their 74 cents?
Why didn't the masterminds behind this scheme walk away with that cash? Because it was a mistake. Not a genius scheme being run in the shadows.
> Why didn't the masterminds behind this scheme walk away with that cash? Because it was a mistake. Not a genius scheme being run in the shadows.
Please fet your basic facts right. Nobody in this thread is accusing IRON of being a ponzi scheme. IRON was a partially collaterized stablecoin. The quote about how non-collateralized stable coins require constant growth is from the founders of IRON explaining why they made IRON collaterized.
> So why isn't "the operator of the scheme" synonymous with "the central actor?"
Already explained in my last comment.
> You don't know what a Ponzi is and you're trying to save face, I get it
If you really thought you had an argument, you wouldn't feel the need to descend to this level.
I think some people got sold on this false premise that cryptocurrency would reinvent the entire world, build a new decentralized internet, etc. etc. And then they miss what's actually happening, because it's just "boring finance stuff". This is actually really important stuff that's being built.
At the heart of it though, finance allows efficient allocation of capital, which allows innovators to have the resources they need to perform R&D and bring new products/services to the market. If you consider money a proxy for energy, it makes sense that we need ways to store it, move it, and concentrate it, so it can fuel the engines of innovation.
But even then, all the new cryptos are usually totally useless for peer to peer, private transactions since they merely piggy back off the ETH/Binance/etc chain. They often don't even support p2p transactions at all, and are now openly designed just to be hodled or dumped through exchanges
Monero is pretty old by now, but it's still the goldstandard when it comes to security/privacy/opsec, and darknet markets are slowly starting to phase out even BTC (which is a total opsec disaster considering how traceable it is) in favor of Monero.
Agree though, smart contracts are where the future lies in many of these projects. Tough to pick up but where I'd be if I were a SW dev.
I'm hoping that when rollups and sharding get tx/sec into five figures, there will be more room for other sorts of applications.
Things are better on consumer law because it assumes from the start that people are stupid and have no idea what they are doing. But other kinds of contracts have quite large security risks.
In the case of a smart contract, it can even happen that both parties agree in how things should take place when there's a problem! But bad code doesn't work that way, and you can find yourself in a null state of indeterminacy without a built in layer to resolve that.
The entire evolution of legal jargon can be viewed as an attempt to provide a linguistic framework whereby ambiguity is minimized and edge cases are anticipated. But human interactions are chaotic and all outcomes or scenarios can never be predicted, hence the need for a layer of human judgement.
That layer is imperfect, sometimes wrong, sometimes biased, but still necessary. I don't see how smart contracts can work without that sort of layer, but with a human judgment layer then they're not really smart contracts in the way people want such contracts to function.
Trusting any smart contract of sufficient complexity is like trusting that a code base has absolutely zero bugs and zero unanticipated edge cases. I just don't see that as realistic.
If a programmer at a bank or exchanged should have coded ">=" then I want 1) for them to easily be able to act on their intentions instead of their mistake or 2) the ability to bring in a 3rd party to interpret and resolve the situation if #1 doesn't work out.
You can do this to some extent using formal verification. Most code doesn't get formally verified because it's kind of a pain to do, and you can usually fix bugs later, but smart contracts are the perfect candidate for it since they are (1) mission critical, (2) naturally limited in size and scope, and (3) cannot be fixed after the fact. You can write perfect code if you have the right tools and do it carefully.
Laws still apply to things handled with smart contracts. You can't say "well sure the escrow contact did the wrong thing but it's code so you can't come after me for your money back".
For this one you need programmers and computers.
On both cases, if you go in blind or wing it you might get burned.
I'm not convinced that programmers and computers can bootstrap to that level of experience very quickly. I think a decade ago I was more optimistic on that possibility, but a decade of repeating history has made me a bit more pessimistic on that ability and cynical about the motives of most people involved.
But yeah let's keep arguing over semantic definitions.
This whole thread looks like someone saying "No, a boat is not a car" and the other going "but it does have an engine, right? It's a car. Let's not argue semantics"
Usually the go-to lazy catchphrase is "we're just arguing semantics!" but "semantic definitions" is new.
These coins are ponzi-like in that only the earliest of adopters have any chance and only if they know enough to get currency out without hitting an inflection point that brings down the whole thing. But that’s where the similarity ends - the mechanism is different, they don’t operate like a Bernie Madoff and they’re honest about the whole process.
