
Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact - moh_maya
https://arxiv.org/abs/1703.03779
======
finnh
This satiric white paper is really, really worth the read:

[https://ponzico.win](https://ponzico.win)

Written by a former cryptocurrency dev who later joined Lyft.

Some choice quotes:

"Context—and wide margins—are the bedrock of every white paper."

"We’re living in a world where developers are Kickstarting Pets.com every
week"

~~~
FlailFast
Author of PonzICO white paper here (proof:
[https://keybase.io/cin](https://keybase.io/cin) )—thank you! Still optimistic
about cryptocurrency but the impending ICOpocalypse does not bode well for
anyone in the space...excepting satirists I suppose. ;)

~~~
finnh
Great to see your reply. I only came across your paper a few weeks ago,
through fortuitous circumstances:

A very smart but non-engineering friend of mine was asking about
cryptocurrencies, and - in trying to explain why i think ethereum's
"improvements" over bitcoin are anything but - I directed him to read about
The DAO.

He promptly rabbit-holed and came up an hour or so later with your gem of a
paper.

So ... nice work! A sanskrit professor found, understood, and thoroughly
enjoyed the paper. And then hipped his programmer friend to it :)

~~~
delhanty
Straight question: do you have a good link for the main technical differences
between ethereum and bitcoin?

~~~
delhanty
OK - I've read the paper on arXiv - can see that ethereum (for better or
worse) has smart contracts layered on top where as bitcoin does.

I seem to recall that there was another more fundamental difference at the
blockchain level, was wondering whether there was any link for that ...?

~~~
finnh
re: blockchain differences: I hear that Ethereum is planning to move to proof-
of-stake, rather that proof-of-work, but I don't have an opinion on that.
There may be other salient differences I'm unaware of.

It's the 'smart contracts' that I think are foolish.

Replacing the legal system with code only makes sense if all of the following
obtain:

(a) the code is 100% bug-free (b/c accidents cannot be rewound)

(b) all code-writers are 100% honest (their code does what they say)

(c) all contract participants are 100% perfet code readers (so as to not enter
into fraudulent contracts)

(Strictly speaking, only one of (b) and (c) needs to be true).

None of these conditions will ever obtain.

~~~
dragonwriter
And even then you haven't really replaced the legal system if you are dealing
with any goods that exist _outside_ of the blockchain, since no matter what
the "smart contract" code does, those ultimately need to be transferred
outside the smart contract system and subject to the legal system.

(And, actually, even transactions entirely within the blockchain may trigger
legal consequences, so even for them you've merely supplemented, rather than
replaced, the legal system.)

------
Cakez0r
_More specifically, we search the Ethereum blockchain for contracts whose
bytecode (which is always stored on the blockchain) is similar to that of some
known Ponzi scheme. We use the normalized Levenshtein distance (NLD) as a
measure of similarity between two bytecode files._

...

 _This search resulted in further 55 potential new Ponzi schemes, not included
in our original collection of 137 contracts._

It's so awesome that it's possible to do this and that it actually works!

------
fullshark
> To this purpose, we count the number of transactions from July 30, 2015 (the
> date of the origin block in Ethereum) to March 6, 2017 (the date when we
> extracted the transactions), obtaining a total of 16082269 transactions.
> Since we counted 17777 transactions related to Ponzi schemes, we have that
> Ponzi schemes only constitute ∼ 0.05% of the transactions in the Ethereum
> blockchain.

------
empath75
I've been sort of amazed at how brazen people are in cryptocurrencies about
pyramid schemes. They'll even call themselves ponzi schemes. And how many
people will join them, knowing that it's a scam, just assuming they won't be
the last suckers in.

~~~
pavel_lishin
People have argued that cryptocurrencies themselves are pyramid schemes - the
people who start mining early win out, and the people who join later to
speculate on the currency have less and less chances of striking it rich.

(Obviously this is based on the view of cryptocurrency as purely speculative,
not as an actual _currency_ with which to buy things, but even now, it's still
pretty difficult to buy a lot of things with Bitcoins.)

~~~
clarkmoody
Those people don't understand what a pyramid scheme is.

