Attacking an Ethereum L2 with Unbridled Optimism(saurik.com) |
Attacking an Ethereum L2 with Unbridled Optimism(saurik.com) |
They swore they'd have the history restored on Etherscan by Nov 18th, but they still haven't. Only recently they pushed a workaround that lets you download the transactions as a CSV, but that lacks the critical data from your transfers of non-ETH tokens. And then, an alternative source does have that data, but only as a binary blob you have to run through a decoder and parse out yourself.
The crypto tax software, of course, doesn't know what to do with it.
(Even if your local client cached the transactions, most, like MetaMask, left out the critical data above.)
68 days till the filing deadline in the US!
I asked the maintainers how they planned to do their own taxes, and one of them claimed that he was separately recording all sales in a spreadsheet. I had to inform them that the taxable events include more than just sales, and, even under the most aggressive interpretation of tax law, you need the other data to figure cost basis.
Your situation is unfortunate but it sounds like no fault on Optimism or Etherscan here.
(BTW just to be clear: you’re talking about off-chain data that was never part of on-chain txes, and this binary blob comes from some Optimism operator? If it’s on-chain data its just a matter of doing the right queries)
See this random account for an example of exporting ERC20 transactions: https://optimistic.etherscan.io/address/0x9c1e0c67aa30c063f3...
I’m still trying to calculate proper basis and gains on transactions from 2018… tens of thousands of trades in various complex hedges across 7-8 different exchanges. I just aggregated everything in a single line item on my original return but of course I got audited T_T
I think the degradation of crypto discourse here was mostly a knee-jerk reaction to NFTs. "NFTs are stupid, so all crypto is stupid, because NFTs are crypto" - that was likely the thought process behind all the toxicity seen here.
After a year of playing around with crypto I think I'm appropriately both skeptical and excited, which is hopefully a good starting point for non-trolling conversations.
That's also a big plus for Bitcoin, because it's been around the longest and because it's so much simpler than more complex chains like eth, it's as secure as it gets.
Regarding the security aspects of L2s: they will of course not be anywhere near as robust as ethereum itself, but over time they’ll get better. However, they also don’t need to be as robust as ethereum given they effectively benchmark against the ethereum chain so while things could go wrong, the amount of damage will be very contained and as the ethereum mainchain scales the damage radius becomes ever more contained. Finally the bridges that are being implemented to move assets from ethereum to the L2s can implement emergency withdrawal mechanisms which allow users to get their assets out even if things go wrong.
Not perfect, but the tradeoff seems reasonable to me given the performance enhancement and the diversity of functionality that can be offered via many different environments.
Disclaimer: I’m quite possibly biased due to my company working on L2s.
I think that is slightly misleading, all the client diversity efforts is focused on Ethereum 2.0 now, as the old clients will be dead soon. [1]
This is the most updated stat I've found: https://twitter.com/sproulM_/status/1481109509544513539 (read the rest of the twitter thread too!)
Still not great though, but better at least.
Re: GP comment - From a "trust" perspective, there is a distinct difference to call out between the integrity of data on the platform, and the trustworthiness of the platform itself (i.e., the ability for centralized control of all data)
In an instance where an L2 is compromised, the potential impact is limited to the integrity of data that individual L2 was contributing to the overall platform.
Those transactions which demand absolute integrity will naturally tend to occur on L1, for this reason. Risk mitigation strategies will develop for those operating on L2 + bridged chains.
While the various L2s are all pretty bleeding edge, the current state/alternative [1] is that a majority of the TVL is being bridged to alternate L1s, where the bridges are also extreme weaknesses [2]. There was the recent $320M Wormhole hack [3], the last record white-hat payout ($2M bounty on $850M at risk with the Polygon Bridge) [4][5], and $2.2B sits on Avalanche's Bridge [6] which is an EOA that is secured by literally 4 SGX machines. [7]
[1] https://defillama.com/chains
[2] https://old.reddit.com/r/ethereum/comments/rwojtk/ama_we_are...
[3] https://wormholecrypto.medium.com/wormhole-incident-report-0...
[4] https://medium.com/immunefi/polygon-double-spend-bug-fix-pos...
[5] https://gerhard-wagner.medium.com/double-spending-bug-in-pol...
[6] https://app.uniwhales.io/avalanche/bridge-tracker
[7] https://medium.com/avalancheavax/avalanche-bridge-secure-cro...
Before someone points out that it would require tons of on-chain transactions to onboard everyone onto it, you can batch thousands of channel open/closes into a single transaction with new protocol upgrades.
Can you provide source for this claim? I thought that infura was the dominant infrastructure provider for eth and if it gets taken down, a majority of the apps goes down too.
You can choose one of ~20 different free RPC endpoints: https://ethereumnodes.com/
This doesn't include private or paid RPCs or just running your own.
Ethereum will essentially be a settlement layer for rollups, and everyone will be doing their DeFi, NFTs, etc on the rollups which are almost treated like their own chains.
