Hacker News new | past | comments | ask | show | jobs | submit login
Missing line in a smart contract leads to $10M hack (rekt.news)
328 points by drdrey 6 months ago | hide | past | favorite | 322 comments

Many people are asking what happened, because the article does not go much into detail.

The code is there (linked in the article): https://bscscan.com/address/0x7a8ac384d3a9086afcc13eb58e9091...

After spending 2min on it and using this hint from the article:

> The affected pool contract had an initialize() function that should have been activated after deployment.

> The line: initialized = true; is missing from the function.

That's really the crux of the issue. Have a look at the `initialize()` function. It's meant to be called only once (that's why it uses the modifier `notInitialized`), right after the smart contract is deployed, and never again. But the `initialized` variable is never set to true, meaning that it can be called again, and it seems that's what the attacker did.

...so for those who expected something fancy and technically advanced, that's not for you.

so where does one draw the line between theft and just doing what the code allows? I wonder in the future crypto courts is the defense, "your honor, the code allowed me to call initialize again, they specifically didn't set it to true." going to fly? Or will you have to prove that the 10 mil you now have was intended to be given to you and your "victim" isn't a victim at all.

> so where does one draw the line between theft and just doing what the code allows?

This is the heart of the problem with smart contracts. The theory is that the code is the law. There is no theft. There is no need to trust, authority, or arbitration.

Of course, this only works when the smart contracts perfectly meet a correctly defined spec and have no bugs.

It also only works if the smart contract is a legal contract, which is something that gets hashed out in court, not in code review.

Some cryptocurrency enthusiasts seem to think declaring "code is law" actually makes it so while this is pretty far from the truth.

Code is law applies at least to the flow of money - unlike USD, the court can’t do something like garnish your wages to pay back a 10M settlement by taking some crypto out of your incoming transactions, both due to the anonymity and cryptographic parts of the concept. Of course, they could simply throw you in jail (civil contempt of court), but you still keep your money in that scenario.

They can order you to give back the money.

And like in real life, you can refuse to tell where the money is hidden.

Also like in real life, you might have spent the money.

Or lost it day trading.

Comments like this make me think we software engineers live in a different world.

>unlike USD, the court can’t do something like garnish your wages to pay back a 10M settlement by taking some crypto out of your incoming transactions

You think so, do you? "The law is the because that's what the law says it is". It might not be possible now (and I'm not sure I believe that, you can garnish foreign wages) but it will be if the need arises.

"But the code" yeah, no, that's a silly argument that only applies to cyberspace and not the physical world you occupy

It's 'legally' possible in that the court can say that you have to pay back some amount of crypto or some amount of USD, but with crypto it's not something that they can enforce in reality if the debtor doesn't cooperate. I'm saying the court can't force incoming transactions to be 60/40 split with 40% going to a different party, and the anonymity part of crypto means you can create a new wallet whenever you want to get paid without the court even knowing that you are receiving crypto as payment.

> and the anonymity part of crypto means you can create a new wallet whenever you want to get paid without the court even knowing that you are receiving crypto as payment.

Yeah, and if you get paid in cash you can keep it secret to.

OTOH, if your lifestyle reveals you have access go and are spending funds and not making required payments, courts can impose other consequences, up to and including imprisonment. But usually, seizing and selling off physical or reachable intangible property would be the first way to handle monetary debts. And, sure, crypto itself may be easy to conceal, but if you can’t use it to acquire anything tangible without sacrificing the safety, is it really usefully safe?

Didn't the US government just drain the crypto accounts of some online hacker collective that ransomwared that petrol pipeline?

Also the verb is "garnisheed". They're not putting parsely on it :)

> Also the verb is "garnisheed".

No, its “garnish”, past-tense “garnished”.

> They're not putting parsely on it :)

No, but its the exact same verb, just a different sense.

No it's not, the word is garnishee

“garnishee” is the noun for the person subject to the garnishment (that is, the person owing/controlling money to/of the debtor whose held funds or payments are redirected from the debtor to the creditor); the verb for imposing the garnishment is “garnish”, and in the past tense “garnished” not “garnisheed”.


my reading of the code is law idea is that the code determines what is possible in the system, in this theory you can say that the law which code represents in more ironclad than most laws (at least common law) however this reading, which I thought was the default one, does not take into account bugs occurring in code or that people may not have thought rigorously enough to prevent people from doing not what the law intends but also what the code allows.

That's not enough, all parties would have to have 100% awareness and understanding of the smart contract, detail by detail.

Real life contracts sometimes turn out to have non-enforceable clauses within our legal framework, or may be entirely invalid if, for example, signed under pressure or false pretense.

And a judge will decide whether the contract was signed under duress. Who will judge smart contracts?

A judge! A judge can just claim jursidiction!

Imagine if Goldman Sachs did this. A judge can say "look, you can follow our rules or we start seizing assets etc".

And when you're sitting around trying to be anonymous, well... you're doing everything on a public ledger, so now you're extremely restricted.

Hell, courts/legislative bodies could even go down the "force all miners within their jurisdiction to rollback an unwanted transaction". You think miners care enough to make a stand on this kind of stuff?

Unless you're going to like.... download your consciousness onto the blockchain you are still just as liable to being told by a court what to do as anything else.

Well if you don't know who the person who got the money is then there's not much a judge can do.

Judges have tremendous amounts of discretionary power when carrying out the law, and a good judge certainly isn't going to just give up because the identity of one party isn't immediately known. The example already given of ordering that the transaction be reversed on the network (even if that involves compelling uninvolved people to cooperate with the process) is entirely plausible.

Are judges going to manage to identify and compel enough miners (or devs, i guess, assuming the miners adopt the compelled transaction revert version) to have enough hash power to win a fork?

this could easily be combined with legislation providing tools to make it harder and harder to participate in mining off-fork.

US financial laws have been very useful for the gov't to be able to de facto give it worldwide jurisdiction in some areas, I think there would be relatively few qualms about continuing down this path. Especially if (for example) Robinhood and Coinbase were forced to follow along. At one point the "blessed" thing will become the only place you can really operate.

This would require an incredible amount of international cooperation. It might be possible, but I doubt it likely.

For example, the court could declare that this transaction was illegal, and anything spent from it is also illegal forever. The ledger is open, so courts can compel exchanges to watch for such transactions and report anyone that can spend coins derived from them (exchanges have already been forced to comply with KYC).

This would destroy the real-world value of this block, basically making it a digital equivalent of dirty money.

Kleros Digital Courts, if their story holds through.

The power of the court to 'right' the 'wrong' (e.g. by reversing transactions) is limited on a decentralized public blockchain governed by pure code that crosses national borders. This strengthens the position "the code is the law".

On the other hand, this feature is a motivation for centralists to take issues with public decentralized blockchains.

Except it's not, really, because a judge who's unhappy at it isn't going to care about "the code is the law" talk. They're just going to tell people to fix it or else, and all being in another country usually means is that the asset seizures will take longer.

>because a judge who's unhappy at it isn't going to care about "the code is the law" talk.

in my experience if you ever tried to tell a judge the code is the law you will be in for a world of hurt. Hope they don't read about it elsewhere either.

on edit: obviously in agreement with parent, just noting that the very concept of the code is the law introduced to a judge is going to elicit some very negative reactions.

How are they practically going to find the defendant? On a public blockchain, you can't always put a name or face to an address. The tokens in question can change hands many times and make it hard to trace identity.

Most criminals aren't masterminds, they are easy to find.

"Fix it or else" eerily sounds like an incompetent project manager.

> Of course, this only works when the smart contracts perfectly meet a correctly defined spec and have no bugs.

In other words, it doesn't work.

>The theory is that the code is the law. There is no theft.

What rubbish. You cannot claim "the computer let me do it" and expect to be let off for that. That's an extreme absurdity and is absolutely not how the law works.

Contrary to what a lot of people seem to think: Crypto is not "outside" the law in any way. It is a token of value (like FIAT currency) and there are plenty of laws that cover use cases from capital gains taxes to money laundering to, you guessed it, theft.

That's a big design flaw from the premise itself - it works if the code has no bugs, but all code has bugs, therefore it does not work

A smart contract is only as smart as the programmers writing it.

The code is the spec. Any other documentation is a compression of the spec.

> Of course, this only works when the smart contracts perfectly meet a correctly defined spec and have no bugs.

In practice, if using a smart contract as a contract, the way you'd use a paper contract, then two parties would sit down and negotiate; draft the negotiated agreement into the form of a smart contract; and then agree (signatures, handshake, multi-sig deployment, whatever) that "what the smart contract does — as executed by the network-consensus abstract machine — is our explicit mutual intent, and damn any statement by either of us to the contrary."

This is the same thing you're doing with a paper contract: by both signing it, you're agreeing that "what the paper contract says — as interpreted by a judge — is our explicit mutual intent, and damn any statement by either of us to the contrary."

Of course, nobody's actually using smart contracts as contracts. They're just using them as trusts/agents. For now.

But a smart contract used as a contract wouldn't have "bugs." It's a negotiated agreement; negotiated agreements have loopholes. And loopholes are perfectly legal. If you left one in, and your counterparty exploits it? Too bad for you. You should have run your contract through a better (code) lawyer.

Signing a paper contract doesn't mean you're bound to any bad thing that happens because of it for life. If a smart contract is so strict that eg it can be against public policy then it's not a real contract.

Note that in my above statement, the "network-consensus abstract machine" is the same kind of thing as "a judge": namely, both an arbitrator, and an official that declares certain clauses objectively void even if both parties like them.

See also: the DAO hard-fork that created Ethereum Classic.