This is something else and while it’s Ponzi-like, it’s a different beast. I don’t think there’s anything particularly wrong with expanding the definition of Ponzi scheme for now, just so we have something to educate some irrationally exuberant retail investors…
If the former system were to be irretrievably corrupt, teetering on the edge of collapse, and the proposed replacement were capable of replacing it then it would be worthwhile.
The existing international financial system is corrupt, the judiciary in most of our world is complicit, but it is not on the edge of collapse (look how brilliantly it sailed through the 2008 crises. It used its political power to get the middle classes to bail out the super rich). The proposed replacement (cryptro currencies) has no support from cryptographers (I am not one) nor finance geeks (that I have been). It is even worse that that which it proposes to replace.
Additionally in most of the Western World we have the democratic institutions that can be put to use to fix the system. Economists are slowly coming around to recognising the catastrophic mess that the current system is, how it is sapping our vitality as a community, enriching the few (hi Unicorn founders - fly to Mars please) and impoverishing the middle classes.
We can fix this. But we have to give up on single fixes (like crypto). This requires modern system thinking....
I am a PhD student in cryptography, and judging by the papers I've read there is plenty of support from cryptographers, many of whom are directly involved in research and development. Silvio Micali is practically a founder of modern cryptography (and Turing Award winner), and he co-created the blockchain Algorand. There is also plenty of opposition, as the subject elicits strong opinions, but the assertion that cryptocurrency has no support from cryptographers is just false.
Aside from the vocal minority of BTC maxis that jerk off to the idea of making a crypto-revolution, no serious developer in crypto wants it to replace the existing systems and institutions. We "only" want to create an alternative for the times and places where the current institutions are insufficient or dysfunctional.
And as a member of the middle class, I personally think it's a feature that cryptocurrency can't be inflated to bail out the rich. If banks knew that they weren't going to get bailed out, they wouldn't have taken as many risks and we would have avoided the whole crisis in the first place.
Lots of chains have holding entities or foundations (nominally for governance, really to justify their premine or "reserves") and seem rather vulnerable, especially if they pay the core developers.
The CEO of that entity won't take your calls but they are absolutely exposed to the whims of the legal system in their founding jurisdiction.
Vitalik did not pass any legally binding decree to get people to comply, and the worst thing that happened to people who disagreed with the change? They got left to play with the other chain.
A lot of capital from the finance industry seems to be used to innovate for, perform R&D on, and bring new products/services to the finance industry. Some of that ends up in the hands of VCs and other investors - but then a lot of them also put most or all it into the finance industry in one form or another, and then put their returns on that into the finance industry as well.
Some subset does go into other industries, and that's certainly good; if the money was acquired ethically, at least. But then a lot of or all of the returns on that probably also go into the finance industry. Some of them will continue to invest in actual things for the rest of their career, in which case it's probably all a net benefit for the particular industry being invested in, and potentially also for the economy and for society, but it kind of feels like squeezing a ten-million ton lemon to produce a pint of lemonade.
Money is a proxy for energy, and energy is a proxy for power. (And by the transitive property, money is a proxy for power, though everyone knows that one.) All three can theoretically be used for good, useful things that benefit humanity. On average, maybe they do or maybe they don't; not sure. But at the extremes, where there's a dense concentration of money, energy, and/or power distributed across a few small clusters, it seems like it typically isn't used that way. And I'm definitely no Marxist in the slightest; I like capitalism in theory and often in practice. It's more the meta-capitalism I don't like.
Things like ERC/BEP-20 tokens are kind of a proxy for the capitalism of capitalism distilled to its purest, rawest, most comical form. Some people with good intentions like Vitalik Buterin do use that to benefit humanity, and work on meta-capitalism with the intrinsic terminal goal of benefitting humanity, but I think most people don't and won't. You need meta-capitalism, just like you (generally) need a government and a military and a police force, but with great power comes great opportunity to ride that bull to the moon and beyond.
Perhaps my opinion will change at some point, but, to me, it evokes intense unctuousness. I think I might even prefer this contemporary Wild West to some extent. It's pure and it's actually honest about its intentions. It's Oceania. There's no bullshit. They tell you what they want and what they're doing in full earnestness with a smile on their face and a hand in your pocket. In various communities, people openly and cheerfully talk about how they know it's all a racket and a game. They know there're absolutely no "fundamentals".