We're super greatful to saurik for writing up such a great analysis of what he found. If you want to hear some of our key takeaways as the maintainers of the network, you can check out our disclosure post here [1].
If you're wondering WTF Optimism is... we are building an optimistic rollup on top of ethereum. The basic idea is to de-couple blockchain computation from data availability and allow a new operator to exist called a sequencer which can accept transaction requests and submit the calldata to Ethereum Mainnet, but do the computation on Optimism Mainnet. There is an idea of a fault proof which means you can verify that the computation done on Optimism Mainnet followed the exact rules of the EVM, and you can prove this on Ethereum Mainnet. Our fault proof codebase, cannon, was built by another jailbreak legend (geohot) precisely with the goal of running Ethereum's battle-tested code and minimize the chances of bugs like this. It's some really cool stuff. If you're into compilers, VMs, and blockchains alike, check it out! [2]
The protocol is still in active development, it is not done yet, and that's exactly why we set up this bug bounty program. We think bug bounties matter, a lot, and we're proud to now become the record holders of the largest bug bounty payout in history, however we hope to very quickly be beaten by someone else. Developers like saurik, who we've gotten to know recently, are super important for this ecosystem to thrive. Building this stuff is hard, and we want the best hackers in the world to get rich breaking these protocols because if we succeed in this industry, this technology will be the backbone of the world's financial infrastructure — it needs to be secure. Everything we write is also MIT licensed and developed completely in the open.
Very happy to answer any questions, I'll check this thread for the rest of the day — AMA :)
Also, we are hiring! [3]
[1] https://optimismpbc.medium.com/disclosure-fixing-a-critical-... [2] https://github.com/ethereum-optimism/cannon/ [3] https://boards.greenhouse.io/optimism
As far as I could gather from a quick googling, this is the largest single bug bounty payout in history.
[1] https://portswigger.net/daily-swig/polygon-pays-out-record-2...
He states that Optimism doesn’t have a native gas token and native currency, and eth balances are implemented using ERC20 tokens with OVM instead of the native balance mechanism
However the exploit is using selfdestruct to transfer and create the remaining balance to the target address, effectively creating new tokens out of thin air.
> This means that, when a contract self-destructs, its balance is BOTH given to the beneficiary AND ALSO KEPT. If the contract had 10 ETH, 10 ETH are CREATED from thin bits and handed to the beneficiary.
But I thought from this explanation that contracts don’t have a balance because ETH is stored in an ERC20 contract, and is set to 0. How can the contract have balance (10 ETH) to transfer on selfdestruct when optimism doesn’t have a native balance?
I still have trouble understanding how this exploit worked
When using the L1s, it is easy to fork the current state of the network with Brownie and bang at smart contracts for free using fake gas on localhost. Reserving any advantage or unexpected behavior you find for the bug report, or redeploying it on mainnet for the bug bounty paying the gas just that one time
But with L2s in the mix, especially Optimism, how would one do the same? Would it be like two instances of Brownie in virtual environments? Kind of like having a cluster of microservices booted up in Vanguard on localhost?
Speaking of "bug bounties", I use the term liberally as a euphemism for hacking these contracts and taking everything for yourself under the observation that company/community bug bounty systems are broken and undervalued for the value they provide. Although seen as a euphamism now, I think the term is accurate especially when looking at how bounty was used in the American frontier or Wild West.
You made $2,000,042 from this without any drama, in a quick timeline even though it was technically outside of the scope of the program! I think many in the hackernews audience would have liked to have known that from the get go. Many people ignoring blockchain would pivot immediately to at least doing smart contract bug bounty research on the side just from knowing that alone, learning the extremely lucrative and marketable skills in the process. If you formatted the article to the bug-bounty timeline to payout format. You should even show some people a material thing that what you bought with it, because many people still don't understand that this is analogous and convertible to money in your bank account especially at these convenient amounts.
How much could you have seized with this bug at the time?
I've been wondering what the hardware requirements for running Optimism's infrastructure are relative to just running a Mainnet node. If Optimism can process more transactions than the main chain, does that mean state growth is also much higher? How is Optimism thinking about this problem as it moves to decentralize the sequencer in the future?
There are two solutions in the future: statelessness, and block-producer/verifier asymmetry. Statelessness (and related concepts like state expiry) has been under active research in Ethereum for years, and we've recently started our own contributions with a new stateless Ethereum client [1]
The other part of the solution is to leverage asymmetries between the hardware requirements of block producers and verifiers. TLDR: this lets you have high HW requirements for sequencers, but still secure the network with laptops. Vitalik recently wrote about this; you can read that here [2]
[1] https://twitter.com/ben_chain/status/1488275978983915523?s=2... [2] https://vitalik.ca/general/2021/12/06/endgame.html
Even finding out about them after the fact was difficult because the cause of missing transactions wasn't made public on the user-facing site. For months the maintainers fielded questions from people on the discord that could have been satisfied by an announcement on the website. And even the announcements on discord came slowly.