Except it's not the same kind of thing, because an actual judge has legal power. Your abstract machine is going to be sidelined pretty quickly if a judge decides it's doing something illegal or unconscionable and issues injunctions to that effect.

I meant that the abstract machine's behavior is dictated by the legislation of the "society" of node operators, in the same way that the judge's behavior is dictated by the legislation of the society you live in. They're both appointed arbiters. And they've both got the responsibility of enforcing, among other things, certain 'inalienable rights' — i.e. making certain contracts (or certain legal motions based on the wording of a contract) invalid, if they would be greatly damaging to one party in a way deemed unacceptable to "society."

> if a judge decides it's doing something illegal or unconscionable and issues injunctions to that effect

A judge can't tell a distributed network that has equal presence in countries with mutually-antagonistic economies what to do. They can at most ban the network's nodes from being operated in their country — but people in that country can still continue to use the network through a VPN.

Think of it like offshore gambling, except that it's 'offshore' respective to every country on Earth, and there's nowhere a sufficiently-motivated Navy can send a bunch of boats to shoot at it, either.

Much of the economic value of blockchains comes from the fact that they allow private citizens of countries that have no trade/treaty compatibility (e.g. countries actively at war with one-another), to have a basis for trust allowing them to enter into contracts with one-another. The basis for this trust is the virtual 'overlay' legal framework of "whatever the software the majority of node operators decide to install says, goes."

Of course, if you and I are both in America, and we enter into a smart-contract contract, then we're also entering into a civil legal contract evidenced by that smart contract (just like we're entering into a legal contract if we make a verbal "handshake agreement.")

But if we have a compatible legal framework to operate in, that grants our contract as valid†, then why would we even need a blockchain?

† (A common reason to not grant a civil contract as valid: because it's a contract for purchase of illegal goods. In such cases, you don't have a compatible legal framework to operate in, even if you're operating in the same country.)

> A judge can't tell a distributed network that has equal presence in countries with mutually-antagonistic economies what to do. They can at most ban the network's nodes from being operated in their country — but people in that country can still continue to use the network through a VPN.

The distributed network is to some degree a red herring here: in most cases, an unhappy judge would be issuing orders compelling behaviors from specific people (e.g. "you're going to send that $10M back to the person who had it"), and if that contradicts the code, too bad - do it some other way.

> Think of it like offshore gambling, except that it's 'offshore' respective to every country on Earth

Except it's not: if you're in Iraq and I'm in Brazil and we enter into a contract (as would be legally understood in either or both countries), we are now in a contract under the jurisdictions of both countries.

Even being literally "offshore" doesn't really matter: almost every country will claim jurisdiction over its own citizens if they're not already under the jurisdiction of some other nation (by way of being on a ship registered under that nation's flag). You can't actually escape the law just by going out into the middle of the ocean.

> in most cases, an unhappy judge would be issuing orders compelling behaviors from specific people

I'm presuming here that the unhappy judge is on the other end, is the thing. There's no judge local to the person “in the wrong” who actually has cause to go after them. Only the judge in the other country does.

If I'm in Iraq and you're in Brazil, and I rip you off, and you have no idea who I am because I'm just some pseudonym on a darknet market, then sure, a Brazilian judge can write an order for "me" to pay the money back... but how are they ever going to enforce that? They don't even know who "I" am.

Let's say they at least know where I am (Iraq.) In a compatible-legal-frameworks situation, your judge could get an arrest warrant out, and nudge my country's police to try to do some ISP PRISM-ing to figure out who I am. Then your judge could try to get me extradited to Brazil to be tried.

But if Iraq and Brazil aren't on "good buddies who treat one-another's warrants in good faith" terms... then what's your judge going to do?

(To put this another way: if Edward Snowden ripped a bunch of private US citizens off before heading to Russia/Switzerland/wherever, would he have been any more likely to have been extradited sooner?)

> if you're in Iraq and I'm in Brazil and we enter into a contract (as would be legally understood in either or both countries), we are now in a contract under the jurisdictions of both countries.

In the case of actual offshore casinos, if you lose money to another person, you don't owe them money, because you never interacted with them directly. You played a game together; but while doing so, what was technically, legally happening was that you were interacting with the casino, and they were interacting with the casino. So, if anyone owes anyone money, then it's the casino that you owe money; and, separately, it's the casino that owes them money. (This is a large part of why casinos get you to trade your cash in for tokens, and then play games using the tokens. Everything that happens with the tokens, is "you interacting with the casino.")

You see this dynamic domestically in the form of e.g. car insurance. If you rear-end someone, you don't owe that person money. You owe your insurance provider money; your insurance provider owes their insurance provider money; and their insurance provider owes them money. Usually all different amounts! Because those are three different contractual agreements, being settled separately.

While it’s not necessarily the case that this is the body of case-law that would pertain if you send Dogecoin to someone in another country through your mutual memberships in some DEx, it’s not not necessarily the case, either.


I think we’re getting off-track here, though. My original point wasn’t that a judge would be replaced by a network-consensus abstract machine. It’s that a network-consensus abstract machine is a valid replacement good for a judge, when you don’t have any compatible legal framework through which to access a judge. This is the good people are paying for when they pay crypto transaction fees: this fake robot judge, that—while worse than a real judge in almost all respects—is at least better than the nothing (i.e. the “send Western Union and pray your counterparty isn’t a Nigerian prince”) you get by default in international civil/contract-law dispute scenarios.

> If you rear-end someone, you don't owe that person money.

You are in for a world of hurt... that's not how this works. At all. https://en.wikipedia.org/wiki/Tort

I mean, I agree with that, but I don't think having to restart the entire financial system or get 51% approval to edit any existing program is a good way to deal with problems like this.

There's a name for this, it's called a Ricardian contract.


It's slightly different than what you describe, because the parallel contract is an actual contract: a written and binding agreement between multiple parties, which explicitly grants consent for some bit of software to govern a given business arrangement.

Most "smart contracts" aren't Ricardian contracts, though, they're just chunks of software running on a blockchain.

They probably should be though, because contract law applies to business whether a specific legal contract is drafted or not, and no, that implicit contract doesn't say "whatever the software does is fine".

The legal system isn't a computer that implements the law strictly to the letter based on only factual information. There are "reasonable person" standards, allowance/tolerance for mistakes, etc.

Relevant to this discussion is rules covering mistaken deposits to a bank account: recipients are obliged to return the assets, not shrug their shoulders and use the cash while they proclaim "Bank's fault; they're responsible!"

Nobody can predict the future of how business will get done years down the road, but I think Smart Contracts can potentially utilize both Oracles (systems like Chainlink) to provide objective data about the world for triggering Smart Contract logic, and Arbitration systems (something along the lines of Kleros) for humans to make subjective judgements about human concepts like "reasonableness" in contracts.

A very contrived example. Say a Smart Contract exists for a contractor to paint a boat cornflower blue and then get paid when the job is done, but the Oracle system says that the contractor messed up and painted it sky blue. It can be part of the Smart Contract in the event of some error that it can go to arbitration to some pre-agreed-to subject matter experts that both sides agreed to beforehand for a quick and reasonable resolution or fee.

This kind of thing can be planned for and made standard in smart contracts. It'll only happen if it saves businesses more time and money than it costs though, and many other question marks will be involved. I think it's very exciting conceptually though.

But if a bug allows you to delete the contract. It’s useless. In the real world, a contract exists unless all parties agrees it doesn’t. A “loophole” won’t cause money to be removed from escrow unilaterally.

Actually didn’t a judge just rule Citibank wasn’t entitled to get its money back after a mistake like that?


Citi accidentally paid back lenders, rather than accidentally sending money to some unrelated party. This doesn't seem relevant.

A very major part of that decision was because the payment was not reasonably assumed to be a mistake. Obviously that argument isn't going to work here.

All exploits are technically some version of “just doing what the code allows”, I don’t see how that would change whether or not a hack/theft actually occurred.

Reminds me of a Team Fortress 2 griefing video where they kept putting turrets underneath the map that couldn't be killed but could shoot players.

"If they didn't want you to do that then why did they put it in the game?"

One view of smart contracts is that the code defines the intent/agreement, so if the code allows it, the it is, ipso facto, not theft.

Of course,

Seems like these smart contacts should include written contracts as well to outline what the code is intended to do, if you can’t rely on the code.

At that point, why have the smart contract? If you want 'automation', just get a trustworthy third party to execute the financials for you , as is already done with (for example) most real estate contracts.

> trustworthy third party

Merits aside, sidestepping the need for this is the whole point of blockchain.

Apparently you can’t even trust the um, paper, it’s written on

Why have smart contracts indeed, if executing the code in the contract is called a "hack." Perhaps in the case in the article a trusted third party would have been superior and there wouldn't be $10M missing.

ex-lawyer here.

Where big money is at stake most sensible judges will, or will /try/ to, look behind absolutist language in a contract (be it smart or not). Courts are very good at looking at contracts and asking what the parties intent was. They will ask things like "was it intended not to initialize this function?" They may then answer the question with, "No of course not, it was a bug. The person exploiting that bug knew that and cannot reap the benefit". Maybe, or maybe not: trying to guess what a judge will say is a mugs game, but my point is that saying it's a smart contract not operated humans renders it "Absolute Code-as-law" one can't interfere with is unlikely to fly.

I don't follow any of this too closely, but I thought the whole idea was to get rid of courts by using precisely codified contracts?

What's the advantage if the result is the same system as before (lawsuits, courts, etc.) with added complexity of "smart contracts"?

I think smart contracts are meant to automate the work behind contracts/agreements, but if someone hacks you, well, they did something illegal and you can sue?

I think the question is: Why then deal with all those inefficiencies and cost of distributed computation, mining, and broadcast transactions, if you need courts to override decisions anyway, and insurance to cover yourself when something goes wrong? You can already "automate" without smart contracts.