The acquisition of bitcoin by newcomers in no way enriches earlier adopters,
as in a classic pyramid scheme. Miners continually invest huge sums in capital
equipment with the hope that the price continues to rise. If it does not, they
are toast. This is not gambling or a Ponzi; this is just a risk/reward
business decision. It's the exact decision that the capitalist makes when she
decides to build a new production line at the factory.

Buying bitcoin early is like investing early in any new technology: it could
be worth nothing, or it could go bananas. Many alt-coins have trickled down to
very low prices over time or stopped functioning altogether. There are no sure
things in this space, even for the early adopters.

~~~
matt4077
> The acquisition of bitcoin by newcomers in no way enriches earlier adopters,
> as in a classic pyramid scheme.

Of course it does. Bitcoin used to be at $1, now it's at $1,xxx. What happened
in between was a massive influx of newcomers.

The difference to, for example, the stock market is in the "underlying value".
If I buy some stock and it's price collapsed the next day, I'm still entitled
to my share of future profits etc. If the company is sound, I have lost
nothing.

A ponzi scheme's underlying value is only the future growth of the scheme
itself.

I'd say the jury is still out for bitcoin et alt: how much of the growth is
being fuelled by speculation, and to what extend is that speculation actually
speculating on future speculation?

~~~
DINKDINK
>Bitcoin used to be at $1, now it's at $1,xxx. What happened in between was a
massive influx of newcomers.

That argument does not follow. An equivalent argument is:

"A house in San Francisco used to cost at $100k, now it costs $1000k. What
happened was a massive influx of new people to San Francisco."

What happened is that the utility of a house in San Francisco changed and no
one was willing to sell below $1000k.

~~~
JSDave
> "A house in San Francisco used to cost at $100k, now it costs $1000k. What
> happened was a massive influx of new people to San Francisco."

Seems pretty reasonable to me.

~~~
fivestar
Except that it isn't--it's a bubble and at some point that bubble is going to
pop. We already went through all this in 2008 and people have already
forgotten the lesson! It's amazing how fungible the human mind is. "This time
it will be different." That's what every communist who ever lived thought,
too. This time, the stupid scheme of wealth transfer will work perfectly if we
just can pass a few more laws and control a little bit more of people's
behavior, we can build our everlasting, perfect utopia.

Real estate crashes when the last marginal buyer is priced out of the market.
California real estate has crashed 2-3 times just in my lifetime. It will
crash again and whoever bought at the top will be bagholders. It is the
immutable law of bubbles.

------
Animats
The paper points out that many of the Ponzi contracts on Etherium have
exploitable bugs. Some can be induced to compute too much and thus run out of
"gas", aborting. Some allow an attacker to change the party who gets the fees.
Some can be stalled out with a suitably constructed transaction.

Making Etherium contracts a full byte code execution engine was a big mistake.
That form is too bug-prone and led to the DAO debacle. It should have been
something simpler, such as a decision table.[1] That simple declarative form
can handle most useful business logic, but can't loop. It's always decidable
and is easy to hand-check.

[1]
[https://en.wikipedia.org/wiki/Decision_table](https://en.wikipedia.org/wiki/Decision_table)

~~~
mafribe

       full byte code execution 
       engine was a big mistake
    

An even better scheme would have been proof-carrying code: a contract should
have been a pair (c, p) where c is the program expressing the contract (in a
Turing complete language) together with a proof p in a suitable program logic
(for total correctness) that proves that c does not do a bad thing (e.g.
consume too many resources). It's easy to check that the proof p is valid for
c.

~~~
Animats
Too complex for the purpose.

~~~
mafribe
Yes and no.

The proofs could be auto-generated for decision table based contracts, so a
decision table could be a convenient DSL for simple contracts, without
preventing more complicated contracts. The average contract writer would never
need to see the full language or be exposed to proofs.

------
dharma1
I think the vast majority of coins and tokens are near worthless. People
invest in them because other people invest in them, in hopes of seeing returns
like early investors in Bitcoin and Ethereum did. There will be a correction
at some point.

But that's not to say that a blockchain with functionality aside from store of
value (like Ethereum) couldn't pan out and enable a whole new universe of use
cases for trade, company formation and ownership, and contracts in general, on
a global, super-fast, completely automatable scale. It could be yuge - but
since no-one knows what will happen and it's still early days, the current
valuation of Ethereum is also highly speculative. If it works out though -
maybe the current valuation of Ethereum will look cheap in retrospective.

~~~
JustAnotherPat
I can see the use of blockchains and networks like ethereum, but it seems like
the majority of use cases could run on a private network. I still don't see
the appeal of a single public network. Why not a dozen or a hundred? That's
why the value or Ether seems so useless to me. There was a backlog of
transactions lasting hours yesterday and this is supposedly just the
beginning.

~~~
um_ya
So far, there hasn't been any killer use case for ethereum yet. Everything it
does, can be done more efficiently outside of the ethereum network. Some say
that its "decentralized" on ethereum though, but this isn't true, because a
lot of the inputs to ethereum contracts originate from a centralized source.
For instance, if you want to make a smart contract that sends you 100 eth
based on the outcome of a basketball game, the centralized source where you
get the trigger on who won the game, is the centralized source your contract
has to trust. It doesn't really matter whether the contract was executed on
the ethereum network, it is still vulnerable to centralization. Whats the
difference between that and just making it work on bitcoin by having a service
sign a multisig transaction sending you btc if the basketball team wins? The
only way something can truly be decentralized, is if all the actions in the
smart contract are primitive actions based within the network itself. For
instance, if y address receive 1 eth, send x address 2 eth. Neither action
requires trust outside the ethereum network.

------
flavio81
So, is this new "Ponzi" going to support Racket, or only plain Scheme?

------
gwern
Also check out "The postmodern Ponzi scheme: Empirical analysis of high-yield
investment programs", Moore et al 2012
[https://pdfs.semanticscholar.org/0aea/69ae7be6f3ff215dc81828...](https://pdfs.semanticscholar.org/0aea/69ae7be6f3ff215dc818285b8ae085941acb.pdf)

------
stefek99
Calling ponzi scheme a "ponzi" is pretty epic.

This is also very honest: [https://medium.com/@cincinnati/the-ponzico-white-
paper-8baa9...](https://medium.com/@cincinnati/the-ponzico-white-
paper-8baa98b19b97)

------
smokeyj
> The possibility of creating "trustworthy" frauds that still make users lose
> money, but at least are guaranteed to execute "correctly".

So.. Gambling. It's like academic clickbait.

------
brogrammer3
I will take my chances.

[https://bitcointalk.org/index.php?topic=1944495.0](https://bitcointalk.org/index.php?topic=1944495.0)

------
fudged71
Programmatic contracts lead to programmatic due diligence, great idea!

------
ebbv
All cryptocurrencies are ponzi schemes. The early adopters get richer because
more people come into the market later. Eventually the increasing values due
to more interest will have to stop, whether because people lose interest or
because everybody's already in the pool. At that time whether the late comers
are totally screwed or just don't make a profit like the early adopters
depends on what exactly happens.

Cryptocurrencies are the baseball cards of a new generation of wealthy
libertarians (they have no inherent value like a useful commodity, and they
have no backing of a powerful government. They just have value because some
people decided they are valuable.) How badly the next financial crisis effects
those people will determine how much cryptocurrency values are adjusted.

~~~
ramblerman
> They just have value because some people decided they are valuable

This is the basis of any currency. Backing of a powerful government is a mixed
blessing.

~~~
kahnpro
Is it though? All the meaningful currencies in use today, that I can think of
at least, are blessed and regulated quite heavily by governments. Maybe this
is a bit of a theory vs real world question.

~~~
ajhurliman
The part where a government manages a currency can be bad because it can be
mismanaged, which could lead to things like hyperinflation.

The good part of the government management is the part where they investigate
instances of counterfeit, but that part's already taken care of with
cryptocurrencies.

~~~
taejo
A _major_ good part of management (whether by the government or a semi-public
reserve bank) is that it can have adjustible monetary policy (add/remove
currency to/from circulation to promote growth or prevent inflation).