Etherscan CSV exports are the best solution we had that didn't require significant modifications to Etherscan's backend. You should be able to use the CSV feature to export all of your relevant pre-11/11 transaction data (transactions and ERC20/ERC721 transfers).
While we did our best to communicate this months in advance on our twitter, blog, discord, and documentation, it's hard to reach everyone and we totally agree that this is not ideal. At the time, we had to prioritize progress, but we've since made a firm commitment to not to update the chain in this way going forward. So, this shouldn't be something people will need to worry about in the future.
They recently updated it so you can download a CSV with history from before then (but otherwise no interoperability with the interfaces ETH clients expect).
You're probably looking at a client's local cache of transactions (which I have as well), which doesn't help, since they have limited info within a transaction, and depend on you going to (you guessed it) the etherscan endpoints to see the rest.
So... I guess what it boils down to is 'How does Optimism manage it's state trie'? I'd really enjoy a more in-depth explanation for this.
First of all, no matter how well you prepare, there is always going to be one level higher of system failure that you "should have planned for". In the npm-Linux-box-borking debacle, there were people insisting you should never have run npm except on fully disposable hardware with an instantly replaceable dev environment (which is the only thing that would have let you shrug it off).[B]
Got mugged walking home? Should have taken a safer route. Took a safe route? Should have walked with a friend. Still got mugged? Should have walked with two friends. For all n, should have walked with n+1 friends.
Second, it's painting with a tad broad of a brush to call me complacent on crypto. I've filed crypto taxes since 2017 and kept cost basis records from years before. I'm aware systems fail and (outside of this) have set appropriate backups and cached critical transactions to spreadhseets. Even here, even with nothing done by the Optimism team to correct their mistake, I'm not actually doomed, as I can file taxes based on an input-output analysis of my Optimism transactions as a good enough first pass, and correct later. The issue is unnecessary convenience.
In fact, as things stand today, I'm in exactly the "safe" position you thought I was -- "oh, it's there, you just have to query right". Indeed I do! Now that I've pulled the tx data from the alternate sources, I "just" have to yak-shave out a meaningful read of all the transactions. (Update: per sibling, you can download the transactions from a different tab but you still have to do some transformation.) But none of that takes away from the point that this is huge, avoidable inconvenience and flaky community relations.
Remember, even if I had cached them, I'd still be stuck having to manually import them into my crypto tax software, which is a failure from usability.
Third, there are reasons to expect optimistic.etherscan.io as a reliable source to point to.
1) When you set up e.g. Metamask, the Optimism site gives you exactly one URL to point to, with no alternatives or warning that one day it might be missing history. [A] The very fact that Metamask equates "nothing from that url" with "no transactions" means they were treating it as mission-critical.
2) The entire ETH community outside of Optimism relies upon etherscan.io for most of their own tooling ethereum projects. All sources for ETH projects say to connect there, as if it's inconceivable that there could be an outage or need for some fallback.
3) It would have been trivial to keep the transaction history up. There was already a server somewhere (etherscan-owned or otherwise) serving transaction history. All they had to do was configure it to be able to check transactions for being from before that switchover, and ping that (static) DB for a subset of them.
(Remember, this isn't, at least so far, an issue of cost: they do plan to get optimistic.etherscan.io back up as a reliable endpoint for the pre-upgrade txns, they just didn't think to upgrade a way that would facilitate such queries of already-existing immutable data.)
And, for the final kicker.
4) Optimism maintainers themselves didn't even think to locally cache all the transactions they'd need! (As in the one mentioned who only logged a proper subset of taxable events.) If the very people who live and breathe this stuff overlooked it, I think I can be forgiven for overlooking it, as they expect even casual users to join.
[A] https://metamask.zendesk.com/hc/en-us/articles/4403700785691...
But instead, capitalist society simply VC-funds a bunch of centralized entities that wind up with the solution, and don't give it to anyone else. Because after the IPO, Wall Street quarterly earnings demand that it extract rents forever, and you can only do that with closed source software.
Perhaps Web3 and Web4 will finally fix this situation. Open source protocols that can be monetized with cryptocurrency. Filecoin is a good example. It "just works". It may be slightly more expensive than AWS, but can become as resilient as you want.
I like polygon and unfortunately feel like hacks/stolen funds are part of the maturing process for blockchain projects but im not yet ready to say they are building a reputation for solid secure code.
In this case, the code securely gave the money to people in a way the owners didn't expect
So the claim of 'extremely decentralized network' is somewhat of a myth and a falsehood.
[0] https://ethernodes.org/networkType/Hosting
[1] https://aws.amazon.com/about-aws/whats-new/2021/03/announcin...
As a general rule - its very difficult to get anything close to an authoritative census of a decentralized peer to peer protocol.
[0] https://nttr.stream/peter_szilagyi/status/146057566700382617...
However, many of these are not mining nodes that secure the network (and therefore security of the blockchain), but instead are nodes run by dApp/web3 developers to handle things like indexing NFTs and the current state inside a smart contract.[1] It is easy to spin up a geth node for a task like this—and by default mining is not enabled. I haven't seen any stats on the total number of mining nodes and their network types.