I share the general skepticism, but I am open to the idea that (much like other electronic commerce), the smart contracts might make 99% of transactions much more efficient; so the expensive manual interventions are only used on a small proportion.

Of course, it is not necessarily obvious that blockchain-powered smart contracts are the only way — or the best way — to achieve that automation and efficiency!

> the smart contracts might make 99% of transactions much more efficient

The entire point of proof-of-work is that it is inefficient, by design. Efficiency is counteracted: Advances in technology that lead to more efficient mining techniques directly mean the difficulty for the next block being adjusted up.

Operating on traditional databases (where automation is regularly implemented, too) is orders of magnitude more efficient. Because like most other things other than proof-of-work, those processes directly benefit from getting more efficient.

PoW wasn't designed to be more efficient, the Nakamoto consensus type implementation exists to improve honesty and security. There is no traditional database that's as secure as a blockchain, it's always a tradeoff between security/immutability and efficiency. But since efficiency does matter many 2nd generation chains have moved away from PoW.

I think the way to look at is that, smart contracts are not behind the contracts/agreements, smart contracts are the contracts/agreements. Once you realize that, if a smart contract executed successfully then the operation was legitimate.

Of course, ethereum forked when a big hack happened, but it won't be forking for every hack, otherwise it's not really a reliable blockchain.

A smart contract can't actually be the contract (and may end up not even vaguely correspond to the resulting situation in the real world) because the legal system alters or voids contracts all the time. A judge who decides that your smart contract has an unconscionable clause isn't going to care about what you say about immutable code - he's going to tell you to fix it in the real world or else.

Judging from the amount of contract disputes in the court system, I would expect it to be forked pretty regularly

So what's the difference between "hacking" and "following the contract"? The whole point of a smart contract is that the code is the contract.

Except it can't be, because the legal system can and regularly does adjust or override the terms of contracts for a variety of reasons.

How do you get rid of courts? Do you imagine an alternate reality where existing regulations do not and can not apply? Because I'd recommend continuing to imagine.

I think that's the wrong question. If a court can decide (and enforce) what a smart contract "really means", then smart contracts don't really bring much to the table. It doesn't matter what the court would actually decide.

The main thing smart contracts bring to the table is a mechanism of enforcing contracts without government involvement or control. The contract gets enforced, period. The parties can be anonymous, it doesn't matter which country they're from, and so on.

If a court can decide/enforce what a smart contract "really means", then the smart contract still decides who has possession of the related assets before the courts get involved. That's for ill or for good. Anyone who wants to get the courts involved has to care enough about changing the status quo to pay for a lawsuit. Changing what the status quo is, before the lawsuit, changes the balance of power.

Automation is valuable in itself. Imagine a system of thousands of smart contracts interacting with each other millions of times a second. No court system is (currently) equipped to deal with that except in the most superficial way.

It may depend on a legal system in a country but I think 'Or will you have to prove that the 10 mil you now have was intended to be given to you and your "victim" isn't a victim at all' is more likely. For instance there were cases,where ATMs dispensed stupid amounts of money because of some error. People would normally be found guilty if they take the money that technically isn't theirs.

Proponents of Ethereum will say that smart contracts obviate the need for courts. I don't think this sort of Ethereum bug/hack thing has ever shown up in the court system yet. I'm sure someone will bring a case if they know who did it. If gaining access to someone's system using default credentials or no credentials is a violation of the CFAA then I'm sure this is as well.

In the future I think smart contracts will be standardized - these kinds of things won’t happen unless you’re trying something new. If that’s the case there will probably be services/testnets to properly vet it before launching on a mainnet.

> these kinds of things won’t happen unless you’re trying something new.

Unfortunately, that's probably not going to be what occurs. Even today, there are constantly bugs discovered and fixed, some critical, that have been latent in systems for decades - as in since the last century.

The recent FragAttacks against WiFi systems come to mind.

A bug-free version of ProfitSharingRewardPool is much more plausible than a bug-free version of WiFi, or SSL, because the former is less than 1000 lines of code and apparently had an unintended $10M bug bounty.

We were dicussing errors in smart contracts not just errors specific to ProfitSharingRewardPool. Your comment is correct about ProfitSharingRewardPool but is incorrect about smart contracts. That goes to show that errors happen all the time.

Future crypto courts? This whole crypto circus exists to solve the problem of having no central authority.

If you can use courts, you have no reason to use "smart" contracts.

if it went to court, i am guessing presuambly under a plea deal the hacker would be required give back all or most of the crpyto to rectify the 'mistake;' if not, it would prove intent to steal . For example, there is the 2005 Sammy MySpace XSS incident. Technically, his code was interpreted by Myspace as valid CSS/html, but was still guilty due to intent.

The "point" of smart contracts is that the code is the contract. The "victim" voluntarily gave that money away.

> The "victim" voluntarily gave that money away.

This explanation, much like its sibling "voluntary transaction" defense of market failures and economic coercion, sounds to me like a bully who hits their victim with their own arm, and then exclaims, "stop punching yourself!".

If the person who lost the money had to use smart contracts, you've got a point. If they used them because they thought they were a good idea, I hope they learned their lesson.

Agreed, but the crypto crowd wants smart contracts to be ultimately used by everyone, which means (in their hypothetical world, which I hope never materializes) many if not most uses will be of the "had to use" kind.

That only holds right up until a judge disagrees and orders the transfer reversed.

IIRC the DAO "hack" was also caused by an init that could be called twice. Kinda interesting how this could happen again. I haven't looked at the smart contract as I'm on a phone but it's imagine you'd at the very least put a comment explaining what the purpose of stopping the reinit was.

Why contracts don't have a test suite that verifies them?

They do, if you don’t have 100% code coverage then you get what you get

100% code coverage isn't even close to a guarantee of correctness.

But is the easiest metric to guage test quality. What I’m saying is this code is probably not well tested

This code isn't tested at all. They messed up copying code from a previous implementation, that's how bad this is. If they had had a few basic tests in place they would've spotted this before it even had a chance to be a problem.

Then the problem has zero to do with the type of testing, now does it :)

Because the entire field is nonsense and pyramid schemes. Ethereum derives their smart contract langage from JavaScript for fuck’s sake. That alone should tell you that their interest was always to disregard everything in order to maximise adoption. And then they added pitfalls to JavaScript because it was not broken enough for their tastes.

So I wonder if someone watches the block chains for these kinds of bugs then swoop in when it happens.

Reminds me of the 2nd "Parity wallet hack", where they forgotten to initialize the contract, despite extensive audits after a previews hack.

That one lost around $154 million USD at the time. The hacker didn't get anything though, the funds became permanently trapped.

Imagine having a bad day at work? https://hackernoon.com/parity-wallet-hack-2-electric-boogalo...

Can the deployment and the initialization happen in the same transaction? Or would it be in principle possible for a 3rd party to swoop in and initialize it ?

I wonder when people will realize that the complexity inherent in human financial transactions will not go away just because you write code instead of natural language and 'decentralized finance' will reinvent everything it tried to get rid off (but shoddily) because nobody likes to lose their live savings because they missed a semicolon.

Does anyone else feel like replacing all the legacy finance infrastructure with decentralised code is going to produce a worrying number of stories like this? Most of the examples I've seen so far it's happening to someone who works in tech, has disposable income, and is generally a proponent of cryptocurrency.

I haven't written a lot of decentralised code in production, but I get the impression there is generally more to consider, and a fun new class of failure modes to worry about.

> Does anyone else feel like replacing all the legacy finance infrastructure with decentralised code is going to produce a worrying number of stories like this?

And stuff like "I lost £95,000 in a bank scam after my solicitor's email was hacked".[1] She managed to recover £57k after , but still lost £35k, not an insubstantial amount!

If anything, we need more protection against stuff like this. Sending money to the wrong account because your solicitor's email account was compromised is something that can happen to anyone, especially if it's someone you've been in regular contact with.

It seems the systems for dealing with fraud in the current banking system is already inadequate (although there is now a new "voluntary code" according to the article, no idea how well this works in practice), and for crypto it's woefully so.

[1]: https://www.theguardian.com/money/2020/feb/29/bank-scam-soli...

This is before the recent change in bank transfers that requires account name to match account number right?

My understanding was that change basically closes the majority of these scams (where the account details are substituted) as you would now need to create an account with a name you don't have ID for which is very very hard.

Yeah, you're correct.

As for how this actually pans out in practice: I don't know. I'd guess that having people also fill in a name isn't impossible either, although it certainly makes it a lot harder.

I think the big issue is using tools without verification infrastructure. Of course there are specification level bugs to deal with but hacks seem to be oh so often the simple "I forgot to initialise a variable" kind of attacks.

I think we really need to be splitting up code for smart contracts into 3 classes:

- Low Complexity, Automated Assurance: Non-turing complete DSLs that allow you to fully reason about their behaviour and catch bugs in a near completely automated manner. The only one of these that I know of at the moment is Marlowe however I'd love to know if more existed. This class should be easily accessible by finance people and should be near impossible to get wrong.

- Medium Complexity, Semi-automated Assurance: These are tools that are expressive and more code than contract however they may or may not be turing complete. These can catch a wide number of bug classes but may need manual intervention (annotations or proofs) to cover the last mile.

- High Complexity, Manual Assurance: The are tools that give you the full power of a turing complete language and all the landmines that come with them. I personally believe any smart contract written with one of these tools should not be used in production unless it is accompanied with a formal specification and an end to end set of proofs verifying correctness.