Some seem, or at least claim, to do it because they feel like Wall Street has had a monopoly on it for ages and now they finally get a chance at it without any gatekeepers or corporate masks. Some don't care either way and do it because they want to and they like the dopamine rush from both the "journey" and the "destination(s)". (It's probably a mix of both motivations for most.) Can't say I like it, but I certainly respect it a lot more than the people who dress it up in bespoke clothing.
I really don't hate cryptocurrencies at all. I've been following them for over a decade. My post history here is filled to the brim with lengthy defenses of them, constantly arguing with the stereotypical black-and-white HN skeptic. I've been seriously considering even trying to pivot my entire career into the industry. But I still think it's unlikely I'll ever not dislike finance.
In other words: things you might call "evading the law" in fact can be useful and then shape the law. If we were to adopt a principle like "anything that looks like it's trying to evade the law must be dismantled", we'd be worse off.
At the time Jefferson promoted the law, a lien-like privilege already existed in civil law countries like France, the Dutch Republic and Spain, with some laws even tracing their roots to the Roman Empire. And since control of Louisiana had passed between the French and Spaniards, and had largely adopted the French Napoleonic Code, there was a similar privilege concept in that territory."
The problem is that lots of smart contract enthusiasts embrace them for the same reason they embrace crypto currency: they see it as a way to avoid government institutions that they do not want to have to work with or trust. In fact they want the entire contract to be trustless: agree to the terms, implement them in code, and and since the rest is automated you don't have to trust that the other party won't follow through.
I don't see how that can actually work in an automated fashion. Whether it's traditional government or some other legal system or analog, you need a resolution layer above contract layer, but at that point you've lost a lot if what enthusiasts want in smart contracts.
Your phone's alarm is also not a critical transaction worth a person's life savings or the wealth of a country or a transaction involving life-critical supplies etc. The bar is a bit higher here, and even the most reliable systems ever designed have the ability to insert human judgement when the rare issue happens. Smart contracts are supposed to be appealing because they avoid the need for biased/imperfect judgement in favor of something "trustless", or at least that's the vision many see for them.
Contracts can also have hundreds or thousands of clauses, making "sufficient reliability" a much higher bar than an alarm clock. Especially because many of those clauses entail human concepts that would be extremely difficult to translate into code: What is the algorithm for determining "force majeur"? That's a pretty basic clause that appears in many contracts, but I don't know where you'd even begin to get a computer to understand & properly identify such events.
I don't see a pathway to sufficient reliability in smart contracts anywhere on the horizon, save for very simple cases. Even then, here we have IRON, which should have been relatively simple as these things go, but failed because the simple case of "Titan has no value" was not considered.
Yes, this is usually how it's done. Business logic is not a legal authority.
"Legal authority" isn't a well-defined object in the evaluation of smart contracts. It is certainly not an authority in the sense that the EVM (or, for other blockchains, corresponding VM) code is.
Is this really a surprise? Nodes don't evaluate common law, they evaluate smart contracts.
That's one of the reasons for enthusiasm for blockchain tech. Not everyone believes in the legitimacy of the state, let alone that the legal system is somehow the proper authority for evaluation of disambigous source code.
This is something that I haven't been able to figure out about blockchain enthusiasts. Assuming the blockchain is wildly successful, it poses an inherent threat to the ability of the modern state to collect taxes. Why do blockchain enthusiasts, who already don't think the state is legitimate, not take the logical next step. A potentially existential threat illegitimate parties that have large militaries will end well for the blockchain how? To put it more glibly, how many divisions has bitcoin?
In the case if IRON, the 0.75 in actual money exists somewhere, a bank presumably. Wherever that is, the jurisdiction might be friendly for IRON, or not, but there is in a very real sense no pure native environment for smart contracts. At a minimum, the parties involved will always exist in a physical legal sovereign jurisdiction that regards it's own authority as higher than the smart contract and has some ability-- perhaps limited, perhaps extensive-- to enforce that authority.
The concern might be more on the policy and regulatory side of the world.
Hyperbole on my part, oops. Sorry about that.
I am not a cryptographer, but I do pay attention to cryptographers. Well, some cryptographers.
So thanks to your helpful comment I looked up Silvio Micali. He has rather faint endorsement, but endorsement it is.
I do not think there is a solution in this space that works economically or financially.
What we need is a unit of exchange that: holds its value reliably, allows a lot of transactions, has low over head, allows anonymous transactions.
A central bank could build a system that does the first four, but they have no incentive to do the last.