I agree that too much of the traffic is going through AWS, and I suspect all of these stats will need to be re-examined after the PoS Merge.
[1] https://www.reddit.com/r/ethereum/comments/ksdu11/how_can_et...
I’ve always understood this on a basic level, but reading an entire exploit debrief with intricate technical details really hammered this point home for me.
hmm...
FWIW this project doesn't have its own token (this L2 uses ETH as its currency just like the base layer), so the bug bounty payout is denominated in actual USD.
That doesn't look like your best. Here's the blog you refer to[1]:
https://optimismpbc.medium.com/
Imagine I came to it around the time of the switchover. Which of those headlines looks like it's alerting me that my transaction history will be gone?
Here's the Optimistic ethereum site:
Where is/was the blaring warning about missing transaction data?
Here's the Twitter page[1]:
https://twitter.com/optimismPBC
The only pinned tweet is a cute meme about the whitelist change, nothing to head off frustrated users wondering where transaction history went. (I don't know how to link a historical post in context but I can assure it was not evident on the Twitter feed why I was missing transaction history, and there are no such warnings before.)
The only reason I even got on the Optimism Discord is because none of these places had any information! And then, even when I went to the Discord, and go to #announcements, and look at what was being announced in the runup and release, the loss of transactions still isn't mentioned! [2]
Maintainers talk about the upgrade, to be sure, but not this implication of it.
So no, I don't know how can justify the claim that you made a serious effort to alert users.
[1] Linked from the community tab of https://www.optimism.io/
[2] https://discord.com/channels/667044843901681675/754090866435...
For example, you're right that a notification on our homepage, in addition to our docs, would have been a good reminder to users. We'll work on getting a blog post and better documentation up that explains exactly how to access data from before 11/11. We really appreciate the candid feedback here.
We're a very fast growing startup tackling a herculean task, so we're bound to make mistakes and this is one of them — I hope you can understand. We want to be much better communicators going forward.
I don't remember it being in the docs either, as that would have also saved me from signing up on the Discord.
And this isn't an issue of prioritization. Remember, your overworked volunteers and maintainers on the Discord are still spending hours every day fielding questions in #user-support that could have been answered by a link in prominent places. You're wasting more person-hours than you would have with effective communication and trivial updates in prominent places.
You didn't even benefit your own goals by leaving those out!
So no, I guess I don't understand what the huge barrier is to putting out these important notices.
Personally, I think people are just tired, as a proponent I'm tired of arguing the same stuff over and over again, I can imagine the other side of that too. At this point, time will decide who's right and wrong, I think that what anyone of us thinks doesn't really matter in the grand scheme of things.
NFTs are really pushing this situation to the extreme. Between the NFT enthusiast who seem to think the technology is literal magic who can do anything you want it to and "haters" who will say stuff like "NFTs are just URLs of JPEG" which is absurd oversimplification and completely misses the point.
That being said I would argue that the fact that the discussion is not advancing and that we're left with "monkey jpegs" is to be blamed entirely on the cryptopeople who clearly fail entirely to deliver anything new. The killer "crypto app" has been a couple of years away since 2015 at least. The tech keeps getting more complicated as an attempt to address the fundamentals shortcomings of the blockchain, but it still fails entirely at being anything more than a vehicle for wild speculation.
The fundamental reality is that basically nobody would be using any of this if they didn't think it was going to make them rich. That was true five years ago, it's true now and I think it's going to remain true for the foreseeable future.
I have found, in a year of intensive use and research around the Ethereum ecosystem, here are a few things I like that wouldn't really work without an underlying immutable distributed ledger:
1) Creating limited editions of generative art.
2) "Forever" art like on-chain pixel and ASCII art.
3) Frankenstein-like adaptations of traditional fintech constructs into a decentralized implementation, such as AMMs.
Also, the more I learn about the zk-rollup space (STARKs and SNARKs) the more curious I get about the possibilities there. You can, for example, have digital treasure hunts where whoever finds the treasure can generate a proof without revealing the location. So far this is just cool without having an obvious killer app, but more than anything else in the crypto space I think there will be killer apps emerging from this technology.
By volume, I agree with critics that it's mostly bubble-chasing, gambling, and scams. It might be healthier for everyone if the tech & art experimentation were walled off from investments. At the very least, we probably shouldn't have crypto exchanges advertising -- really nothing interesting comes from luring Main Street to buy and store Doge on a centralized exchange.
I would first clear the air by saying this: yes, making money is an important use case of the current crypto industry, if not THE use case. I find it puzzling how people frown upon that. Making money (or at least getting paid) is the number one activity the average person spends a lifetime doing. Many in bullshit jobs that add no value.
You can have all kinds of opinions on how this money is made (speculative), but the crypto community doesn't care. It's their money, not yours. I would personally not touch 95% of crypto with my money, but take no issue with people that go all-in. Live and let live.