At least with this model you can judge the risk factor by how complex your application is. 90% of smart contracts probably fall into the first class and another 9% probably fall into the second. There really is no reason to be using a tool without any reasonable amount of assurances provided unless your project is extraordinarily complex (and even then it'd probably cost a fortune to run on a network) and even then there's no reason for these smart contracts to exist without any proofs backing them.

There are some interesting projects on Tezos in this regard:

https://archetype-lang.org/ is a non-turing complete dsl that you can run http://why3.lri.fr/ proofs on.

Another way is to run proofs on the michelson that was generated by a higher level language (https://ligolang.org/, https://hackage.haskell.org/package/morley ...) with: https://gitlab.com/nomadic-labs/mi-cho-coq

The most interesting project (still alpha i think) to me is: https://juvix.org/ a rather elegant dependently typed language.

Thanks for those. I really like the work that Tezos has been doing and the more I see from them the more impressed I am.

By the way what's your thought on Plutus (https://developers.cardano.org/en/programming-languages/plut...)?

It's technically its own language however it is basically a Haskell DSL/library that lifts code into a smart contract domain. It seems to retain the full expressivity and safety of Haskell (and the Haskell tooling). Additionally it allows you to share the same code base for on and off network code (as the smart contract code is largely just code lifted into a smart contract domain. This provides pretty much seamless interaction between the two domains. The documentation is a bit sparse at the moment which is its biggest weakness however that's rapidly being improved with the approach of Alonzo at the end of July/start of August.

I'm honestly so glad we as a space are finally starting to move away from Solidity and all of its footguns.

Even as a crypto maximalist I believe code can create tyrannies of it's own kind. Take the example a story posted on HN some time ago of code Hertz wrote reporting cars not turned in as stolen and getting people (unfairly) arrested.

If I call my bank, they can fix a mistake, no matter how bad, because they own "truth".

I think what will end up happing is every contract will have the ability for some authorized key to make arbitrary movements of tokens amongst custodial accounts and nobody will build contracts where anything is moved out of custodial accounts until there's been multiple authorizations. Sort of how I transfer money into Gemini, I don't just trade from my personal checking account and they won't transfer to my checking without some authorizations. Look, I know I'm not being sophisticated here, I'm just saying, you need a way of un-fucking a fuckup and if someone can abscond with tokens easily because of a small logic flaw that doesn't work writ large.

So then why even bother with DeFi when what you're doing is just relaying trust back to a centralised human party?

It's just regular finance with extra steps.

With DeFi you can side step the non-essential bits of centralization and delay in finance and investing. There's quite a bit of unnecessary complexity and opaqueness in finance and investing today, which only serve to protect monopoly and hegemony.

Except it's not at all. You can take synthetic TSLA shares and deposit those as collateral to mint stablecoins as a loan. Where else can you do that from your web browser at 10am on a Sunday and confirmed in 30 seconds?

Clearly the demand for this isn't exactly as important as anyone claims given the abject failure of the microloans industry to pan out.

The problem with loans generally isn't that you can have one at 10Am on a Sunday morning.

I've always thought the retail lending side of DeFi was silly. The risk is too high. Screenshot this, mortgage backed securities will be the first major success of blockchain debt based products.

No, because I expect it to implode well before "all" gets replaced!

It's worse than that.

Contracts are not code.

It's a complete misunderstanding to posit them as such.

Contracts depend first and foremost upon the legal regime in which they are valid. Every jurisdiction has rules, precedence, language means specific things.

There is quite a bit of variability in this stuff, which is why we have lawyers. And Judges.

Putting a contract into a crypto ... is basically pointless.

There's possibly more transparency, akin to publishing contracts on the web or something like that.

And of course, there is a 'narrow range of agreement possibilities' that could take place on crypto contracts, for example, things like stock options etc..

But generally speaking, even the contract cryptos are 'technologies looking for application'.

We don't want to 'nay say' new, dreamy ideas, but these new dreamy ideas, combined with a bit of hubris, arrogance, greed, lack of self awareness can create problems.

The most obvious example for 'contracts are not code': the most airtight contract in the world can get quickly voided in court if it turns out one of the parties was actually a minor at the time of signing, even if they hid that fact or didn't actually know it.

This. The foremost example being EULA's and warranties in countries where the law gives consumers far more rights than the copy/paste legalese texts that everyone accepts at installation/purchase.

> Contracts depend first and foremost upon the legal regime in which they are valid. Every jurisdiction has rules, precedence, language means specific things.

One could counter that no code ever stands alone, but is executed in terms of some runtime.

But I think I can bolster your point with two further thoughts:

1. Contracts are not meant to be code. The process of drafting a contract helps people arrive at a common understanding - a shared consensus, a "meeting of the minds" - and once signed, it then documents that understanding along with relevant context sufficient for third parties to be able to recreate that common understanding.

The contract is not executable - it, at best, is a declarative description of some of the outcomes. The actual execution is handled independently by the parties that entered the contract. The contract only exists so that common understanding can be preserved through time and shared with other people - whether it's because some party forgot the details, or it needs to be modified, or third parties (like lawyers, judges or arbitrators) need to be involved in dispute resolution.

2. To the extent a contract contains anything resembling executable code - say, the aforementioned declarative descriptions of outcomes, or imperative descriptions of specific behavior, or some attachments with deliverable specifications, etc. - these are all expressed in a very high-level programming language, i.e. natural language. This "code" is ultimately "executed" by sapient human beings. In other words, the programming language and runtime in questions are GAI-complete: that is, coding them up from scratch, e.g. to enable "smart" contracts to be comparable in utility to regular ones, would be equivalent to creating a human-level general-purpose artificial intelligence. We're not anywhere close to achieve that, thus by definition, "smart" contracts are too dumb to make sense when we can use the normal ones.

I'd say this is a problem of a really new tech, with the advanced attack vectors and methodologies we have nowadays.

Thankfully, other cryptos (such as Cardano) are building their smart contract platform with correctness/security in mind (compiler checks and so on), so we might see less problems like this.

How would exactly the same argument not be applicable to any sort of public code repo?

First thing I do when changing or creating a thing.

Try to figure out WHY things are the way they are and run through some scenarios. It's not a bullet proof system, I don't always do it well... but it can help having to re-invent some of the more obvious aspects of the wheel.

The whole blockchain ecosystem seems like a long drawn out lesson as to why at least some systems we have are kinda big, bulky, involve a lot of checking / overhead ... and why some rules and regulations exist.

Every new blockchain company that posts a blog and complains about "Why can't we just..." often has me thinking "Well yeah you shouldn't... wtf"

This reminds me of Chesterton's Fence: https://fs.blog/2020/03/chestertons-fence/.


I hadn't read this before, but it is worded way better than I did.

> First thing I do when changing or creating a thing. Try to figure out WHY things are the way they are and run through some scenarios.

As a developer I often stumble across code and systems that are superficially idiotic. I just think "Why isn't this doing X instead?".

Here there are two approaches 1) blindly change the thing to make it better 2) Try to understand why it is wrong, and what led to the legacy design.

The sensible thing might be 2, but its also soul-crushingly boring. So I obviously always do 1. After ripping out some code and replacing it with shiny new code, you invariably find the edge cases that led to the legacy design.

They will show up as bugs, or edge cases missing. After a while, you will have iterated so that your solution might look something like the original (hopefully slightly better) but the important thing is you now have a system you understand fundamentally. You basically traded a few regressions for fundamental understanding of a system

But also, surely the traditional legal system will still handle disputes over smart contracts just like it does with traditional contracts. I can’t imagine that a missing line of code (intentional or not) would be treated any differently by the legal system than a vaguely-worded clause in a traditional contract. The legal system almost certainly will not say “your contract was just code and the code executed properly according to its technical specifications and therefore the outcome stands.”

The thing is, that's what a lot of smart contract proponents are pushing for. That the legal system has no say over contracts, so the outcome would stand. Or effectively bake into operating these contracts that the legal system isn't a reprieve against anything.

They might be pushing for it, but I just don’t think it’s going to happen, at least for transactions where it’s feasible to sue in court. The courts already deal with traditional contracts and, from what I can tell, they tend to look more at what a reasonable person would expect the outcome of a contract to be than the literal text of the contract.

"That the legal system has no say over contracts, "

An agreement is an agreement subject to laws and jurisdiction. There's no avoiding that.

It will be interesting to see how this plays out in the courts.

If distributed and decentralized it also runs across a common issue with courts - the ‘make me’ problem.

If someone buys product x from seller y, which is based on some decentralized ‘contract’ which is defacto enforced by every node of the network independently - and that product then produces a unjust outcome.

You go to court, but what if Y is just a node on the network? And everyone involved is outside the courts jurisdiction? what can an adverse court judgement actually accomplish? It can’t roll back the network activity to fix the smart contract without everyone’s consent - and that seems unlikely. It can declare product X illegal or fine seller Y - but if they have no way to enforce it, what’s the point?

If the seller Y is identifiable but simply abroad, then there are various cross-country agreements that would allow to use the legal process in their country to collect money from them in various ways, especially if there's a lot of money at stake - like the $10M discussed in the article.

If the seller is unidentified, then it is possible to get a judgement and work on identifying them. If it's not just a civil dispute but felony fraud, then law enforcement might identify them some years later, it happens.

Of course, if everyone involved is properly anonymous then it's very, very hard to enforce anything, and takes enough effort and money so that it's not worth the hassle for small amounts, so for that there's simply some 'caveat emptor' in dealing with foreign anonymnous sellers. If you defraud $10 off of someone across the ocean, you are likely to get away with this. But for large cases of fraud? Everyone makes mistakes now and them that may allow them to get identified, and such fraud can be prosecuted many years later.

I doubt the judge is going to care that the “contract” passed through a bunch of different peoples hands (nodes in a network). They could still fine the seller or order them to return the funds to X.