Like, do you think there was a long-standing issue with people not paying their bills because the liens weren't enshrined in law, and a bunch of clever legislators got the brilliant idea to introduce it? No! It's been happening since before laws were written down, and the formal laws were crafted to fit this existing custom.
However, if you let all parties review the smart contract (the source is on the chain, you can check it) and agree with it's workings and sign a 'human' contract saying you do agree and then it goes wrong, I think it should be an out. We do not have proper ways to sue for misbehaving software (it happens all the time but MSFT is climbing higher and higher): this is easier to verify but we are adults here: if you agree to put money in smart contracts, you should have verified the code. And if you think the code is flawed, do not put money: otherwise do not complain afterwards. It is not that hard.
That's not how it works. Courts generally operate by ambiguous standard of what reasonable people and reasonable experts can actually do given the state of technology.
No reasonable software engineer can tell you that a piece of code is flawless. I don't think courts will agree on a system that has been shown through evidence to be highly flawed.
Obviously this doesn't allow you get around laws such as warranties but I don't see why it can't be used if everyone agrees to it.
If you sign a contract to abide by a smart contract that was designed in bad faith or misrepresented I fail to see how that's any different.
Even valid contracts are bound by the law. E.G. you can't sell yourself into slavery. Similarly, a smart contract can be a tool to execute the terms of a legal contract, but if it behaves in a way that would be illegal under a traditional contract I doubt any court in the US or Europe is going to recognize that as legal.
I admit enforcement is another issue entirely though.
Fraud, for example, isn't legal even if you have a cleverly crafted contract that uses wording tricks to technically be true.
I would expect a court to take a dim view of a smart contract that has an obfuscated, non-obvious mechanism for someone to siphon off all the money in an undisclosed fashion. "Code is law", but so's "you can't defraud people".
You are begging the question by presupposing that for every smart contract there could be a possible legal contract that can bind the people who sign it to the results of the smart contract.
If a smart contract is illegal, then any written contract that binds people to the results of that contract would be similarly illegal.
If your mechanic installs the tires in the passenger cabin, no one cares about the mechanics' lien. Depending on the judge they might not even care about the fine print on the back of the invoice, because installing tires in the passenger compartment is that dumb.
In the case of smart contracts, where both parties (if I understand it right?) agree that the code defines the contract itself, it seems like saying "... but I made a mistake" (or it has an error) would be very hard to prove. It would be like if you had written in a 3 year no-questions-asked return period into a car contract, rather than a 3 day one, and then tried to litigate when someone actually used that.
This is not really generalizable. Arbitration clauses for example waive one method of recourse in favor of another method of recourse, both already accepted by the courts. I expect you couldn't replace that with trial by combat and expect it to hold in court, but you might be able to argue that a different resolution process with historical precedent would hold - at least you could test it in court.
Or something like that. I doubt that's how it will go down here, but it will take a human judgement call or agreement-- not a coded contract-- to resolve this.
> but I made a mistake" (or it has an error) would be very hard to prove
I don't think it would be that hard to prove that the implementation of a smart contract doesn't match the clear intent. The bigger issue isn't the disputability of the contract, but the difficulty of identifing who you would take to court.
The parties might "agree", but who cares? If they are in the US, for example, and the two parties have a smart contract that breaks US contract law, one of the parties can file a lawsuit and attempt to get their money back. You can't go to the judge and say "sorry, the code is the legal authority here".
1. A normal contract (legal or illegal) that requires outside enforcement in the first place to force parties to comply.
2. A smart contract (legal or illegal) that executes itself without outside enforcement and can be overturned later (not literally overturned, but a subsequent transaction can be forced) by meatspace mechanisms
On (2), sure we can find ways to have the execution fail. In fact, anything where there is not fully escrowed payment/collateral/etc. can fail to execute properly if the other side does have not what it needs to deliver/or does not make it available on chain.
Smart contracts don't have a mechanism if this sort. If you have an issue with them as in this case with IRON, your best hope is that IRON will find a way to handle it that satisfies everyone (which may be hard) or that the normal legal system is able to resolve it.
Both of those kind of negate the purpose many people want smart contracts to have in being free of sovereign legal systems and, once implemented, automated without the need for human judgement that may be biased or bad etc, so no longer able to be trustless. At best they simply automate portions of a contract, which is still a very good thing, but not really what enthusiasts are hoping for.
Obviously you are not a programmer.
>Because the TITAN price falls to 0 which we have unthought of, the contract will revert the redemption transaction.
And you are DJB.