As for NFTs, it's funny how you say some discussion participants simplify it too much (just right-click) and then come to sweeping simplistic conclusions yourself: bored apes and crypto people failing to deliver anything new.
This suggests you're keeping track. If so, can you tell me about recent trading volume? The top 10 projects? Which celebrities, artists, musicians and sport teams released popular ones? On which platform? Which are hot upcoming releases? Out of the many issues with NFTs (no infinite storage, copyright acknowledgement, mint duping, etc), which teams are working to address these issues, and what are the solutions? Do you know which non-JPEG NFTs got traction, like unique physical access and lifelong memberships? Which gaming companies are experimenting with NFTs, and I'm talking AAA titles?
I could make that list a whole lot longer. I suspect you don't know the answers, but that's not a personal attack. The point is that the space is vast and extremely fast. This idea that nothing has happened in crypto in 10 years is because you're not looking.
The discussion is not advancing because people don't spent a second learning about crypto or keeping track.
I agree that it's pretty pointless to argue though. Even when blatant misinformation gets cleared up, or clear examples of how the tech is actually being used are outlined, most of the conversations then end up at "well, I don't see the value of it so it still must be useless." ¯\_(ツ)_/¯
The biggest sources of skeptism were around logistics and value as a currency:
Is there a cryptocoin that has successfully solved logistics without disastrously failing as a currency?
Even if you ignore the environmental aspect... has any coin that has achieved scale not experienced deflation that would make the Great Depression look like a hiccup?
To me the skepticism has always been "you can't have a functional decentralized currency". Some people take that at face value and proudly proclaim "people will accept your BTC/ETH/etc."
But most people mean it in the sense we think of currencies belonging to non-failed states: aka being a somewhat stable store of value. More widely used for payment of productive economic output than fraud and speculation...
-
I see crypto as I see Tesla, maybe there way a point but it's long buried under the mania.
Disclaimer: Due to that mania I keep some as hedge, but again, imagine saying I keep dollars under my pillow as a hedge that next year they might have 10x'd in value...
Bitcoin is bigger than ever before. It's far more valuable, it has far more users, processes hundreds of thousands of transactions moving billions of dollars worth of value every day on-chain alone, has very healthy L2 layer growth (1ml.com), has hundreds of exchanges worldwide, it ticks every 10 minutes and will keep ticking for the foreseeable future. We have a small country that adopted it as a legal tender with more countries coming on the Bitcoin standard potentially this year.
People only see the fiat currencies and forget that we've run on gold standard for thousands of years and fiat currencies are barely 50 years old and riddled with financial crises left and right. Bitcoin is digital gold, strictly better than gold. But anyways, we'll see what happens in the future.
Simply put - it can't scale to that kind of throughput for a combination of cultural and technical reasons.
So just go where the action is. Don't scam people yourself while you are at it.
It seems quite clear to me (as a third party to this) that the lack of communication w.r.t. this behavior was intentional. Trying to fix a mistake without having to admit having made it in the first place...
Civil discussion is going to collapse even further if bad actors don't stop with the dark patterns.
This is just nonsense because, for instance, each LN hub can configure how much processing it wants to take on by focusing on most profitable subgraph.
In the end, LN will be processing more and more payments and you will keep ignoring that fact and claiming that it can’t scale. This has been happening for years already.
I assume you are using “exponentially” in its informal meaning of “somewhat quickly” ? At least I am not aware of any routing issues that scale exponentially with the size of the graph.
To the contrary, if you can pick the graph structure then routing is not very difficult at all.
Opinion part: Monero is technically superior to Bitcoin in basically every way.
I see how this is true from a privacy perspective, but how does monero solve the issue of the blockchain eventually becoming too large for an ordinary person to run a node on their pc? the bitcoin blockchain is already several hundred gigabytes
Now that people are starting to realize what bitcoin actually is, and all the lies and misinformation are falling away, the world is gearing up to pounce on it and fully integrate it into society. People are rapidly realizing that it really is the internet of money.
Monero will still have it's place, but only as the dark money network.
I've actually become increasingly worried that Monero is at pretty significant risk of a nation state 51% mining attack, since it mines with generic CPUs. A government could rent out an AWS fleet to attack the network and if not kill it, at least add a lot of friction via this kind of DDOSing that temporarily blocks people and breaks interest, like they do with Tor services today.
I think distinction is only meaningful as long as L2s remain a niche curiosity while the majority of transaction volume resides on L1. If the L2 plan succeeds and almost all volume passes through an L2 and one of the major L2s has a bug like in this post, then a large fraction of all ETH could end in the hands of hackers.
The ledger would accurately reflect the moment that a bad actor lifted e.g. 5-10% of the ETH supply off an Arbitrum or StarkNet bridge. Technically the L1 is uncompromised but a lot of money would be "redistributed".
Where's your ETH?
Evenly sprinkled between StarkNet, zkSync, Arbitrum, and the thirty competitors that will pop up in the next few years.