If Y can’t be hauled into court because they are in another country or you just don’t know their identity, well that isn’t a problem specific to these “distributed smart contracts.”

It is actually a problem specific to these types of contracts. It is very difficult to nearly impossible for me to get money to a company somewhere right now in a way that doesn’t surface who they are and where they are at in some really obvious (and traceable) way - part of the US War on Terror is the anti money laundering, and know your customer rules and heavy handed enforcement of US financial control.

In this case, you send some ether somewhere.

If a US or EU court finds participants of said node criminally or financially liable and the political will exists (which will happen when someone important enough gets screwed over by a bad contract) they may be deported, face criminal prosecution, be banned from transacting with US financial entities, etc.

Those things are not a small deal.

Lots of if’s and May’s there - and that’s true of a ton of things in crypto. It took nearly a decade before the SEC or IRS would even provide basic guidance on what the heck crypto even was in their eyes. Lots of deals gonna happen, lots of fortunes made and lost in that gap.

I'm pretty sure a "smart contract" isn't a legally-binding contract. A smart contract is a piece of software code, like a text editor or a web browser.

Well ... first, what's described in the article isn't that smart. It's actually dumb.

If we describe these code-as-law thingys as 'dumb contracts' it is crystal clear that 'YES' this is a dumb contract and any sane judge presented with one may well decide to give the participants exactly what they deserve, just like paper-based 'dumb contracts.'

The key innovation here is that we've gone to the remedy residing in programmer malpractice, rather than attorney malpractice. Which in turn, when it becomes obvious to all involved, hopefully will have a chilling effect on any smart programmer asked to write a 'dumb contract.'

It's called a "smart contract" because it's programmable (Smart) and can be executed based on specific conditions (Contract).

I've seen/read somewhere that Vitalik regrets naming them "smart contracts" though.

They are database triggers, but that's not enough grandeur for cryptoheads.

Looking at the various issues that have come up with these ‘smart contracts’ (aka the ethereum DAO issues up until now), I think anyone who wants to write one should be automatically excluded from being allowed to do so.

They should maybe be forced to learn what a dependent type system is so they can regret that their smart contracts are written in a language with no safety features.

https://juvix.org/ is looking rather nice but is still beta.

Yes, and if you use a smart contract to hire someone to build a deck on your house, I suspect any resulting legal disputes would be treated by the courts the same as if you had used a traditional contract.

The problem is that smart contracts do not come with the same capability to take your counterpart to a tribunal: you might not even know who your counterpart is, im which country they live or if there are multiple ones. Who are you gonna sue?

A "smart contract" is a computer program that manipulates balances on a ledger. There is no way you can use that to hire someone to perform a job because this isn't something that can be expressed in terms of balances. You would need an actual contract to do that. Also the parties that interact with the so-called smart contract have no agreement between them. What could they possibly have a dispute over?

Yes, a smart contract is not a legally-binding agreement, although it could be a component of a legally-binding agreement. That’s my point.

The smart contract in my hypothetical scenario might be something like a transaction with 3 parties: you (the customer), the construction company, and a third-party verification service, that executes your payment to the construction company when any 2 of the parties agree to execute. This theoretically prevents the possibility of any 1 party defecting and running away with a monetary benefit (including the third party verification service, which couldn’t run away with the cash like a traditional escrow service hypothetically could).

But my point is that even in this case, if the construction company and third-party verification service colluded to run away with the money without completing the work, you would still sue one or both of them, and my prediction is that the courts would treat this essentially identically to a scenario using traditional contracts.

But for this arrangement to work the customer, the construction party and the third-party need to enter into an agreement, i.e. a traditional contract. A traditional contract is legally binding, so of course the courts would treat it as legally binding. The smart contract may be part of the agreement but a smart contract by itself is not an agreement and something cannot be a legally-binding agreement if it isn't an agreement to begin with.

I suspect a court would tend to take the existence of the smart contract as a pretty clear indication of the intent of the involved parties. But of course if you’re entering a significant commercial agreement like this you had better make an explicit traditional contract as well.

People get so hung up on the word contract. Might as well spend time arguing that rodents make for bad I/O peripherals.

It's not necessarily true that a smart contract is controlled or operated by an individual or corporation. Once deployed, many have no provisions for administration or ownership tools. If you're using one of these contracts and there's a bug, suing the creator would be like suing someone because they put a random legal contract template online & you didn't proofread it well enough.

Then what's the point of smart contracts? If you always must have some form of repudiation/reversal mechanism, you might as well go with the traditional contracts.

You could argue there will be lowered costs in the happy path where nothing goes wrong, but I'm not sure that's valid since the underlying software still needs to written/supported by someone.

Smart contracts can automatically execute code that makes transactions happen. With a traditional contract you need a third party to do that (or you have to trust the other person).

This allows for a lot more efficiency as people who've never met can make trades on an open market without having to involve anyone else.

One obvious point would be transactions for which the traditional legal system is not an option, like illegal transactions or highly secretive transactions. But yes, I think advocates would provide other examples of lowering costs.

> 'decentralized finance' will reinvent everything it tried to get rid off

Matt Levine wrote about exactly this in a recent Money Stuff column: https://www.bloomberg.com/news/newsletters/2021-05-11/money-... . First paragraph:

> A model that I often use for cryptocurrency is that it is rediscovering traditional finance: In its early days, crypto was a brand-new financial system, unsullied by the old evils of central banking, leverage, regulation, etc.; eventually people realized that some of those things were good, and started reinventing them. One way to reinvent finance is for idealistic crypto technologists to invent banking, leverage, regulation, etc., from first principles, with cursory or no knowledge of how the traditional financial system addressed these issues or why it rejected other solutions. You would expect this to lead to flawed but interesting results, whole new ways of doing things that might blow up horribly but that might instead point the way to a better future.

I find the fact that crypto is re-inventing finance from first principles to be really interesting.

As he says, "You would expect this to lead to flawed but interesting results, whole new ways of doing things that might blow up horribly but that might instead point the way to a better future".

> because nobody likes to lose their live savings because they missed a semicolon.

Yeah, but shouldn't it be possible that these things will be avoided by confirming the validity of the code with theorem provers such as Coq, Lean, or something similar, at some point in the not too distant future? That's what I've been wondering, without currently having any stakes in the game (and probably not until there's compelling mathematical proof of security)

That would cost an arm-and-leg, it would need to be done by someone who actually understands both the theory of proving algorithm corectness and the algo in question and systems like CoQ are from being able to prove large, complex systems.

All the while traditional "non-distributed" finance simply uses sound engineering practices, such as code reviews, audits and sign-offs at much smaller cost and without requiring specialized PhDs in multiple unrelated fields.

>That would cost an arm-and-leg,

Without being able to provide any evidence, I'm quite sure (that is, I hypothesize) that if a theorem is clearly stated, such as in the case of formal proof assistants, we'll soon reach a point where we'll have a distributed network in which people are able to 1) provide economic incentive for somebody to provide a given proof, 2) somebody else to potentially offer a better proof which will computationally be accepted (verified by some algorithm that prefers one proof over another by some sort of metric), and therefore 3) have a system in which the validity of a computer algorithm, which has been stated as a conjecture, can be mathematically created and verified in a decentralized fashion.

>it would need to be done by someone who actually understands both the theory of proving algorithm corectness and the algo in question

If the theorem is stated clearly, no further understanding is needed. But of course they'd need the understanding of providing the right axioms and definitions, which are as limited as possible, to state their conjecture. That, I think, will be the point at which the purpose of the mathematician will shift from providing proofs, towards discovering interesting and coherent conjectures, as the proving of those will turn into a kind of rat-race, and ultimately merely a computational challenge.

Anyways, I'm just rambling about some things that have been on my mind recently. Don't take me too seriously.

Smart contracts are not large, complex systems, and formal proofs have already been used for them. There's not much code to verify and bugs are very expensive, so the economics easily justify doing it.

> ...shouldn't it be possible that these things will be avoided by confirming the validity of the code...

It would be better to build in a margin of tolerance for correcting mistakes, but that's contrary to the rigid determinism that smart contracts and cryptocurrencies, for some reason, strive for.

Theorem provers require code for defining what you want to prove and the method through which you reach said proof.

Proofs and theorems can have bugs.

But aren't proofs exact in what they state? So it wouldn't be the proof that would be faulty. It'd be the interpretation of what somebody thinks the proof means to them, and that'd be something you could entirely objectively reason/work on.

Proofs are programs and programs are proofs of themselves. The ways proofs might help you show that a program is "correct" (what you meant to say) are 1. the effect of writing it twice in different languages 2. that proofs may be more abstract and you can refine the program from them.

But a proof/formal methods can't actually prevent you from being wrong because you can be wrong at any meta level.

> "correct" (what you meant to say)

Oh, this is a definition of "correct", it's not me correcting the OP.

But the human world is not exact and full of context. Even mathematical.proofs exist within a context of an axiomatic system, known proofs, and various domain assumptions.

I remember that in my computability theory class, defining the right proof was by far the most difficult task. And this was in very small, closed systems.

> But the human world is not exact and full of context.

That is of course correct. However, it was my impression that the contract mentioned in the OP was completely on the blockchain, and therefore completely deterministic (no oracles or whatever.) Hence I figured it could've been proved with absolute rigor, in which case it should've been possible to formally prove the correctness. I'll be honest, I didn't look through the contract in detail now, so I might be wrong.

It's possible that maybe, just maybe, the interior world of some crypto scheme may have sufficient formal proofs.

It doesn't change the fact that the crypto system lives in a human world were law, politics and attacks can coerce you to do a lot of things and the formality of the system is just irrelevant.