Fraudulent or not, though, you have a pretty heavy layer of protection as the money has already been transferred, and that money is not easy (close to impossible) to freeze.
Any reversal that happens will be necessarily by a threat outside the blockchain, as the governing body can't actually reverse the transaction. It's a second transaction.
For one, as a general concept the parties to the contract need to actually understand the terms and courts will somewhat regularly throw a contract out if they think there were implications that were not apparent to one of the parties. Smart contracts seem like absolute minefields for this kind of problem.
https://www.pewforum.org/2013/04/08/applying-gods-law-religi...
Important to note that the courts already recognize and/or have precedence for this, and also there are limits to what you can shift here. Finally if the resolution process is not acceptable to one party there are ways to bump it back to the courts.
None of this applies to "smart contracts", which aren't contracts in the legals sense anyway. There is no (yet?) agreement by the courts that this is a valid resolution method, and any issues of contractual law brought before a civil court will be resolved by legal principles, not source code. I suspect that the best you could hope for in the current setting is that the source code + associated communications speaks to intent.
There's no reason to believe that it is impossible that US courts and/or legislation would at some point give some legal status to a smart contract beyond above, but that's not the case today as far I know.
There are already (many) cases like this, but if I write some software and put it in github, someone else deploys it and people die; that is simply not my fault: it is the deploying person. In normal situations, this is easy to find the defendant here: but on the chain, you won't be able to: anyone can deploy anything and you won't know who it was. So unless you to end open source software, you have no case against anyone.
It's not reasonable to expect software users (even other developer users) to understand or audit code in order to be able to use software -- for anything.
They are open source by definition and no one knows, by definition, who deployed them. It is a very different case.
The fact that other people could audit the software does not absolve the original authors of the fact that they didn't.
Of course, people are very careful prior to entering those contracts, because they know how big of a headache it will be if enforcement is needed!
> In fact, anything where there is not fully escrowed payment/collateral/etc. can fail to execute properly if the other side does have not what it needs to deliver/or does not make it available on chain.
Well, sure, if you write a contract that makes it possible for one side not to pay up, then that might happen. Having software run escrow is basically the whole point..
If you want smart contracts to be only applicable to very narrow sets of problems so be it, but otherwise you need to be able to allow, for example, unsecured lending and highly uncertain payoffs at T0 (staying in the finance domain)
Ok..sure, but I think it's sort of pedantic to bring up a class of contract that, obviously, nobody in this thread is talking about. It's a bad example anyway; even if you are being pretty careful it's simply not a risky transaction and therefor out of scope for complicated enforcement mechanisms like smart contracts.
I don't think smart contracts are very well suited to unsecured lending, at least not with available software. There would be no incentive to pay it back without some mechanism to force collections. Collateralized loans, however, is a great use case that exists already.
This is early stage tech, the scope is pretty small. I don't think anybody is arguing the contrary.
I like to see cryptocurrency and crypto-assets as a pseudo force of nature. It's not really possible for governments to stop them and they pretty fundamentally change the game for most governments. I personally believe the result of this will be a shift to geoist taxes where taxes are paid on properties or paid by corporations.
The cat is out of the bag and unless governments want to start seriously pushing into authoritarian territory there's very little they can do to stop it. Could China kill cryptocurrencies within their borders? Probably. Now could the US or countries within the EU? Probably not. Particularly in the US I can't see this ever happening. It's too close to infringements upon the first amendment that I can't see any meaningful legislation or regulations sticking.
The emergence of the internet is an incredible happening for humanity, and the gamble that the relic of the state will somehow cork it is probably not a wise one.
Nobody wants war - even the war profiteers don't want it in their hearts. Nobody wants violence or insecurity. At the end of the day, we're all here together on this little blue ball and we have to share power with each other and with nature.
To the extent that the internet is a phenomenon of nature - which I think it's a very reasonable view - it's hardly a "weird trick".
If you put on github
Return x>0;
And I deploy this in a production environment that kills people with heart rate over 0, do you have any responsibility? No of course not. I do. You have none.
In short: if you put money into something as smart contracts, the only thing you have, and that is literally the intention of the pundits, is that you check the contracts and trust or not trust them. I do not know how this crosses over to other software that has different properties in this thread. That is not relevant. There is no one to sue or say they did a bad job here: you will not know. That is baked in.
As I mentioned earlier in this thread, there is no such thing as bug-free software (even for devices that kill people, as you point out), because bug-free software is categorically impossible within comp sci.
Knowing this comes with great responsibility, even more so when dealing with life... or finances. The developers of this software, as is the case with Solidity and smart contracts in general, have foregone this responsibility.
Another egregious failing of all crypto schemes which I'm compelled to point out is that they fail to use any of their enormous profits to actually fix bugs.
When I was mainframe developer at IBM, the company spent millions of dollars (taken from clients, of course) to find and fix bugs. They paid people good money, including yours truly, for that work.
Today's crypto companies have no such ethics. They (Mr. Buterin, I'm looking at you) have no compunctions after profiting windfalls from their software inventions to actually invest in debugging or fix distribution (or even real error reporting) for the customers. Likewise, they ignore all the UI aspects (and problems) that their inventions have birthed.
This is not responsible software development. It leads to problems like IRON and others in the crypto space. As I said, it is the exact opposite of how, historically, important enterprise software development is done.
It's only for selfish reasons (= money hoarding) that crypto projects don't hire the best auditors and coders in the world to fix their code. They can certainly afford them.
I vehemently disagree that just writing code makes your responsible for it's use. We are so bad at writing good code that all programmers would be living on the streets or in jail. And that is not malice, just how little we understand or underestimate complexity. Which becomes apparent if you indeed try to create some formal proof and give up after 30 pages.
I also believe your last statement does not recognize the vast issue there is with the smart contract world: I am more of the school of Erlang/OTP: just let it crash these days. If you cannot correct a state, we cannot write software for it. No matter the proofs and auditing. If we cannot correct an erroneous state, we are not capable of writing software in that system. And that is smart contracts. Not space craft where we often can upload a patch and steer the other way, not cars where we detect a deviation and correct it. Smart contracts are: if it's done it is irreversible and there are no programmers, provers or auditors who can predict or prevent that. Rollback must exist or this all will go to shit. Which is what will happen.
Edit: I actually do not believe cryptocurrencies have a chance unless there is rollback (something like refunds without merchant consent). I just cannot see what rollback means in this context: I read papers with scifi type of stories how this would work but it does not mesh with cryptocurrency obviously otherwise.
Likewise, humans make mistakes in transactions and if they can't be undone... problems.
EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs.
But that is saying everything is shit. I do not disagree but I do live in this world.
> EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs
I got that but what would it look like? In practice? As that seems impossible to me.
In practice, software companies take responsibility for bugs in three ways today, based on their business model.
Old line companies like IBM paid millions of dollars for people and tools to find and fix bugs and to distribute the fixes to customers. IBM did not wait for you to tell them you had a bug. Their system could tell you if you had a bug that someone else reported. And IBM would ship you a custom tape which fixed that bug and didn't break the rest of your software. Let's call that The Gold Standard. With money, it's certainly possible.
Option 2 is a company like Red Hat. Unironically, IBM bought Red Hat. The reason that, while open source gives you the option to look at the code, most companies don't really want to do that. In other words, Ford could make a lot more money focusing on making cars than they can by hiring people to find and fix bugs in (free) Linux software. Voila! Red Hat offers bug fixing and finding (and a plethora of other things enterprise customers don't want to setup) for a hefty subscription fee. Red Hat has many service offerings in the $10,000/month+ range. Once again, if you pay people, you can find and fix bugs.
Finally, option 3 is a company like Google. They don't really care if anyone else can get open source software to work. But... and this is a big but... they need it to work for themselves. Having built a very lucrative empire on open source (Android, for example), Google cannot afford to wait for "the community" to find and fix bugs. They must pay people and they must pay them well. And, this they do. So while the free open source isn't directly monetized by Google, it's worth their while to pay to keep it up to date and correct. Other companies like Netflix do the same thing.
So there are three ways you can do it today.
What irks me about projects like Ethereum is that, having all these real world models out there, its founder doesn't seem interested in finding or fixing bugs at all. He is relying on "the community" (we know that doesn't work, see #3) and not spending any of his own money on debugging or fixes. In all the real cases where you want fixes to happen (and you want CI/CD to get them to customers), "you", being the publisher or heavy user of such software, must pay.
That's what I mean about responsibility. It's where the buck stops.
But we agree and I will reiterate: without rollback, current human coders cannot write reliable software. So in it's current state, smart contracts are a utopia and no one should trust them, with or without code audit. But if you still want to play a lottery of humanity vs complexity, read the code, think hard and put or not put your money. If you put your money, do not whine after you lost it. You might as well shout at your toilet for the same endresult.