The L1 may eventually be a primary settlement layer for protocols like zkSync and StarkNet (and any other protocols and rollups built on Ethereum L1). At some point it may not be common for users to interact with L1—ie. users of Argent and Sequence wallets may only be holding assets on L2.
zkSTARK/SNARKs has pretty dramatically changed the L2 landscape and new direction seems to be moving away from optimistic rollups like in the OP. This is just my understanding, somebody please correct me if I’m wrong.
* the optimistic side: https://medium.com/offchainlabs/optimistic-rollups-the-prese...
* the zk side: https://blog.polygon.technology/zk-and-the-future-of-ethereu...
On one hand you have a complicated protocol that doesn't really use cryptography and that has the user (you) monitor the blockchain for a week to make sure their transfer was processed correctly (otherwise my understanding is that you have to create a fraud proof, send it to the chain, otherwise you will lose your funds).
On the other hand you have a cryptographic proof of a few kilobyte that proves that some program correctly validated and applied the state transition of thousands of transactions.
Makes sense for games and art (but then I wonder what they are doing using a blockchain in the first place).
I view Ethereum as a value network, connecting disparate sets of transactional use cases around a set of core services (like Address, asset records, and transaction functions)
To believe that blockchain makes sense for assets which do not require absolute integrity, you'd need to first accept that there are valuable use cases which having an asset management & transaction layer (L1) serves.
If we establish that there are valuable use cases that attract asset management to L1, at a certain point network effects begin to take hold, and the system becomes "top of wallet".
There are parallels in how you manage traditional finances today - Even if you have multiple bank accounts and digital wallets for USD (e.g., a Chase account, Cash App, Venmo, etc.) you're likely to mentally consider one of those your "primary" account. The important one. The main difference in the value network of Ethereum is that the primary account can aggregate the assets that are managed/transacted through L2 solutions. The L2 solutions leverage the core "identity/asset mgmt layer" of L1, but serve use cases that don't justify the cost of development/operation/transaction on the main layer.
To connect this analogy to the original question, let's imagine that your Bank Account offered direct integration with each of the other accounts you manage - Capturing every asset you held, including the 124 gold you still have on your World of Warcraft account from a decade ago. If the 124 gold were to somehow disappear due to a bug/hack/other integrity issue, your bank account would reflect that. But the important stuff would be there.
TL;DR - If commerce generally moves to blockchain systems at significant scale, there will be an acceptable level of failure on L2 systems to support the convenience of aggregating up asset mgmt alongside the important stuff.
The usecase given agregating those assets by the wallet has two problems: 1. You can have many wallets 2. Not everything associated with the wallet has to have it's transactions tracked on a block chain
All you need is one more column in the wow database, and you can pull up your wow assets with your wallet without them being on the L1 or L2 chain
For a good recent/up-to-date summary of the differences, why it matters: https://ethereum.org/ms/developers/docs/nodes-and-clients/cl...
And here's a good reference site as well promoting better client diversity before the merge: https://clientdiversity.org/
The actual communities for most projects and general crypto are obnoxious, and probably what has helped push or keep this community to negativity, i could see it flipping to neutral though, judging by the emails I get there are plenty builders and educated proponents here
Look at how the crypto-sphere reacted at FEDs returning "stolen" coins to Bitfinex like all praise and "justice served". Only HNers actually raised "hey guys why do you even crypto if FEDs will decide who owns what".
It all ends up being Government-coin and they like it.
Where would one even start?
US Govt hasn't returned the bitcoin to Bitfinex. Bitfinex has stated they would apply for getting it returned. This is the process these things take. All that has occurred is a DOJ/FBI seizure, indictment and arrest. I don't know what reaction you referring to and your sentences are ideological hyperbole that have nothing to do with the technology. This is a technology and industry forum. The technology allows any possessor of the private key to assume control over the entries in that private key.
I agree its incoherent, but I struggle to understand of how it makes sense to them.
{ Id: some unique namespaced string (aka, the part that is a non fungible token) Owner: reference to who currently owns it Payload: data that defines the content of the NFT }
You can put this in a database if you want, or use a block chain as your data storage. I expect many of those teams you mentioned are solving their NFT issues by moving their NFTs from block chains onto postgres tables, or putting them in databases from the start. The listed problems have somewhat straightforward solutions by doing so, and many companies have offered NFT marketplaces based on databases for years and years like the Steam marketplace for gaming. They work fine at scale, too. I expect that most popular digital ownership systems do not use a block chain as their back end, though I do not know what the top 10 are {apple, amazon, google, the us government?}. The most advanced team solving the listed problems is without doubt YouTube though.
What block chain NFTs have over database NFTs is hype. There's a lot of wealthy people with money tied up in crypto investments that want to be able to.
The other feature is that the audit history of changes to the Owner field is guaranteed to be public instead of optionally public, and that guarantee is what of questionable value when "crypto people don't deliver anything new" is mentioned.
----
If somebody's managed to make solve identity using a block chain that's quite interesting re: "unique physical access".