> will reinvent everything it tried to get rid off

I started to have this feel already. DeFi projects creates projects that create projects .. it's gonna be a potential spaghetti bowl of intermediate layers. Either the mass is gonna make it survive on the side or it's gonna fade off xml style.

At least a smart contract can be unit tested thoroughly, whereas a 20 page legal document cannot be.

That’s not actually useful, thorough unit testing can not prove the absence of bugs in the contract.

Code won't make the complexity go away but it can definitely inform humans of various little things that would be too tedious or expensive to do manually.

There's a reason we don't have lawyers review every ecommerce or in-store purchase that's made: the process of shopping has been standardized to such an extent that most parties (merchants and buyers) don't need to sign a bespoke agreement for every transaction.

If we can get more complex agreements automatically hammered out, it represents not just large cost savings, but potentially creating more business for smaller players easily.

I think you have point. And, a key advantage I can imagine is that "checklists" could be implemented into code over time and that is potentially superior to natural language. I am not a crypto expert though.

Stark reminder on the importance of quality control and checking the work twice. I think people sometimes become complacent with work completed in the virtual environment vs the physical world.

yes. Reminds me of something a friend said a while ago: "You know how I became a great coder after 3 years? By being a bad coder for 3 years."

If it were this easy, software would not have bugs.

Except checklists often ... just get checked.

c.f. people checking t&c's becuase they can't be bothered to read them (/sympathetic).

There are plenty of Defi protocols that have not been hacked with many billions locked in them. Among them are Uniswap, Compound, Aave, and Synthetix. And in the traditional finance world plenty of mistakes have been made, like when Knight Capital accidentally ran their unit test algos in production and lost $500mil https://en.m.wikipedia.org/wiki/Knight_Capital_Group

those are somewhat different. these are intermediaries when doing a hack. the hackers target smaller defi protocols with flash loans for example

Companies have canned contracts, like when you buy a house your mortgage company just plugs in a few variables and voila, contact. Commonly used smart contracts will converge in a similar way before they make it into common usage.

There is place for both systems. Most crypto people have made peace with the fact that they can lose it all. People overestimate conventional finance. Conventional finance is incredibly flimsy if you dig into it. Leveraged beyond repair, ductaping one unprecedented monetary experiment after another. No conventional currency has preserved substantial purchasing power over a span of say 100 years maximum. The mathematical proof of supply limits alone is an unbeatable feature. Myself, not a crypto fan at all, I am sure crypto will be banned at some point, but just on the merit it's as good as anything.

conventional finance has ways of insuring money and getting back stolen funds. it also is more idiot proof. nothing like that exists with cryto. crypto way less forgiving of errors..

Not quite accurate. The insurance you are talking about is for the custodial services of financial institutions. You can get custodial service for crypto with insurance too (https://custody.coinbase.com/faq). Outside of your narrowly worded agreement you don't have anything except perhaps the justice system which rarely works out in these cases. $20B were stollen in phone scams alone in the US last year, not recovered or insured, outside the insurance terms.

Because crypto is the first layer. It's like dealing with paper money and trades while living >200 years ago. Eventually "Trusted Institutions" will come along with insurance to keep your crypto safe for those with less risk tolerance.

The advantage then is that you get to choose how much control you want to give up for safety. Unlike the current system where you have to use these institutions to participate.

I think you're confusing "money" with "finance". Finance is about lending resources to carry out projects, whereas money is a means of exchanging things.

For fun I've been analyzing the contracts posted to r/CryptoMoonShots. Out of 20 posts 16 of them used the same contract; modulo names. This contract blocks everyone from removing funds but the owner.

How? Is it some complex chunk of code that requires a delicate hack?

No, not at all. There is literally a function with code, more or less, like: "If owner then OK here's all the funds". Anybody can check this in the contract. Yet people are dumping funds into these contracts. Even tho these contracts tend to only attract a few thousand dollars each. Well, costs next to nothing to create and spam.

A more detailed analysis of a similar contract to the one I've seen: https://cryptot3ddybear.gitlab.io/blog/posts/scam-explained-...

Typically the small amount of volume is by the contract owner attempting to pick up attention from momentum trading bots.

This type of contract made a killing a few months ago. Basically miners trade by sandwiching orders in the mempool. You can search the 'salmonella' contract for more info.


Link for the lazy, super interesting read.

Then it moves the security breach incentive to compromising the owner's keys, which is also usually pretty straightforward.

Another one _just_ happened... $10m. This time using the wrong variable.


What is the purpose of Solidity? Why did there need to be a new language for interacting with the Ethereum Virtual Machine? This really couldn't be accomplished by a python SDK?

Not an expert in solidity but from my limited experience EVM and smart contracts have really different approach when it comes to computation.

two things that come to my mind:

- There is really no random() function due to need for determinism

- Space vs. Time complexity is distorted, the gas you pay for instruction vs. byte is really different economics compared to AWS EC2 instance/hour etc.

Interesting, do you suggest any sources to read more about this?

Not sure about articles but I can recommend Crypto Kittens Tutorial[1].

It has been some time since I did it(Late 2018 I think), but was really informative to get the mindset and different constraints people deal with in smart contract world.

[1] https://www.cryptokitties.co/kitten-class/breeding/introduct...

What's the benefit? These are all human errors, easily reproducible in any language.

So none? Because I’d expect a langage custom built for smart contract to prevent or at least mitigate issues like mixing unrelated objects or never updating variables.

Solidity is a DSL. DSLs have their purposes and this happened to be a correct purpose. It just also happens to be that Solidity is a terribly designed language.

In what way is Solidity terribly designed?

Not an expert, but integer overflows getting silently truncated sounds pretty terrible. I understand there are safe arithmetic libraries, but overflow exceptions should have been built right into the VM

I agree. Thankfully, this was fixed in Solidity version 0.8 (released December 2020). Arithmetic operations now automatically revert on overflow/underflow, unless the programer explicitly wraps them in an "unchecked" block (sort of like how Rust supports "unsafe" blocks).

It's modelled after JS with the explicitly expressed intent to get web devs from JS to Solidity.

And it worked.

Except that it has all of the ergonomics of mid-2000s PHP and MySQL. Hah, this comment from a discussion here in 2017 also explicitly compares it to PHP of that era :)


tldr; there is. Also, Gavin wood the writer of the Solidity programming language left etheruem and founded polkadot, writting substrate and ink in the process.

Solidity is just a programming language to call functions and code on the blockchain. You can theoretically write it in any language but need to compile down to EVM at some point.

Solidity wasn't writting from the ground up to be safe and secure. There are a number of projects like vyper, which is a pythonesque language that compiles to the EVM. It's more centered around safety.

> Contacted Binance Authorities immediately to block the hacker(s) fund transfers

I don't understand this part. I thought crypto was decentralised and so nobody controls anything. Yet, this suggests the opposite... some entitiy somewhere can shut you out on a whim.

This is on the Binance chain which is a fork of Ethereum that is partially centralized. A lot of crypto purists refuse to use it for this reason.

Nobody can force you to do business with them. Binance can't stop the transaction they can just not do business with that person.

lol wrong. The validators can coordinate to make a transaction invalid on that blockchain. They wont though because of theyll lose a lot of confidence in their network, and users can exit their funds across the bridge very quickly.

That blockchain is controlled by 21 validators of which Binance itself is many.

They wont and dont block the transaction though. The bridges to other blockchains are very fast, and hacker would be prudent to move their funds immediately to a blockchain with greater security.

For the crypto currency layman this reads like an article from some other weird parallel universe.

You get the idea that the article is talking about money but the details seem crazy like a dream.

Someday some engineer working on these kinds of contracts will realize they can make a lot more money illegally by “accidentally” adding such bugs to the ecosystem then colluding with whoever exploits them.

Actually it’s probably already happening.

There’s been at least one smart contract with a “typo” of zero for O that allowed an “exit event”.

Makes you wonder how many incidents are inside jobs. Probably more than one would assume.

Yeah, this is the case for this specific contract. Could dump a large amount of proof but don't exactly need too much attention brought my way.

Not sure I follow the 'illegal' part. Code is law here, right?

As with the rest of the industry, mostly the solution here is just better vetting and static checking etc.

Why do ransomware when you can just find exploit and get away without having tainted crypto and also make much more $ too. Defi is such a big gift to hackers. Probably $100 million stolen total in past 2 year. These protocols and contracts are so complicated that such hacks are inevitable and more to come.

Moreover the "hacker" is simply doing something that is allowed by the contract so it's hard to argue that these hacks are even unlawful.

Yeah, that's my question with all this. I mean, ransomware is obviously illegal. Finding vulnerabilities in smart contracts - well, "the code is the contract", so the hacker is just executing the code as it was published.

I mean, the whole reason Ethereum Classic exists is because a subset of Ether folks felt that restoring the funds in the original DAO hack was contrary to the whole "the code is the contract" ethos.

Ignoring contract law (which would not blindly accept "the code is the contract", and people's ethos does not allow them to arbitrarily decide how contracts shall work in the country where they live), the fact that some action was explicitly written in a contract that was properly signed by everyone does not necessarily mean that the action was lawful.

For example, if you intentionally misrepresent what the contract means to deceive someone into signing a contract, then is fraud, and it also invalidates the contract. If the fraudster already got the money according to that (invalid) contract, no matter if it's cash or crypto, they possess it, but it's not lawfully theirs.

I mean, at its heart then you are really arguing than smart contracts shouldn't exist in the first place (I don't really disagree).

The entire reason that smart contracts exist is to get rid of the need for any trusted third party intermediary because (as proponents argue) all of the logic for the contract is completely embedded in the code.