I'd expect the block chain to be uniquely incapable of guaranteeing unique access to anything, since access is based on knowing a password, and it's easy to make copies of a password. At best id expect a blockchain to guarantee limited access to people who know one at least one of a set of possible passwords, and a bouncer controls unique access by doing a separate identity checks.
Is this some facial scan? Dna +epigenetics check? Is it trivial to link all your accounts together? What kinds of attacks has it been tested against? Can your twin get in if he knows the right password and borrows your id? Can your spouse get in if you're in the hospital? Next of kin when you die?
The token is the mag-key-card that opens the doors to your local gymnasium.
Or a database entry that gets checked when you show your personal ID to get into the flight club lounge you bought lifetime access to via Amex club
Or any kind of website or info-product you bought a membership for, where the token is your email address + password
etc.
But your point does highlight the UX implications of too much fragmentation, and it’s a worthwhile consideration
The trade-off is basically scalability (and thus fees). If the L1 network is so highly congested that each transaction costs $100 or more in the future, a scalable zk rollup that achieves about the same level of security at the cost of < $0.001 may be worth these tradeoffs.
[1] - https://zksync.io/userdocs/security.html#security-overview
If you’re questioning why people would prefer on-chain vs off-chain games, I wager there’s something appealing about the “decentralized” nature of the system that attracts people to on-chain games - and I put decentralized in quotes because it’s not always certain that’s a promise always delivered on, but it’s where the appeal is derived from.
Regarding your other notes - 1. Same theory applies though. One wallet is often seen as a primary wallet (hot) that manages public facing assets - e.g., registered ENS domain, an NFT, etc. 2. It’s certainly not required that all associations live on chain, but if you want core services and verification of ownership, it’s mostly on/chain or bust.
I would need to go back and refresh my understand as it's been quite a while since I read the LN whitepaper, much less kept abreast of developments in that space.
With batched channel open/closes, it'll be super cheap to open and close channels. The only cost you'd pay is the opportunity cost if your counterparty isn't sending transactions, so you're not collecting routing fees. If that's the case, you can just close the channel if you need to fund another channel and don't have spare Bitcoin for it, but that's about it.
What's the source of your opinion?
Even if everyone had channels with the same, single central node it would have more guarantees than Visa does. The single central node could not just decide to keep everyone's money, as participants have the option to create an L1 transaction to withdraw funds if node they have a channel with misbehaves.
Theoretically they have that option, but in practice do they?
Theoretically I can sue visa to get the right outcome too, which is a good guarantee
The limited edition art is really just tracking receipts - you can do that over email if you want and it really doesn't have to be public. Non digital art does fine with private receipt tracking. You can also have a dedicated database that charges art owners a maintenance fee, and tracks who the current owner of each art piece. Basically free tier AWS.
For 2) forever art already existed without any ledger. People store copies of pictures they like because they feel like it. Not being on a ledger doesn't mean Nyan cat will disappear. The ledger might attempt to guarantee that unpopular works stay available, but I don't think you can guarantee that any particular ledger will continue to be active "forever".
They could do a hard fork that prunes out the unpopular art to save on space, and migrate everyone to that one, leaving the old one unhosted. Long term, you're not going to force people to keep spending resources to maintain stuff that nobody cares about
I think this is a misunderstanding of what happens when a collection is created through a platform like Art Blocks. The generative code is frozen on chain, every minted image has a verifiably random initial seed, and each image is generated from the composition of these two elements. The number of random seeds which can occupy an "official" slot is preconfigured and cannot be later increased.
I promise you that this has significant impact on the feeling of working on generative art and what you think of as the final outcome of an art project. It cannot be replicated through some kind of ad-hoc receipt system that lacks algorithmic guarantees and is subject to modification or increase at any later point.
I personally think that it's not really an interesting feature. Creating scarcity out of something that ought not to be scarce is just a way to infiltrate capitalism in every aspect of our lives. Hacker culture historically went completely against that (phreaking, breaking DRM etc...) but I concede that it's more of a philosophical/political argument than a technical one. I still find it utterly depressing.
I would also argue that there's usually a significant difference between ownership of a token on the blockchain and what the local IP laws says. IP law is messy and sometimes subjective, putting things on a blockchain can make things messier rather than simpler.
>2) "Forever" art like on-chain pixel and ASCII art.
So that one is interesting, but I would argue that it's only true if you consider that the blockchain is "forever". In order for that to be true it means that you have to believe that your blockchain of choice will be considered significant enough by a number of people across... well eternity really. This could be true for the "big" ones like Bitcoin and Ethereum, although I'd say the scene is way too young to be sure of that. It's as good a bet as any I suppose.
But here's the thing. We already have "forever" digital "art": the source code of the Linux kernel. There are countless copies of it across the globe, and it'll remain archived for the foreseeable future.
My point here is that if something is significant enough it won't be difficult to convince a bunch of people across time and space to archive it. People do that for old videogames, music albums, usenet posts etc... And unlike the blockchain you can actually curate it, you don't have to archive the neighbor's sandwich picture collection. I'd argue that this curation power is a feature, and the fact that the blockchain just stores everything forever is a bug. It actually means that the bigger the blockchain grows, the less likely it is that people will want to store personal backups of it.
So I don't think the blockchain does anything novel here, and I don't think it does it better. Forcing arbitrary people to store arbitrary data forever regardless of value or interest is just wasteful.
>3) Frankenstein-like adaptations of traditional fintech constructs into a decentralized implementation, such as AMMs.
I think the oracle problem is really going to make "DeFi" a tough sell. There is, in fact, a lot of trust in our financial system, and being able to use a central authority (the justice system) to settle issues makes things a whole lot simpler and efficient.
In general I firmly believe that trust is usually a good thing that makes systems more efficient and this obstination of cryptopeople to get rid of it is more based on political ideology than pragmatism. Trust, but verify. But trust.
- NFTs create a scarcity of ownership, but they don't create a scarcity of enjoyment or experience. In fact, the entire NFT generative art community is based around the idea of viewing and enjoying pieces that you don't personally own.
- I don't think scarcity of ownership is necessarily a bad thing. Having put some skin in the game for that specific piece, the owner sort of becomes that piece's biggest advocate. And this allows many collectors to form a much stronger relationship to the piece than they would have if they saved a copy of an image they found on instagram.
- A generative algorithm can theoretically produce an infinite number of outputs, and I think there are valid artistic reasons to want to limit the set to a specific size. For example, maybe the algorithm no longer produces unique results after 500 or so iterations, and the artist wants to cap the collection at that size to allow people to become familiar with that amount of outputs. Managing this with NFTs allows the artist to create a canonical collection limited to the desired size along with the proof that they all derive from the same algorithm.
- Blockchains are still fairly new as an artistic medium, and I think many artists will find ways to create interesting projects without leaning as much on scarcity. Some projects do open editions, which we may see more of in the future. Scarcity is simply a tool at the artist's disposal.
(Disclaimer: I'm an artist who makes a lot of generative NFTs, so I'm heavily biased)
im unclear that this scarcity is different from making a wordpress site with n posts, each one being a picture generated with the different parameters.
i think the website version is better, even, since you as the artist can pick out the best individual items when producing the single art work that is "n pieces generated by this algorithm"
i dont think it really unlocks anything new. Whats different is having tooling that makes it easy to do
You can make synthetic assets which track prices of e.g. stocks. There are a few different protocols in this space, such as https://synthetix.io/. The biggest hurdle, I think, is regulatory -- is it legal to make and trade derivatives of $synthIBM and trade it like derivatives of $IBM?
None function with anonymity by default and you can't sell or even transfer most of these memberships.
I wonder if part of the divide on the "utility" of NFTs involves "internet native" culture (assuming the reality of pseudonyms without need to pierce the veil and use a real name).
Gold can be traded without leaving an audit trail, and without a per transaction cost.
By hopping on the lightning network, you're essentially anonymizing your payments as well as making them practically free.
You know, the whole "relatively stable store of value paying for productive output rather than speculation and fraud?"
We moved off the gold standard for a reason (and it's not all geopolitics...)
Bitcoin cannot be stable relative to other currencies as long as 90% of its forex volume is speculation. If there are businesses having long-term obligations and trade denominated in Bitcoin, providing for a large base of regular demand and supply that outweighs the speculation, it will stabilise.
This is obviously really really though to achieve, but it has absolutely nothing to do with the "tech" (which is essentially a spreadsheet). This makes the debate around the volatility and whether its qualifies as a "currency" rather boring. It will happen, or it won't, and we can try to predict the future, but it is not really about Bitcoin at all, just marketplace behavior.
Or even remotely imply it.
-
Once again the reply doesn't actually answer the basic question, because the answer is inconvenient.
I'd love one honest reply to the point grounded in any crypto, not even Bitcoin, being a "relatively stable store of value paying for productive output rather than speculation and fraud?"
Relatively stable being defined extremely generously in this context might I add! I won't hit you with a "gotcha!" because your coin of choice is widely used to pay for goods rather than fraud and speculation but it happened to fluctuate 10% or something, USD does that too...
To be sure, a lot of the "advocacy" is exactly what you describe, where people are just trying to push their bags. But the advocacy I'm talking about is more about the social element of discussing the art with other people in the community.
The website is certainly a valid way to display a limited generative art collection, but it's a different experience. It means that the artist _can_ curate the collection and hide some of the rough edges of the algorithm... but then it loses some of its magic. NFTs have sort of enabled a new sub genre of generative art [1].
[1] https://tylerxhobbs.com/essays/2021/the-rise-of-long-form-ge...
There's an emotional state associated with having paid money, sometimes a lot of money, for something which makes you want to get something in return. That something can be as simple as collective discussion of the art you bought, or propagation of its image into the real world through murals and commissioned derivatives.
It doesn't have to be a speculative interest in re-selling, though I agree that most people entering the space are exclusively interested in the latter.