If it then becomes necessary to say "The code is the contract, unless there's a bug, in which case we'll have some single or set of arbiters decide what the code was really supposed to do" then why have smart contracts at all, why not just go through a normal escrow process where there is an independent arbiter trusted to determine who "lawfully" deserves the funds.

I'm not necessarily arguing that smart contracts shouldn't exist in the first place - perhaps they have a valid future role in effectively and cheaply adjudicating small claims where currently it might not be worth to enforce a contract due to the effort and costs of the legal process; something vaguely like what arbitration was intended to be.

This use case would IMHO have a quite large market, and it would be perfectly compatible with those smart contracts having a proper (non-code) appeals process explicitly designed in the system - the benefit would be that the third party (arbiters, or state, or whatever) is not used in most cases, because that would be costly.

Again, though, in that case, as with many use cases where people like to yell "blockchain!!", just use some code running on top of a database.

Blockchain adds a ton of cost and complexity precisely because it is completely "autonomous" with no enhanced trust relationship for anyone. The second you have some people with an enhanced trust relationship, then the whole reason for using blockchain falls apart.

The premise that you can opt out of the laws in the jurisdiction that you're operating in seems faulty.

Smart contracts can let you enforce things that aren't enforceable otherwise, but they aren't going to let you avoid having things enforced through other means.

If Code is law then hard fork is also law. Otherwise those Ethereum classic people are saying that code is law but only the DSL of Solidity. Outside updatable Ethereum engine code is not law.

> If Code is law then hard fork is also law

Not at all. All crypto currency only has value because other people collectively choose to "believe" a certain chain. Usually there is global consensus of which chain is the "true" chain, but there have been many times in the past that one group has decided to follow a different fork for whatever reason. I mean, Bitcoin has Bitcoin, Bitcoin Cash and Bitcoin Gold. The value that gets allocated to a particular fork just depends on the number of other people that choose to follow that chain.

You were just giving me arbitrary facts after saying “no”. I get this feeling you don’t understand what I’m talking about. The biggest code is lowercase was after the Dao fork when Ethereum hard forked. The argument given by Therion classic people was that since code is law it’s unethical and incorrect to hard for the funds away from the hacker, because he now legitimately owns the stolen funds.

You could argue all hacking is just doing something that is (accidentally) allowed by the target system.

Not really, because the entire premise of smart contracts is that the code IS the only representation of the contract. In normal software systems there’s an intent and then an implementation. There’s no explicit guarantee they are identical, which is exactly why there are subsystems to allow e.g. refunds or transaction invalidations.

That premise is clear, proponents of smart contracts would like it to become true, but as of now that premise is simply not true anywhere in the world.

There may be obvious practical difficulties in identifying the counterparty and enforcing a judgement in them, but if that becomes possible (and if $10m is at stake, perhaps it might become possible, bounties, etc) then the argument that "code is the only representation, and this is what the code said, so this was lawful" is not valid, as it contradicts both contract law and fraud statutes.

But code is the only representation, like it or not. The smart contract is code and nothing else.

That's almost true - there often is also some out-of-bounds communication about that code before the smart contract is implemented, which can help establish intent, which matters a lot in resolving disputes about a contract.

But the actual contract terms between the parties and facts like is this contract valid at all, who owns what and who owes what to whom are ultimately determined by contract law, not by the smart contract, like it or not. The smart contract may determine possession of certain things, and in many cases it would be uncontested and there it has a purpose of just doing the contract settlement automatically, but as soon as there's a dispute, then the legal ownership and any claims would be settled according to contract law, not according to what the code says.

That's just ignoring the intent part.

Not only unlawful, but unknowable. Monero and other privacy focused coins contain no heads of address names. Once it's in monero, you can create a new wallet and send it there and no one would ever be the wiser.

Because finding exploits is competitive. Many teams do both operations, exploit hunting and malware.

This was REKT2. There is a REKT1 AND REKT3 as well.


Anyone heavily participating in DeFi considers this a cost of doing business in the cutting edge of new finance (which is a very debatable way of saying things).

It is surprising that people would entrust large amounts of money to Turing complete C-like programming languages in an environment where mistakes are irreversible. Surely you would want to use a language that makes it harder to accidentally introduce common vulnerabilities?

For example, considering contracts are likely to be state machines (and the error in this case is a state machine issue), maybe an explicitly state machine-oriented language design would be good? I'm not familiar with academic research in this area but I have used a real-world one before, Linden Scripting Language, which incidentally is also used for what you could call “smart contracts” involving money, albeit not in a cryptocurrency environment.

Why is this only on tezos? Is there some technical reason why tezos can use it but others can’t. I know tezos was basically born from theDao fallout, but, seems like maybe eth should think about standardization and verification too.

I dont know how hard it would be to port it to other platforms. Different Virtual machine.

Tezos uses a human readable stack based language as a low level represenation that is suited for formal proofs: https://tezos.gitlab.io/008/michelson.html

If archetype depends on that then its going to be hard to port but i dont think it does.

Another interesting project in development is https://juvix.org/ which targets more backends beside michelson like llvm and wasm. Might run on eth2/Ewasm.

There are also blockchain specific features like: https://medium.com/tqtezos/tickets-on-tezos-part-1-a7cad8cc7...

Looks like there are plenty of more DeFi hacks/internal fraud/incompetence https://www.rekt.news/leaderboard/

Setting aside the hacks, what good is DeFi anyhow for those outside crypto space?

Seems DeFi currently serve two main functions.

1. Crypto backed loans - main purpose being crypto speculation / possibly some dubious tax benefits

2. Decentralized exchanges - nice for those into crypto but not for Joe Sixpack.

If you specifically want to avoid speculation, you could also provide liquidity with stablecoins and collect fees from people trading against your liquidity.

For people outside the US, they could also get price exposure to US stocks with things like sAAPL, sGOOG, etc (synthetic assets that represent an underlying equity)

How do these synthetic assets implement tracking the original asset price? Are the assets still subject to the swings of the general crypto industry (e.g. BTC crashing pulls sGOOG down as well even though Google's real stock appreciates)?

For a protocol like Synthetix, I believe it uses price feeds provided by Chainlink. In principle, you can always redeem a token like sGOOG for the current price of GOOG on the regular stock market. In practice, there is some risk that an asset could lose its peg.


You could have said similar about the internet in 1990. It was an easily hackable network used only by geeks to share research papers and chat. Technologies start to help small niches and grow over time.

The DeFi space could eventually grow to replace any firm that acts as a middleman for digital trades: Robinhood, Wealth front etc.

This also shows how little security probing is performed on cryptocurrencies and smart contracts. It took over a month and a huge bounty to find the bug in this contract. The likelihood of finding bugs in other currencies and contracts is extremely high despite millions of dollars of value relying on it.

Most cryptocurrencies and smart contracts are copy and paste with little analysis of the underlying code. To the creators the incentive is to create something fast and without expending any extra effort. The losers are always the users who put their trust in the creators. An ideal open source decentralised system should allow the users to verify the claims of the creators but the reality is that the code and the systems around it are far too complex for any single person to be able to verify quickly.

Does anyone know of any organisations that can vet smart contracts and provide insurance in case they get hacked or fail in other ways?

even pro coders get hacked and make mistakes. normally, mistakes are inevitable and survivable, but crypto makes the stakes so much higher.

After reading a bit, not knowing WTH is being talked about, I did some searching. Because the author(s) of this article forgot what makes hypertext so powerful. (In fact, I think a lot of people have forgotten that. Don't be afraid to link things, people. Linking to something literally saves you the trouble of explaining it yourself. LINK MORE, PLEASE. I will click.)

So this is apparently about some stock market for cryptocurrencies, looks like? I think so.

The first few paragraphs of the analysis of the post-mortem contain so many new terms that I am never likely to trust anyone that pushes any type of cryptocurrency, ever. This is pretty clearly "The New Scam" type that is fashionable. People are regularly getting busted for the old fashioned pyramid scheme, so I guess something else needed to be invented.

This stuff is unregulated, prices are easily swayed by a few famous individuals or sometimes a lot of unknown people, en masse, and you can earn and lose real money by trading the stuff. Hard pass. This article just reinforces to me that my decision about that is correct.

I do not like telling people that their interests are bad, because I'm sure in some ways blockchain stuff is at least semi-useful. I mean there are other ways to provably make ledgers read-only, but whatever. I'm not trying to stir anyone up, is what I'm trying to say. Cryptocurrency is just so clearly not "on the level" in my eyes. Sorry. :(

>Because the author(s) of this article forgot what makes hypertext so powerful. (In fact, I think a lot of people have forgotten that. Don't be afraid to link things, people. Linking to something literally saves you the trouble of explaining it yourself. LINK MORE, PLEASE. I will click.)

This is a fine sentiment, but [you] [don't] [link] [every] [word] [in] [your] [sentence] to a dictionary website either, because you expect the reader to know English. In the same way it's perfectly fine to write an article with a target audience that understands the concepts being discussed. Not everything needs to be written for a general audience; this website is exclusively about cryptocurrency, and particularly dense with jargon and slang at that.

This is actually a bit amusing, because one of my favorite reading features on iPad is being able to click and hold on an arbitrary word to look it up.

Sure, the UI/UX of a traditional link isn't desirable, but I do want every word to be linkable to the dictionary.

You can copy-paste a word from the website into your search engine too. The website doesn't have to do anything. Just like the program you used on your iPad didn't do anything, it was the iPad providing the select-and-dictionary feature.

Sounds great as a feature of your client, not of every single site.

On the Mac too, you can just "force press" the touchpad on any word and a definition comes up. As a non-native English speaker, I use it quite a lot.

or highlight and ctrl+cmd+d :)

Firefox has an option for this in the right-click menu after selecting text (e.g. by double-clicking).

I'm pretty sure I've seen some of those ad afiliate javascript libraries that add links to words in a paragraphs back to some random website that used a matching keyword that looked very close to your example.

At least, way back before I started using blockers.

It's a poor speaker who blames the audience for not understanding.

Not every random reader of an article is in its intended audience. The audience the speaker is writing for understands the article fine.

It's a crypto news website. They're not going to link to basic crypto terms.

Your whole comment sounds like confirmation bias to me. You don't like crypto, therefore all the new terms you've never heard of must be bad stuff, everyone is out to scam people and crypto isn't "on the level".

Maybe it is, I don't know. But I do know that I'm not ever even going to dip a toe into cryptocurrency because of the personalities of the people who are heavily pushing it. I am not talking about you.

Everyone I know who is into this is very strongly into it, and they can never really explain why. Lots of non-specific sentiments emerge, and rather quickly, but no real this-changes-things-because-of-X details or explanation about anything. It's the same pattern I've seen from people who believe in psychic readings and Tarot cards, except those two groups can get very specific, it's just about imaginary things.

Age is a superpower. I have a few decades behind me. You see patterns in behavior, because people are not snowflakes, and incoming generations make the same mistakes the outgoing generations have made, and must learn the same lessons previous generations have learned. This generation is trying the things that the other generations already tried, etc. Some things change, but the fundamental things people try to do with their lives, those don't really change much generation to generation.

Experience is a good teacher. Now, maybe I'm wrong about cryptocurrency, I'll gladly admit that. And I would counter by saying that "I'm seeing the same broad strokes I've seen previously, with different names."

I’m not sure it’s been done before though. This crowd seems hell bent on replacing basic trust and civility with algorithms. As if if we could just eliminate morality the world would be better.

From what I know this has mostly been described in dystopian sci-fi before, not really tried in earnest.

Which personalities are you referring to?

I'm curious about what you've picked up as well. Like people not being able to explain why they're into it. Could you elaborate on those things a little bit?

The super "gung-ho about cryptocurrency" guys. They act a lot like they're selling you a car that they don't have any details about. It's great, it's awesome, it's everything you ever wanted, etc. It will make you look good, it will make you happier, it will make you more confident, and so on, but if you ask about anything other than what is printed on the sticker, they can't answer the question with any detail, and they deflect.

That's my (of course limited) experience with cryptocurrency advocates.

While this startup smart contract got hacked, there are plenty of reputable products in the space that have never been hacked and have upwards of $80 billion locked up right now: https://defipulse.com/

The top projects: Aave, Compound, Uniswap, etc. have been audited several times over, publish their smart contract source code for further review, offer millions of dollars in bug bounties and inherently the locked value acts as a giant bug bounty. I feel comfortable with these projects that have been around for several years now. But it is an open ecosystem and not all projects are created equal. You can also take out insurance for the biggest protocols for additional protection.

> You can also take out insurance for the biggest protocols for additional protection.

Then what's the point? I can already take out insurance in the "traditional" banking system (e.g. every checking account has FDIC).

A number of points:

1) Decentralized finance is extensible, pluggable, open, auditable, and non-custodial. This means, when you want to integrate, say a popular crypto money market like Aave into your application, you don't need Aave's permission. You can just have your application interact with Aave's smart contract. (https://aave.com/) 2) When a smart contract is properly engineered, you retain full 24/7 access to your funds with 100% uptime guaranteed by the base chain that it sits on (Ethereum in most cases). You do not get Robinhood-like situations where all of a sudden they turn the buy button off on some stock like what happened two months ago. 3) Everyone has access to the same information. It's all on the public blockchain. There are no backroom deals, it's all in open-source code on the chain. It's all auditable. 4) The yields on so-called stablecoins (cryptos that are pegged to some traditional currency, like USD) are higher on DeFi. You can earn 7 or 8% or more on DeFi, because you are effectively acting as your own peer-to-peer bank and lending out your funds directly to a collateralized third party.(https://compound.finance/) 5) Decentralized finance has already introduced things like decentralized exchanges, which allow people to crowdsource liquidity. You can earn a yield for participating in a liquidity pool on Uniswap, for example (https://uniswap.org/) 6) There are additional exciting applications in this space, it's currently undergoing a Cambrian explosion of activity similar to the early internet. I cannot explain all of this in a short-form HN response, but there's real value there. Real innovation that will change finance forever. If you want to learn more, please check out:

1) https://newsletter.thedefiant.io/ 2) https://newsletter.banklesshq.com/

One thing that I think is really big in DeFi is the idea of permissionless composability. Let me give you an example. Say you want to start a traditional fintech company that aggregates many existing banks to provide the best interest rate to the user. So it would basically move your money around between banks depending on where the best rate is the current day. This is basically impossible to build, there is very little ability to integrate into various banks, and even if you can, you need permission to do so.

However, you can build this on DeFi today quite easily (see yearn for an example), and you don't need to ask anyone for permission, you just hook things together. The smart contracts can move money around within DeFi based on algorithms that will find the best rate of return on various collateral coins. This is why people are calling it money legos. It allows rapid innovation from the edges, instead of the center, which is insanely powerful. I hope this inspires you to do more research.

Basically what this (and DeFi in general) is is a decentralised lending platform and "liquidity farm".

The lending part is relatively self-evident. You can pool funds together and the contract automatically issues loans when requested provided the user has X amount of collateral. Most "DeFi" lending basically acts like a margin for margin trading at the moment.

The liquidity farming however is a bit more practical. It's creating pools of liquidity for decentralised exchanges and various "cross-network" smart contracts to temporarily source coins out of.

There's a lot of dogfooding going on but the general system behind it is useful. It's just overly simplistic and the code lacks pretty much any scrutiny in a lot of these cases.

What happens if you don't pay back a DeFi loan?

In most cases it's bound to your collateral so if you don't pay back or the value of the collateral dips below some level, the loan is automatically reclaimed from your collateral.

A lot of the loans are 1:2, 1:4, or greater depending on what the currency it is being traded in is. If your total collateral dips below that multiple of the loan, you forfeit the value of the loan from your collateral plus some penalty fee.

I know this won't change your mind, but the reason you are seeing new terms is, because you're seeing the birth of new protocols. Pictures yourself in the early days of the internet and you want to learn about http and/or javascript (for example) - you would be overwhelmed with new terminology to concepts that didn't exist before like gui based web browsing. Crypto/Defi are this in many ways. Does that make it not a scam? Maybe, maybe not, but don't let the new terminology startle you.

The Internet was something new that provided new capabilities and new abilities to humanity with extremely high reliability, and at a scale that didn't exist prior to that.

Cryptocurrency doesn't provide any new capabilities at all. Money and trading existed before. Price fluctuations existed before. Markets existed before. Buying and selling existed before. But now, because it's so new, and because it's not technically money, but a virtual good, this is all unregulated and fertile ground for people who want to take advantage of others.

This is why it seems to me so much like a sales pitch to me when people talk about it. It seems very much like they need you to commit money in order to get anything out of the arrangement themselves. This is "Jebediah's Miracle Snake Oil" with a new name.

"Cryptocurrency doesn't provide any new capabilities at all."

The new capability that cryptocurrency provides is that money is now "programmable" it's a fusion between money and software.

Wether or not this is a benefit, is subjective, but IMO it's a humble beginning with epic potential.

A) Cryptocurrency is not money. It's not even a recognized currency. It's a virtual item. You can't hold it in your hand. When you spend it, it gets converted to the actual currency in your location and then THAT money is spent on the item you're buying. You don't buy anything with cryptocurrency, you only trade it for real money. Cryptocurrency is not money.

B) it's not programmable; it's an inert thing; proof of work or storage. Programs generate it according to rules that people set. (Real money is created according to rules that people set, as well, so it's "programmable" too, if you look at it in the same way.)

There is nothing new about cryptocurrency.

I could dump $1000 into bushels of corn and get the same exact effect. To grow corn you need to have space to grow it, fertile soil to grow it in, and you need to work, over time, to plant it, fertilize it, and to control pests and invasive weeds. At the end of the growing season, you harvest and you store the corn in a grain silo, and you wait for the price to go up to a point you're comfortable with before you sell it.

Same with wheat, soybeans, livestock, real-estate and so on. None of those things are currency, but at least they're tangible, and they can all be traded for money, just like cryptocurrency.

There is nothing new about cryptocurrency.

Here's another way of looking at it:

A - Of course it's not fiat money, but it doesn't need to be. The money in your bank account can be described as virtual too. Folks transact in crypto all the time for goods, services, and "conceptual" transactions like DeFi and NFTs. Maybe it's not widely adopted enough for you to buy a 6-pack of beer at the corner store, but that doesn't mean it's not money. The money in your bank account is just as virtual anyway by your definition. For example: I can't pay with Shekels at a Walmart in Iowa, but I can pay with my debit card and have the bank convert it to the currency in my location, etc...

B - When I say it's programmable money, I'm talking about things like the EVM. Calling it programmable money is reductionist sure, but in effect that's what it is. Cryptocurrency and dapps provide a platform for folks to have complex transactions. Just because you don't want to participate in those transactions doesn't mean others aren't, they clearly are. Also, this stuff doesn't need to fit the traditional definition of currency in order to be viable. To me, it's a distributed computing platform for the exchange of value. Maybe you think it's worse than what we have already, and that's fine, in many way it is, but that doesn't mean it doesn't have benefits of its own.

> prices are easily swayed by a few famous individuals or sometimes a lot of unknown people, en masse, and you can earn and lose real money by trading the stuff

Totally, this Gamestop stock market stuff is crazy. Oh, you were talking about cryptocurrencies?

Honestly, it sounds like the same people buying both to me.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact