Hacker News new | past | comments | ask | show | jobs | submit login
The collapse of the IRON stable coin (irony-97882.medium.com)
434 points by parsimoniousplb 40 days ago | hide | past | favorite | 484 comments

This has always been the problem with smart contracts. They are infact dumb contacts.

To program one you need to think about all the edge cases. The programmers here likely did want >0 here. The possibility that the thing feeding price data return zero incorrectly was higher than the price legitimately being zero in their minds.

There is no court or lawyer who can interpret the spirit of the contract.

> There is no court or lawyer who can interpret the spirit of the contract.

That's obviously the point, though. You are trading one set of risks for a completely different set of risks that might suit your use case much better; your counterparty being able to contest a contract in court could very well be a "bad" thing for you.

> That's obviously the point, though. You are trading one set of risks for a completely different set of risks.

But that's exactly the point.

People are not able to interpret "smart" contracts. For normal contracts most people can understand the contract and if there is a dispute you have laws and courts who can interpret in every case.

In case of "smart" contracts even the contract developers more often than not seem to not be able to understand all consequences.

So if we are trading one set of risks for another it kinda seems to me to be a a really shitty tradeoff.

Well, to be fair, people write legal contracts without fully understanding what they are writing all the time too. I do disagree that people understand them on most cases.

Things are better on consumer law because it assumes from the start that people are stupid and have no idea what they are doing. But other kinds of contracts have quite large security risks.

Yes, and when normal contracts don't (because they can't) anticipate every possible scenario, there is a meta layer on top of that to resolve edge cases.

In the case of a smart contract, it can even happen that both parties agree in how things should take place when there's a problem! But bad code doesn't work that way, and you can find yourself in a null state of indeterminacy without a built in layer to resolve that.

The entire evolution of legal jargon can be viewed as an attempt to provide a linguistic framework whereby ambiguity is minimized and edge cases are anticipated. But human interactions are chaotic and all outcomes or scenarios can never be predicted, hence the need for a layer of human judgement.

That layer is imperfect, sometimes wrong, sometimes biased, but still necessary. I don't see how smart contracts can work without that sort of layer, but with a human judgment layer then they're not really smart contracts in the way people want such contracts to function.

Trusting any smart contract of sufficient complexity is like trusting that a code base has absolutely zero bugs and zero unanticipated edge cases. I just don't see that as realistic.

If a programmer at a bank or exchanged should have coded ">=" then I want 1) for them to easily be able to act on their intentions instead of their mistake or 2) the ability to bring in a 3rd party to interpret and resolve the situation if #1 doesn't work out.

> Trusting any smart contract of sufficient complexity is like trusting that a code base has absolutely zero bugs and zero unanticipated edge cases. I just don't see that as realistic.

You can do this to some extent using formal verification. Most code doesn't get formally verified because it's kind of a pain to do, and you can usually fix bugs later, but smart contracts are the perfect candidate for it since they are (1) mission critical, (2) naturally limited in size and scope, and (3) cannot be fixed after the fact. You can write perfect code if you have the right tools and do it carefully.

Formal verification doesn’t help with bad assumptions that went into the design of the program.

That is absolutely true, but even legal contracts can't help you with bad assumptions that underpin the entire contract itself.

Yes, that's sort of what I mean though: you can't avoid mistakes like that, but with legal contracts there is mechanism to resolve that issue with hundreds of years of experience and benchmarks and mechanisms for figuring out how to hand these things. It's messy and imperfect, but there's no achieving perfection human affairs.

Smart contracts don't have a mechanism if this sort. If you have an issue with them as in this case with IRON, your best hope is that IRON will find a way to handle it that satisfies everyone (which may be hard) or that the normal legal system is able to resolve it.

Both of those kind of negate the purpose many people want smart contracts to have in being free of sovereign legal systems and, once implemented, automated without the need for human judgement that may be biased or bad etc, so no longer able to be trustless. At best they simply automate portions of a contract, which is still a very good thing, but not really what enthusiasts are hoping for.

But with legal contracts there is a baseline common sense of things that will not happen.

>You can write perfect code if you have the right tools and do it carefully.

Obviously you are not a programmer.

Is there something about formal verification of systems that I don't understand?

No automatic verification would flag misunderstood business logic

People make mistakes in their verification code the same way they make mistakes in their actual code.

There is something about this "business logic" that I don't understand:

>Because the TITAN price falls to 0 which we have unthought of, the contract will revert the redemption transaction.

> You can write perfect code if you have the right tools and do it carefully.

And you are DJB.

Regular contracts don't have a built in layer to resolve issues either. As you say, it's a meta later above this.

Laws still apply to things handled with smart contracts. You can't say "well sure the escrow contact did the wrong thing but it's code so you can't come after me for your money back".

I agree that right now the legal system still applies.

The problem is that lots of smart contract enthusiasts embrace them for the same reason they embrace crypto currency: they see it as a way to avoid government institutions that they do not want to have to work with or trust. In fact they want the entire contract to be trustless: agree to the terms, implement them in code, and and since the rest is automated you don't have to trust that the other party won't follow through.

I don't see how that can actually work in an automated fashion. Whether it's traditional government or some other legal system or analog, you need a resolution layer above contract layer, but at that point you've lost a lot if what enthusiasts want in smart contracts.

I trust the alarm on my phone to wake me up in the morning, even though it's been programmed by flawed human beings. It's possible to reach sufficient reliability despite our flaws and bugs.

"Sufficient Reliability" still needs mechanisms to resolve the rare issues that occur. A 5 9's system still needs resolutions for the 0.001% scenarios. In the case of your phone's alarm if your phone crashes, runs out of battery, app cache gets corrupted, whatever-- you can intervene with your human judgement to determine an appropriate resolution. What mechanism do smart contracts have for 0.001%?

Your phone's alarm is also not a critical transaction worth a person's life savings or the wealth of a country or a transaction involving life-critical supplies etc. The bar is a bit higher here, and even the most reliable systems ever designed have the ability to insert human judgement when the rare issue happens. Smart contracts are supposed to be appealing because they avoid the need for biased/imperfect judgement in favor of something "trustless", or at least that's the vision many see for them.

Contracts can also have hundreds or thousands of clauses, making "sufficient reliability" a much higher bar than an alarm clock. Especially because many of those clauses entail human concepts that would be extremely difficult to translate into code: What is the algorithm for determining "force majeur"? That's a pretty basic clause that appears in many contracts, but I don't know where you'd even begin to get a computer to understand & properly identify such events.

I don't see a pathway to sufficient reliability in smart contracts anywhere on the horizon, save for very simple cases. Even then, here we have IRON, which should have been relatively simple as these things go, but failed because the simple case of "Titan has no value" was not considered.

ex-lawyer here: I can confirm it is possible to write buggy conventional contracts; I have done so on numerous occasions. I have missed the odd ',', or simlar lexical slips, in a clause. Fortunately no rockets or stablecoins crashed as a result. And yes, a judge would resolve this to the sound of mocking laughter in the courtroom.

Isn't this why laywers' have to get indemnity insurance?

It is. Being sued for professional negligence is hurty & we earn by inflicting pain on others not getitng hurt ourselves. A static type checker/formal verifier for legal contracts would be worth serious money.

This is how ALL of Crypto works. A decentralized ledger means that you cannot call the CEO or CFO of the ledger and have a clearly fraudulent transfer revoked. That is the tradeoff.

Yes. Trading off hundreds of years of experience and judicial tradition and precedent for a brand new shiny (just trust us programmers) system.

If the former system were to be irretrievably corrupt, teetering on the edge of collapse, and the proposed replacement were capable of replacing it then it would be worthwhile.

The existing international financial system is corrupt, the judiciary in most of our world is complicit, but it is not on the edge of collapse (look how brilliantly it sailed through the 2008 crises. It used its political power to get the middle classes to bail out the super rich). The proposed replacement (cryptro currencies) has no support from cryptographers (I am not one) nor finance geeks (that I have been). It is even worse that that which it proposes to replace.

Additionally in most of the Western World we have the democratic institutions that can be put to use to fix the system. Economists are slowly coming around to recognising the catastrophic mess that the current system is, how it is sapping our vitality as a community, enriching the few (hi Unicorn founders - fly to Mars please) and impoverishing the middle classes.

We can fix this. But we have to give up on single fixes (like crypto). This requires modern system thinking....

> has no support from cryptographers

I am a PhD student in cryptography, and judging by the papers I've read there is plenty of support from cryptographers, many of whom are directly involved in research and development. Silvio Micali is practically a founder of modern cryptography (and Turing Award winner), and he co-created the blockchain Algorand. There is also plenty of opposition, as the subject elicits strong opinions, but the assertion that cryptocurrency has no support from cryptographers is just false.

True. The universally quantified statement "No cryptographers thing X" is almost certainly going to be false.

Hyperbole on my part, oops. Sorry about that.

I am not a cryptographer, but I do pay attention to cryptographers. Well, some cryptographers.

So thanks to your helpful comment I looked up Silvio Micali. He has rather faint endorsement, but endorsement it is.

In fact, I can think of nothing more profitable for a cryptographer than designing a better cryptocurrency.

The fundamentals are all wrong though. Money is, amoung other things, a web of trust. Trying to remove trust from it is taking away some of what makes it money.

I do not think there is a solution in this space that works economically or financially.

What we need is a unit of exchange that: holds its value reliably, allows a lot of transactions, has low over head, allows anonymous transactions.

A central bank could build a system that does the first four, but they have no incentive to do the last.

> It is even worse that that which it proposes to replace.

Aside from the vocal minority of BTC maxis that jerk off to the idea of making a crypto-revolution, no serious developer in crypto wants it to replace the existing systems and institutions. We "only" want to create an alternative for the times and places where the current institutions are insufficient or dysfunctional.

If the current financial system really can fix itself and become better than cryptocurrency through democracy, then I don't really get what it has to fear from cryptocurrency. Under that hypothetical, cryptocurrency would be inferior, nobody would use it and it would die out. Problem solves itself.

And as a member of the middle class, I personally think it's a feature that cryptocurrency can't be inflated to bail out the rich. If banks knew that they weren't going to get bailed out, they wouldn't have taken as many risks and we would have avoided the whole crisis in the first place.

Not sure big banks, brokers, etc. fear cryptocurrencies. They are already starting to happily make money of those and sell products around them. Banks worked happily in the past with decentralized/local currencies, for example.

The concern might be more on the policy and regulatory side of the world.

What I think a lot of people don't appreciate yet is that computationally decentralised systems can still have legal single points of failure.

Lots of chains have holding entities or foundations (nominally for governance, really to justify their premine or "reserves") and seem rather vulnerable, especially if they pay the core developers.

The CEO of that entity won't take your calls but they are absolutely exposed to the whims of the legal system in their founding jurisdiction.

Except when you can, e.g. the Ethereum DAO. Turns out crypto is just exchanging one shady cabal for an even shadier one.

No, not really. The Ethereum fork was successful because the majority of the users through absolutely decentralized consensus started following the forked chain.

Vitalik did not pass any legally binding decree to get people to comply, and the worst thing that happened to people who disagreed with the change? They got left to play with the other chain.

eh, for a regular financial contract you need lawyers and judges. There is plenty of counterintuitive law that burns people.

For this one you need programmers and computers.

On both cases, if you go in blind or wing it you might get burned.

Yep, and programmers only have a few decades instead of hundreds of years to have built up generational knowledge of pitfalls and best practices, and even then traditional systems get things wrong.

I'm not convinced that programmers and computers can bootstrap to that level of experience very quickly. I think a decade ago I was more optimistic on that possibility, but a decade of repeating history has made me a bit more pessimistic on that ability and cynical about the motives of most people involved.

most lucid comment yet.

> your counterparty being able to contest a contract in court could very well be a "bad" thing for you.

Evading the law (whether the court or a regulatory body such as the SEC [civil] or DOJ [criminal]) is typically a "bad thing" for the person or people intending to or successfully doing so.

https://www.sec.gov/spotlight/cybersecurity-enforcement-acti... (SEC Cyber Enforcement Actions, control-f "blockchain" | "crypto")

https://www.ropesgray.com/en/newsroom/alerts/2021/March/The-... (The CFTC Signals New Era in Enforcement of Cryptocurrency Trading with Action Against Antivirus Software Pioneer John McAfee)

https://www.jdsupra.com/legalnews/doj-activity-on-cryptocurr... (DOJ Activity on Cryptocurrency: A Six-Month Review)

https://www.reuters.com/world/us/us-court-authorizes-irs-see... (U.S. court authorizes IRS to seek identities of taxpayers who have used cryptocurrency)

Are you saying the only time a contract is disputed is when the other party is evading the law? Nobody abuses the legal system to screw over people without enough resources to fight in court?

I'm saying the legal system takes authority. A smart contract doesn't avoid or override that authority.


> Is A Smart Contract Always A Legal Contract?

> No. Because a smart contract is computer code, a smart contract may represent all, part, or none of a valid legal contract under U.S. law. Smart contracts function – in whole or in part – to give effect to legal contracts. Thus, smart contracts are the programmatic means by which some or all of the terms of the legal contract are performed. It is the underlying contractual terms that are given legal effect.

That legal contract and the contractual terms is what is evaluated and governed by the legal system. Smart contracts are fancy business logic snake oil salespeople are attempting to sell as the law of the land.

It's common for people to take mechanical/technological steps to make sure agreements will be respected when they know that if they just wrote a contract they could not rely on the legal system to enforce it in a reliable or economical manner. This is not necessarily bad.

When I get my car fixed at the mechanic, I am paying for the service but at no time do I transfer ownership to him. One procure we could follow is for him to do the repair, give me my car back, ask for payment, and then pursue me in court if I refuse to pay. But instead, the procedure is that he just keeps the car in his garage until I pay. (If I want to call the police to get my car back, I can, but now I have to explain to them why I'm not paying, and enforcement is much easier.) This forces me to respect the agreement we made - repairs in exchange for money - in a more robust way than any contract ever could.

Most places recognize something called a "mechanics lien" that means the police won't get your car back either. Workmen usually have a legal claim to property that they worked on and have not been paid for. Sometimes it requires specific paperwork (more often with real property, e.g. a contractor can place a lien on your house but usually needs you to agree to it before they start work) but often it's implicit. I guess my point here is that this is a scenario with specific legal backing that goes way back into history, which smart contracts don't really have.

Yes, of course the reality and usefulness of this particular mechanism has now been legally acknowledged and incorporated into the law in some (but not all) places. But mechanisms like this arise organically and are put to use long before they are officially recognized. I expect similar things to happen with smart contracts.

In other words: things you might call "evading the law" in fact can be useful and then shape the law. If we were to adopt a principle like "anything that looks like it's trying to evade the law must be dismantled", we'd be worse off.

Strange emphasis on 'now'. From wiki, "Mechanic's liens in their modern form were first conceived by Thomas Jefferson, to encourage construction in the new capital city of Washington. They were established by the Maryland General Assembly, of which the city of Washington was then a part.[1] However, it is not likely that Jefferson single-handedly dreamed up the idea.

At the time Jefferson promoted the law, a lien-like privilege already existed in civil law countries like France, the Dutch Republic and Spain, with some laws even tracing their roots to the Roman Empire. And since control of Louisiana had passed between the French and Spaniards, and had largely adopted the French Napoleonic Code, there was a similar privilege concept in that territory."

It's not strange at all because "now" does not assert "in the past few years" or something. It's just in contrast to when the technique was first developed.

Like, do you think there was a long-standing issue with people not paying their bills because the liens weren't enshrined in law, and a bunch of clever legislators got the brilliant idea to introduce it? No! It's been happening since before laws were written down, and the formal laws were crafted to fit this existing custom.

Maybe you are mistaking what a lien is. A lien isn't when someone takes possession until they are paid, but a legal debt attached to the object in which the person attaching the lien claims partial ownership of that property until the debt has been paid. It does not require possession of the object. A mechanic can place a lien on your house for no payment. It 100% exists in law and requires the debt to be written down.

> Smart contracts function – in whole or in part – to give effect to legal contracts.

Except when they don't, which is... most of the time?

It's true (and I would hope obvious) that a smart contract doesn't play like a legal contract, but aren't the vast majority of them intentionally doing things that are orthogonal to contract law?

Or irrelevant to it? You can buy Beeples all day but you still don't own a copyright, and this doesn't seem to be a problem for anyone.

Contracts, at least in my jurisdiction, can come in all forms and colours. Even purely verbal contracts are valid, in fact. Those are hard to enforce, with nothing written it is always he-said-she-said when it comes to disputes. So I would be surprised if "smart-contracts" couldn't be litigated if push comes to shove. No way avoid the legal system. And that is a good thing.

Depends on how strong the cryptography is, no?

Depends a lot more on how much you're able to leave no unencrypted evidence.

Not quite sure what you're saying, that you expect the DOJ to somehow overturn the judgements of smart contracts, with possibly anonymous participants or participants outside of the DOJ's jurisdiction?

I think the point is more that if you owe $200M to someone, a court is unlikely to accept "it's irreversibly stuck in a smart contract" as an out.

I am against smart contracts because we do not know how to write software in that way. I like how they sparked a formal verification Renaissance of sorts but that did not help much either unfortunately (if the premise is wrong, no amount of proof will save you anyway).

However, if you let all parties review the smart contract (the source is on the chain, you can check it) and agree with it's workings and sign a 'human' contract saying you do agree and then it goes wrong, I think it should be an out. We do not have proper ways to sue for misbehaving software (it happens all the time but MSFT is climbing higher and higher): this is easier to verify but we are adults here: if you agree to put money in smart contracts, you should have verified the code. And if you think the code is flawed, do not put money: otherwise do not complain afterwards. It is not that hard.

> but we are adults here: if you agree to put money in smart contracts, you should have verified the code. And if you think the code is flawed, do not put money: otherwise do not complain afterwards. It is not that hard.

That's not how it works. Courts generally operate by ambiguous standard of what reasonable people and reasonable experts can actually do given the state of technology.

No reasonable software engineer can tell you that a piece of code is flawless. I don't think courts will agree on a system that has been shown through evidence to be highly flawed.

Sure, that will depend on the courts and specific case, as it seems it works exactly like this mostly. But if you inspected the code yourself and you put your money in anyway and it is gone, you might find that the court will not do anything at all. And who can you shout at then, the moon? I am saying that smart contracts are a special case: they are small pieces of code, if they have a bug, it usually causes major damage and, if they run on the eth chain etc and no one took public responsibility for deploying it, there is no one to sue. We have no way to write this type of bombs without flaws as you rightly say and because of the irrevocable damage and the lack of defendant in most cases, these contracts should not be used at all.

There are already (many) cases like this, but if I write some software and put it in github, someone else deploys it and people die; that is simply not my fault: it is the deploying person. In normal situations, this is easy to find the defendant here: but on the chain, you won't be able to: anyone can deploy anything and you won't know who it was. So unless you to end open source software, you have no case against anyone.

This reminds me of the Toyota Prius (and other models') un-commanded acceleration problem. Should car buyers examine Toyota's code, or should they assume that the gas and brake pedals work as expected?

It's not reasonable to expect software users (even other developer users) to understand or audit code in order to be able to use software -- for anything.

Yes, but not in case of smart contracts is the point. Prius it's source is not open and cannot be audited and is, definitely installed by Toyota. So Toyota is responsible. Smart contracts have none of this.

They are open source by definition and no one knows, by definition, who deployed them. It is a very different case.

The author of the code and/or its publisher are always responsible for software quality, not the users.

The fact that other people could audit the software does not absolve the original authors of the fact that they didn't.

Sigh. If this were the case, all open source is doomed. You are responsible if you deploy/offer it, not if you only wrote it. And the point is, in smart contracts, you will not normally know who deployed it.

If you put on github

Return x>0;

And I deploy this in a production environment that kills people with heart rate over 0, do you have any responsibility? No of course not. I do. You have none.

In short: if you put money into something as smart contracts, the only thing you have, and that is literally the intention of the pundits, is that you check the contracts and trust or not trust them. I do not know how this crosses over to other software that has different properties in this thread. That is not relevant. There is no one to sue or say they did a bad job here: you will not know. That is baked in.

As a career developer of more than 30 years, I still take the viewpoint that the person who wrote the code and/or approved it (both = developers) are 100% responsible for all bugs.

As I mentioned earlier in this thread, there is no such thing as bug-free software (even for devices that kill people, as you point out), because bug-free software is categorically impossible within comp sci.

Knowing this comes with great responsibility, even more so when dealing with life... or finances. The developers of this software, as is the case with Solidity and smart contracts in general, have foregone this responsibility.

Another egregious failing of all crypto schemes which I'm compelled to point out is that they fail to use any of their enormous profits to actually fix bugs.

When I was mainframe developer at IBM, the company spent millions of dollars (taken from clients, of course) to find and fix bugs. They paid people good money, including yours truly, for that work.

Today's crypto companies have no such ethics. They (Mr. Buterin, I'm looking at you) have no compunctions after profiting windfalls from their software inventions to actually invest in debugging or fix distribution (or even real error reporting) for the customers. Likewise, they ignore all the UI aspects (and problems) that their inventions have birthed.

This is not responsible software development. It leads to problems like IRON and others in the crypto space. As I said, it is the exact opposite of how, historically, important enterprise software development is done.

It's only for selfish reasons (= money hoarding) that crypto projects don't hire the best auditors and coders in the world to fix their code. They can certainly afford them.

Seems we are similar ages: I am 30+ years into commercial dev as well. I started with the Dijkstra school of development (under pupils of Dijkstra which my father is one) and found that this is not helping. I like it but more intellectually than anything else. I went more the Arthur Whitney way of practical computing without waste.

I vehemently disagree that just writing code makes your responsible for it's use. We are so bad at writing good code that all programmers would be living on the streets or in jail. And that is not malice, just how little we understand or underestimate complexity. Which becomes apparent if you indeed try to create some formal proof and give up after 30 pages.

I also believe your last statement does not recognize the vast issue there is with the smart contract world: I am more of the school of Erlang/OTP: just let it crash these days. If you cannot correct a state, we cannot write software for it. No matter the proofs and auditing. If we cannot correct an erroneous state, we are not capable of writing software in that system. And that is smart contracts. Not space craft where we often can upload a patch and steer the other way, not cars where we detect a deviation and correct it. Smart contracts are: if it's done it is irreversible and there are no programmers, provers or auditors who can predict or prevent that. Rollback must exist or this all will go to shit. Which is what will happen.

Edit: I actually do not believe cryptocurrencies have a chance unless there is rollback (something like refunds without merchant consent). I just cannot see what rollback means in this context: I read papers with scifi type of stories how this would work but it does not mesh with cryptocurrency obviously otherwise.

While we disagree on who is responsible for code, I do think we are saying the same thing about cryptos. If you can't fix software later, you're doomed because it all has problems.

Likewise, humans make mistakes in transactions and if they can't be undone... problems.

EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs.

> Likewise, humans make mistakes in transactions and if they can't be undone... problems

But that is saying everything is shit. I do not disagree but I do live in this world.

> EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs

I got that but what would it look like? In practice? As that seems impossible to me.

I'm not saying most transactions are wrong, but some are. So transactions may need to be corrected, just like code. And, in practice, they often are.

In practice, software companies take responsibility for bugs in three ways today, based on their business model.

Old line companies like IBM paid millions of dollars for people and tools to find and fix bugs and to distribute the fixes to customers. IBM did not wait for you to tell them you had a bug. Their system could tell you if you had a bug that someone else reported. And IBM would ship you a custom tape which fixed that bug and didn't break the rest of your software. Let's call that The Gold Standard. With money, it's certainly possible.

Option 2 is a company like Red Hat. Unironically, IBM bought Red Hat. The reason that, while open source gives you the option to look at the code, most companies don't really want to do that. In other words, Ford could make a lot more money focusing on making cars than they can by hiring people to find and fix bugs in (free) Linux software. Voila! Red Hat offers bug fixing and finding (and a plethora of other things enterprise customers don't want to setup) for a hefty subscription fee. Red Hat has many service offerings in the $10,000/month+ range. Once again, if you pay people, you can find and fix bugs.

Finally, option 3 is a company like Google. They don't really care if anyone else can get open source software to work. But... and this is a big but... they need it to work for themselves. Having built a very lucrative empire on open source (Android, for example), Google cannot afford to wait for "the community" to find and fix bugs. They must pay people and they must pay them well. And, this they do. So while the free open source isn't directly monetized by Google, it's worth their while to pay to keep it up to date and correct. Other companies like Netflix do the same thing.

So there are three ways you can do it today.

What irks me about projects like Ethereum is that, having all these real world models out there, its founder doesn't seem interested in finding or fixing bugs at all. He is relying on "the community" (we know that doesn't work, see #3) and not spending any of his own money on debugging or fixes. In all the real cases where you want fixes to happen (and you want CI/CD to get them to customers), "you", being the publisher or heavy user of such software, must pay.

That's what I mean about responsibility. It's where the buck stops.

I think we are in agreement and the implementations that can fullfil so what remains is: how can you find the person or group responsible for fixing or getting sued in blockchain land? I can put some malicious code on the eth chain: how will you find it was me. And that is with intent.

But we agree and I will reiterate: without rollback, current human coders cannot write reliable software. So in it's current state, smart contracts are a utopia and no one should trust them, with or without code audit. But if you still want to play a lottery of humanity vs complexity, read the code, think hard and put or not put your money. If you put your money, do not whine after you lost it. You might as well shout at your toilet for the same endresult.

Sure, but if you both sign a legal contract to obey the outcome of the smart contract then no one owes anything, because the smart contract says that the $200M is gone.

Obviously this doesn't allow you get around laws such as warranties but I don't see why it can't be used if everyone agrees to it.

A valid contract requires a meeting of minds such that inserting something designed to trick the other party inside a contract is pretty much always invalid.

If you sign a contract to abide by a smart contract that was designed in bad faith or misrepresented I fail to see how that's any different.

Even valid contracts are bound by the law. E.G. you can't sell yourself into slavery. Similarly, a smart contract can be a tool to execute the terms of a legal contract, but if it behaves in a way that would be illegal under a traditional contract I doubt any court in the US or Europe is going to recognize that as legal.

I admit enforcement is another issue entirely though.

That's not how US civil courts work. If a contract is flawed then a judgment can be rendered based on intent, equity, and other factors. There are centuries of common law precedent for this. The existence of blockchains and "smart" contracts changes nothing.

In some cases, perhaps, but not all.

Fraud, for example, isn't legal even if you have a cleverly crafted contract that uses wording tricks to technically be true.

I would expect a court to take a dim view of a smart contract that has an obfuscated, non-obvious mechanism for someone to siphon off all the money in an undisclosed fashion. "Code is law", but so's "you can't defraud people".

Where’s the part where anybody defrauded anybody? This was clearly incompetence that benefited nobody (certainly the developers would rather not have TITAN implode and all of this USDC locked in a contract...). Embarrassing yes. Fraud? Pretty clearly no

It's an example of a scenario where you can't sign certain rights away. Not specific to TITAN.

How can it be "locked"? Can't they deploy a protocol update to the members of the compute pool?

Depends on how you write the contract. If you make a smart contract unilaterally updatable, then it's no longer decentralized and trustless, because people with admin rights can plunder it, or can be extorted, or compelled by authorities to turn over the capital.

> Sure, but if you both sign a legal contract to obey the outcome of the smart contract then no one owes anything,

You are begging the question by presupposing that for every smart contract there could be a possible legal contract that can bind the people who sign it to the results of the smart contract.

If a smart contract is illegal, then any written contract that binds people to the results of that contract would be similarly illegal.

Contracts can be unenforceable for reasons that might not be obvious to people who don't do contract law, as well. For example, the concept of consideration is not especially obvious, that contracts are often not enforceable if both parties do not receive consideration, which leads to things like peppercorn payments. I know about that as a layman but a contract attorney would know of many more non-obvious things that must be checked out to avoid having problems actually enforcing the contract. It seems like it would be very, very easy to produce a smart contract which a court would later determine was not enforceable in the first place, and perhaps order reversal of payments or other things.

For one, as a general concept the parties to the contract need to actually understand the terms and courts will somewhat regularly throw a contract out if they think there were implications that were not apparent to one of the parties. Smart contracts seem like absolute minefields for this kind of problem.

Yeah, consulting a lawyer before drawing up an important contract is usually a very good idea for precisely these reasons. You can probably make small adjustments to a boilerplate without doing so, but that always adds atleast a little risk.

A very obvious example: in most jurisdictions, a contract signed by a minor can be rendered null and void by that minor (or their legal guardian) at any time.

... and a small band of programmers quietly sneak out of the room ...

If your mechanic installs the tires in the passenger cabin, no one cares about the mechanics' lien. Depending on the judge they might not even care about the fine print on the back of the invoice, because installing tires in the passenger compartment is that dumb.

Sure, I don't disagree with that. For example, defrauding someone with a smart contract obviously doesn't offer the scammer legal protections.

Who defines fraud if the contract is contested?

Depends on which jurisdiction alleged fraud happens in. If the parties are anonymous or in "difficult" jurisdictions, it will be pretty difficult.

Fraudulent or not, though, you have a pretty heavy layer of protection as the money has already been transferred, and that money is not easy (close to impossible) to freeze.

Any reversal that happens will be necessarily by a threat outside the blockchain, as the governing body can't actually reverse the transaction. It's a second transaction.

The courts.

> I'm saying the legal system takes authority. A smart contract doesn't avoid or override that authority.

On a blockchain, this is absolutely false. The nodes interpret smart contracts. The "legal system" needs to be applied by some kind of oracle or by force to a node operator.

Smart contracts are authoritative in their native environment.

> The "legal system" needs to be applied by some kind of oracle or by force to a node operator.

Yes, this is usually how it's done. Business logic is not a legal authority.

This is a strange statement. It's like saying that a forloop isn't authoritative because it hasn't been approved by a court.

"Legal authority" isn't a well-defined object in the evaluation of smart contracts. It is certainly not an authority in the sense that the EVM (or, for other blockchains, corresponding VM) code is.

Is this really a surprise? Nodes don't evaluate common law, they evaluate smart contracts.

That's one of the reasons for enthusiasm for blockchain tech. Not everyone believes in the legitimacy of the state, let alone that the legal system is somehow the proper authority for evaluation of disambigous source code.

>Not everyone believes in the legitimacy of the state, let alone that the legal system is somehow the proper authority for evaluation of disambigous source code.

This is something that I haven't been able to figure out about blockchain enthusiasts. Assuming the blockchain is wildly successful, it poses an inherent threat to the ability of the modern state to collect taxes. Why do blockchain enthusiasts, who already don't think the state is legitimate, not take the logical next step. A potentially existential threat illegitimate parties that have large militaries will end well for the blockchain how? To put it more glibly, how many divisions has bitcoin?

The key thing here is that nobody can force you to pay your taxes. If you refuse to pay you can be arrested and/or go to jail but the change here is that you can't force someone to give you money but you can compel them to.

I like to see cryptocurrency and crypto-assets as a pseudo force of nature. It's not really possible for governments to stop them and they pretty fundamentally change the game for most governments. I personally believe the result of this will be a shift to geoist taxes where taxes are paid on properties or paid by corporations.

The internet requires a bunch of physical infrastructure to operate and crypto requires use of that physical infrastructure. Physical infrastructure is definitely controllable by governments if they so desire. The CEO of Comcast isn't going to go to jail to ensure that Bitcoin is accessible to the average user of their network.

Sure they may try but I don't see how they could make Bitcoin any less accessible than Bittorrent is nowadays. Doubly so considering that if this was to become a legitimate issue cryptocurrencies could just update their peer discovery mechanisms to minimise the meaningful damage that governments or ISPs could do.

The cat is out of the bag and unless governments want to start seriously pushing into authoritarian territory there's very little they can do to stop it. Could China kill cryptocurrencies within their borders? Probably. Now could the US or countries within the EU? Probably not. Particularly in the US I can't see this ever happening. It's too close to infringements upon the first amendment that I can't see any meaningful legislation or regulations sticking.

Or to paraphrase a US president (Andrew Jackson) when he didn't like a Supreme Court ruling, "make me. Oh right, you don't have an army. I do."

Isn't this ultimately a 'might makes right' argument?

If you believe taxation is theft, and that governments are illegitimate, I just don't understand how you can go from that belief to "but if I do this one weird trick the people who threaten to use armed force to collect my taxes won't find some way to compel me".

I don't think it's a weird trick. Call me naive, but I think that there are plenty of statesmen (and -women obviously) who can see the writing on the wall and realize that their capacity to control reality doesn't extend to the ends of the universe.

The emergence of the internet is an incredible happening for humanity, and the gamble that the relic of the state will somehow cork it is probably not a wise one.

Nobody wants war - even the war profiteers don't want it in their hearts. Nobody wants violence or insecurity. At the end of the day, we're all here together on this little blue ball and we have to share power with each other and with nature.

To the extent that the internet is a phenomenon of nature - which I think it's a very reasonable view - it's hardly a "weird trick".

In the real world, “right” is only an argument used to help convince other people to use their “might” to support your side of the argument. Physical force always beats morality.

Not believing in the legitimacy of the state is like not believing in the gravity.

Parties to a contract exist in jurisdictions that do not see things this way, and even block chains are rooted in some form on physical media in legal jurisdictions.

In the case if IRON, the 0.75 in actual money exists somewhere, a bank presumably. Wherever that is, the jurisdiction might be friendly for IRON, or not, but there is in a very real sense no pure native environment for smart contracts. At a minimum, the parties involved will always exist in a physical legal sovereign jurisdiction that regards it's own authority as higher than the smart contract and has some ability-- perhaps limited, perhaps extensive-- to enforce that authority.

They said "typically", so they aren't saying it's true in all cases, but generally when a person is trying to evade some legal authority, it's probably not for reasons good for society.

They are trading one legal authority for another, and this is agreed upon up front. Both parties agree that the code is the legal authority before entering into a contract, which is much different from evading authority after the fact.

> but generally when a person is trying to evade some legal authority, it's probably not for reasons good for society

Reminds me of the "nothing to hide" argument, that only someone trying to commit a crime would need or want protection from the legal system. History paints a different picture.

Courts remain the legal authority, you cannot trade on for other unless provided by law (as in statute), and then it is back again to the courts to interpret. What did both parties really agree to? IANAL, but intentions and assumptions of the parties can matter - for example, quite a few things you cannot waive in some places, irrespective of what you agree or not.

I don't know. I'm not a lawyer, but I recall that when it comes to contracts, they often allow you to waive protections that the law would normally give you (e.g., specifying that conflict is resolved with arbitration) if both parties agree to it.

In the case of smart contracts, where both parties (if I understand it right?) agree that the code defines the contract itself, it seems like saying "... but I made a mistake" (or it has an error) would be very hard to prove. It would be like if you had written in a 3 year no-questions-asked return period into a car contract, rather than a 3 day one, and then tried to litigate when someone actually used that.

> hey often allow you to waive protections ... if both parties agree to it.

This is not really generalizable. Arbitration clauses for example waive one method of recourse in favor of another method of recourse, both already accepted by the courts. I expect you couldn't replace that with trial by combat and expect it to hold in court, but you might be able to argue that a different resolution process with historical precedent would hold - at least you could test it in court.

I'm not particularly knowledgeable on the topic, but there are all sorts of religious courts (at least in the US). Generally they coexist with the secular legal system.


Yes that's true, but again it's a case where (a) both parties agreed to (b) a recognized form of resolution, in this case mediation - you can do this with a secular mediator also. In general they don't "coexist" so much as they are subsumed within, as allowable forms of resolution, within prescribed bounds.

Important to note that the courts already recognize and/or have precedence for this, and also there are limits to what you can shift here. Finally if the resolution process is not acceptable to one party there are ways to bump it back to the courts.

None of this applies to "smart contracts", which aren't contracts in the legals sense anyway. There is no (yet?) agreement by the courts that this is a valid resolution method, and any issues of contractual law brought before a civil court will be resolved by legal principles, not source code. I suspect that the best you could hope for in the current setting is that the source code + associated communications speaks to intent.

There's no reason to believe that it is impossible that US courts and/or legislation would at some point give some legal status to a smart contract beyond above, but that's not the case today as far I know.

There are certain rights you can't waive. But that aside, the issue at hand is what happens when there is a mistake in the smart contract, unintended by either party? Who decides what happens? In this case IRON could even hypothetically claim (true or not) "nope, not a bug, the contract will stay in it's null indeterminate state, and in the meantime we'll be using that USDC as collateral for 30-year US treasury bonds. 2% isn't much, but it sure does add up nicely on $250+ million."

Or something like that. I doubt that's how it will go down here, but it will take a human judgement call or agreement-- not a coded contract-- to resolve this.

You can amend some legal requirements, but certainly not all. There are many, many restrictions on the types of contracts that are legally enforceable.

> but I made a mistake" (or it has an error) would be very hard to prove

I don't think it would be that hard to prove that the implementation of a smart contract doesn't match the clear intent. The bigger issue isn't the disputability of the contract, but the difficulty of identifing who you would take to court.

That is somewhat a US/Common Law perspective, in places with codified civil law might be tougher/different (but again, IANAL - just from experience doing complex contracts)

>They are trading one legal authority for another, and this is agreed upon up front. Both parties agree that the code is the legal authority before entering into a contract, which is much different from evading authority after the fact.

The parties might "agree", but who cares? If they are in the US, for example, and the two parties have a smart contract that breaks US contract law, one of the parties can file a lawsuit and attempt to get their money back. You can't go to the judge and say "sorry, the code is the legal authority here".

Yeah I agree with that. Once the contract has executed, enforcement actions can certainly happen in meatspace. But do you not see the difference between:

1. A normal contract (legal or illegal) that requires outside enforcement in the first place to force parties to comply.

2. A smart contract (legal or illegal) that executes itself without outside enforcement and can be overturned later (not literally overturned, but a subsequent transaction can be forced) by meatspace mechanisms

The vast majority of contracts in (1) does not need enforcing, because it is in both parties interest (at least long-term) to perform. Yes, there is implicit enforcement to some extent, but then "non-society" which don't even have that are not pretty places to be.

On (2), sure we can find ways to have the execution fail. In fact, anything where there is not fully escrowed payment/collateral/etc. can fail to execute properly if the other side does have not what it needs to deliver/or does not make it available on chain.

> The vast majority of contracts in (1) does not need enforcing

Of course, people are very careful prior to entering those contracts, because they know how big of a headache it will be if enforcement is needed!

> In fact, anything where there is not fully escrowed payment/collateral/etc. can fail to execute properly if the other side does have not what it needs to deliver/or does not make it available on chain.

Well, sure, if you write a contract that makes it possible for one side not to pay up, then that might happen. Having software run escrow is basically the whole point..

Most contracts are so basic as to be invisible, so no, people are not very careful when they buy a chocolate bar, for example

If you want smart contracts to be only applicable to very narrow sets of problems so be it, but otherwise you need to be able to allow, for example, unsecured lending and highly uncertain payoffs at T0 (staying in the finance domain)

> people are not very careful when they buy a chocolate bar

Ok..sure, but I think it's sort of pedantic to bring up a class of contract that, obviously, nobody in this thread is talking about. It's a bad example anyway; even if you are being pretty careful it's simply not a risky transaction and therefor out of scope for complicated enforcement mechanisms like smart contracts.

I don't think smart contracts are very well suited to unsecured lending, at least not with available software. There would be no incentive to pay it back without some mechanism to force collections. Collateralized loans, however, is a great use case that exists already.

This is early stage tech, the scope is pretty small. I don't think anybody is arguing the contrary.

Freedom of contract is pretty well respected in the US, there are very few exceptions where carve outs are made where people are not allowed to contract freely. So its not clear what a “smart contract that breaks US contract law would be”, its much more likely for a smart contract to be a outright scam or illegal though, in which case good luck finding the funds or whom to sue.

Agreeing the code is the legal authority means implicitly believing the code is perfect: no bugs, no unanticipated edge cases. Which is just not realistic. So when they arise, who decides what happens?

> Evading the law (whether the court or a regulatory body such as the SEC [civil] or DOJ [criminal]) is typically a "bad thing" for the person or people intending to or successfully doing so.

Oh wow. If only this were true. If only they were so diligent in punishing other kinds of things.

Here's something I read recently, from the aftermath of the Libor scandal: https://www.sec.gov/news/statement/stein-waivers-granted-dis... . Really highlights how crazy this whole thing is and how there are really two qualitatively different classes with two different sets of rules in our society.

I think the gp just meant that when a person comes to the attention of courts and regulatory bodies, that the person had the intention of evading these authorities will taken badly by them and likely result in more sanctions than just what would happen for breaking the various rules.

All the different ways people evade authorities is a large topic. But, you're right, friends in high places help.

Nonsense. There's severe punishment for acts that demonstrate clear malice (e.g. violence, possession of substances well-known to be illegal) and light punishment for ambiguous cases (making a subjective judgement call in a particular way), at every level of society. If anything the error is in the other direction - legislation that requires people to make subjective noisy judgments and get them right is futile and absurd.

Nope. Clear malice was proven beyond doubt in Libor fixing, in credits ratings fixing in the leadup to 2008, etc.

There's severe punishment for crimes committed by regular people, and no punishment for crimes committed by wealthy people, even if all things considered the latter manage to harm millions of people with their actions.

> Clear malice was proven beyond doubt in Libor fixing

Where? As far as I saw there was one bank that thought it was obeying a discreet request from the government, and a bunch of banks where traders said usual trader nonsense (which is "malicious" in a sense, but it's very much part of the norms and culture of trading and the expected functioning of a market, just like a good lawyer should make their case as strongly as possible regardless of their personal beliefs about what happened).

> even if all things considered the latter manage to harm millions of people with their actions.

Who was harmed? If there was any effect of Libor fixing, it was likely that people paid slightly lower interest rates on their mortgages.

> You are trading one set of risks for a completely different set of risks that might suit your use case much better; your counterparty being able to contest a contract in court could very well be a "bad" thing for you.

There is no trade of risks. The judicial system is still going to assert their authority over contracts. Your counterparty will still be able to contest a contract in court. The guys with guns the court sends out to enforce their verdict are not going to be impressed with "code is the contract" and "blockchain". They will lead you to a (jail cell) block in chains (handcuffs) if you try to defy the court order.

Instead you are trading specification of contracts in a legal language where there has been centuries of experience in writing and interpreting those contracts, for specifying the contract in a new language that is still evolving and where there is not a whole lot of legal precedent on how to interpret them and how to resolve bugs.

These "smart contracts" are not decreasing your risk, but rather increasing it.

Some chains/coins are backed and developed by fairly well defined "legal entities" (presumably for reasons related to securities law). I am waiting with popcorn in hand for the day someone loses money via smart contract and then takes the entity behind the chain to court to overturn it.

(We've seen disastrous bugs overturned by community-consensus hard fork but not to my knowledge by court order). Not yet, but it seems inevitable.

> Some chains/coins are backed and developed by fairly well defined "legal entities" (presumably for reaso). I am waiting with popcorn in hand for the day someone loses money via smart contract and then takes the entity behind the chain to court to overturn it.

I would very much like to see regulators purposely engage in these activities, and then directly pursue those within their reach. There's no reason to wait for more citizen victims when the model is proven and the government has the resources to set the stage to demonstrate the failure scenario. This is simply a more elaborate sting versus putting a car on the street to be boosted.

Anyone interested in codified risk should read about rai stones.

Bad news for you, then… your counterparty can’t still bring you to court.

Also, if the price of TITAN is 0, then you really can't pay out 25 cents worth of it... It does seem correct that the contract should handle such a case differently than just trying to pay you out UNDEFINED DIVIDE BY ZERO ERROR count of TITAN

You just hit the nail on the head. I did not think about that.

This is the true reason they needed to special case <=0.

If you think about it, the special case should give holders the option to withdraw the 74c of USDC without any TITAN.

Clearly the programmers didn't fully think though what would would happen if TITAN reached and got stuck at zero value.

This is what I was thinking. It should be decoupled. Here are the rules for how many USDC you get and here are the conditions for your TITANs. On the TITAN there should have been a condition for over zero, and a totally separate condition/case for zero… or less than or equal to zero since we’re working on edge cases no one considered.

I've been saying for a very long time now to anyone who chooses to listen that a contract itself is a human construct - it is both temporal and physical and has location to be relevant and useful. Without all of those properties a contract ceases to useful to a human being under all edge cases.

So it is, in fact, a dumb contract. Humans want contracts that make them whole at the end of the day, that's the point of the contract: jurisdiction over the human realm.

How is that thing you've been saying relevant here or how does it lead to your 2nd paragraph? Smart contracts meet all your requirements for a contract just as PDF contracts do.

I believe the point the poster was making is that "smart contract" is a misnomer and contracts comprised of code should be more realistically called "dumb contracts" since they lack the intelligence to understand and compensate for context and intent.

They really shouldn't be called contracts at all, since intent ("meeting of the minds") is a fundamental part of contract law.

Imagine for example if a mortgage contract contained some bizarre inscrutable loophole that as-written would give the first 3rd party to notice it total control over over the house.

This would of course be laughed out of court because that part of the contract wouldn't be enforcable under contract law.

"Code is law" is more accurately written as "code is not law at all".

> They really shouldn't be called contracts at all, since intent ("meeting of the minds") is a fundamental part of contract law.

That's a really good point. They are arguably neither "smart" nor "contracts". Maybe a better term is "automated blockchain agents" or something similar?

It's a perfectly correct term. They're smart because they do some computation, just like a smart speaker or smart phone. They're contracts because they're an agreement between parties. Not legal contracts, but neither are OOP contracts or social contracts or any other kinds of contract.

I guess I can see your point, but I think the usage of "smart" to describe consumer electronics with computational capabilities is a very different usage. Contracts are not "dumb" technologies that are being "enhanced" with computation; contracts and software code are already the same kind of thing. The difference is that contracts-as-code can actually execute contractual obligations rather than just describing them. I wouldn't describe this enhancement as "smart"... perhaps a better term would be "automatic" or "autonomous".

Hard to read that from "a human construct - it is both temporal and physical and has location".

Yes, dumb contract indeed. I think a good term is "fire-and-forget", as once it's live there's no going back so you'd better make sure it does exactly what you want.

That is what courts are for- to interpret the spirit of a contract. There is a point where hiding deliberate pump and dumps/ fraud/ ponzi schemes through complicated tokenomics or incompetence (we couldn't predict all the edge cases) no longer is an excuse. At this point, there is really no difference between the approach to launching these half baked algo/backed stablecoins and deliberate fraud. It could be easy for a court to make the decision that the contract was designed to be complicated on purpose to hide deliberate fraud, or at least could determine the devs were recklessly incompetent and still responsible.

This is less about actually going to court and more about counterparties being able to give each other a bit of slack based on customs in the profession and what was “really” meant because they may need to work with each other again someday. The courts are for when negotiations fail.

Everybody said the same thing about the 1987 automated trading crash. Get rid of those darn computers!

Sorry; decentralized autonomous finance is here to stay. There will be less disasters as we go along, but they will be much bigger.

Smart contracts is a horrible name. The better analogy (which has been around for years) is that they are the digital equivalent of (snack and beverage) vending machines.

As with vending machines, they have their use cases, but they aren't lawyer "smart" and they certainly aren't legal contracts. I'm not sure how much trouble a better name would have saved everyone, but it might have done a better job of setting expectations.

The vending machine analogy is exactly how smart contracts were first introduced by Nick Szabo and Vitalik Buterin.


So is this event the digital equivalent of the bag of chips getting stuck on the row below it or the frustrated customer shaking the machine until it falls over and squashes them?

Looks like some very expensive chips got stuck in the machine.

"Self-executing contracts" removes pretty much all of the confusion

Do you see no value in throwing these "dumb contracts" out there and seeing what happens? An expensive experiment for the speculators, but we got to the moon on a roman candle iterated a billion times, so I'm personally just curious about these programmable organizations of digitalized willpower.

I agree. It's software. Lots of software sucks and is buggy and vulnerable. Sometimes mission-critical software sucks and is buggy and vulnerable and causes catastrophes when it fails. A lot of it's malware. A lot of it's inefficient and/or useless.

But a lot of it's good, and more good things will come out over time. It's currently the equivalent of like 1998 in the smart contract space right now.

Smart contracts are neither smart nor contracts.

It's code which does stuff and if you want to be on the safer side of it, you allow time and liquidity to test them out.

If you want to assume risks and possibly higher rewards you get in early (ape, in crypto speech).

It's pretty simple.

What makes it complicated is that they are called smart contracts.

That's both a downside and an upside though - they do exactly what they say they will do. The issues occur when people don't realize exactly that they say they will do. To me it's just a different set of trade offs.

Also, it's worth noting that this contract wasn't audited, a baseline practice in the industry. Most larger contracts go through multiple waves of audits, while this was apparently released with exactly 0 (so hard for me to be shocked when there are issues).

> A code audit likely would have caught this (this type of bug is so common in software development, I’ve probably made it hundreds of times myself), but of course this smart contract was not audited. Only its sister-contract on the Binance Smart Chain, written in a different language, was.

Any experienced crypto investor knows that putting money into an unaudited contract that's less than a few months old is basically throwing that money away. There is another side to this, though, which is that protocols than have been around for a year or more without problems are quite trustworthy and become important building blocks for DeFi.

> have been around for a year or more without problems

> quite trustworthy

As someone being used to write fixes to code that is 20 or even 30 years old, I had to chuckle.

Yes, but these smart contracts are often fairly short (in essence, they shift value from one ledger entry to another), and not every bug is exploitable. They are also effectively paying a bounty worth hundreds of millions of dollars if you can find an exploit. It is not unreasonable to feel increasingly confident in their safety after some time.

That's the whole point. Code is law.

The alternative is our current, arcane legal system - only interpretable by lawyers who charge $600/hr.

> Code is law.

Law is law, code is code. They're two very different things. Code can't prevent someone from using violence to force you to overturn a smart contract's decision. The law can because it's enforced by the state. You could certainly choose to build a system of law that uses code, but code by itself cannot substitute for law.

> only interpretable by lawyers who charge $600/hr.

What do you think the going hourly rate would be for software engineers capable of writing bug-free smart contracts? If adoption takes off I'd bet that it will look a lot like the hourly rate of a good lawyer, or even exceed a lawyer's hourly rate given the impossibility of an appeal if the smart contract is poorly coded.

Also lawyers don't interpret contracts. They draft them and advocate on behalf of their clients in disputes. Judges interpret contracts, and are available as a public service paid for by taxes.

There's a reason it's called a legal code--both computer code and legalese are formal languages. The difference is that computer code is deterministically executable by a machine, while a legal code requires humans to carry out the actions it specifies (and humans are not deterministic machines, obviously).

The point where the two realms intersect is challenging but needs to be handled appropriately. It would be great if some of the terms of legally binding contracts could be delegated to automated systems. And when two parties do not actually share a common legal system, then code-based contracts can facilitate transactions that would otherwise probably never happen.

>Code can't prevent someone from using violence to force you to overturn a smart contract's decision.

You can hit the developers and the computer has much has you want but no amount of violence will fix the "_share_price > 0".

$272 million dollars could buy a lot of lawyer hours.

"Code is law"

except for the DAO fork of course, when commit rights were law.

Smart contracts don’t protect you from being sued. So, now you need both lawyers and programmers while still risking losing everything.

Not exactly. There are plenty of anonymous projects, developers and users.

Plus, even if they lose their anonymity, many are in places like Eastern Europe where suing them won't be so easy.

"Smart contracts and cryptocurrencies - great for anonymous people in Eastern Europe who want to avoid the law, less so for other types of people"

It's not an argument that's going to convert many people, but at least it's honest.

I don't think that's generally true. It is very useful for criminals in countries that don't extradite to the US, but

Many of those same people could make and were making money through other forms of cybercrime for years. Even without cryptocurrencies, new technology will always keep coming out that'll facilitate and potentiate more cybercrime.

To me, the answer there is and has to be geopolitical. Whatever crime they're committing, if it's against a foreign national, they have zero fear of repercussions, and that lack of fear is totally rational because there's basically no chance they'll ever face repercussions even if their real name and address is plastered in a million places. If they knew they could be extradited, or at least sentenced to serious prison time in their own country, and that there was a significant chance of it happening if they were to be identified, then I'm convinced most of them would behave differently.

What about the crowbar attack? A couple of thugs show up at your house and tell you to hand over your private keys, or they'll beat you until you will. Code can't account for all the nuances of real life or being human

Programs have bugs in. This is something programmers should be aware of!

"Smart contract" has always been a bit of a misnomer. If they'd just called them "scripts" then people wouldn't complain about the lack of lawyers.

This is precisely why Cardano is using Haskell for their language.

Yeah when I first read the Cardano stuff back in 2018, I was like "thank God someone gets it and wants to avoid the dumpster fire that is Ethereum"

Not only that, but all the hashes will probably be broken at some point in the future. We thought MD5 was the be-all end-all of hashes back then, but here we are at SHA-512 thinking it's our masterpiece. Two decades from now it will probably be obsolete.

The classic "halting problem" in comp sci shows that no one can even determine all the edge cases, much less test for them. This is why all software has bugs and always will have bugs. The way smart contracts lock-up software and make it impossible or difficult to edit can only create more bugs and prevent them from being fixed when they're found. This is the exact opposite of how professional, enterprise software development handles updates!

The lawyer problem is even worse than not being able to interpret the contract. The code isn't even a contract, legally. When conflicts arise from these deals, courts will settle them the way they always have. They won't read code and then decide that "code is law." That's something programmers made up that will also never be true.

Perhaps I should explain why the halting problem is an issue.

In comp sci, the halting problem says we can never guarantee that, given some input, a program won't halt. "Halt" is another way of saying "stop without doing the intended thing," which is what we call a bug.

One of the ways this translates to everyday debugging is that humans cannot ever know the range of all possible inputs or conditions to a program. We don't have that ability any more than we can give someone a list of all the words that can be made with the letters A-Z.

If we cannot write down what all the possible inputs might be, we cannot be sure that one of them doesn't cause halting!

By the same token, as useful as they are, no set of regression tests can prevent all bugs for the same reason: it simply isn't possible to come up with a set of regression tests that is in any real sense "complete" (ie: ensures no halting).

The halting problem was proved mathematically by Alan Turing and applies to all Turing computers, so we know it applies to smart contracts. In fact, the inability of the developers to conceive of one possible input (a zero value from the oracle) is what led to halting in the case of IRON.

To make the problem worse, even knowing that halting (aka bugs) was a possible outcome (a likely outcome, even), not only did the company apparently not seek any outside code audit, they locked down the contract (because it's "law," lol) so that the code can't be fixed even though it's now known to be broken.

So there's the stupidest kind of programming ever. Smart contract is a name in the same vein as the Ministry of Peace in Orwell's 1984. It is anything but smart. It is known to have bugs (halting problem) and they cannot be fixed (locked down "by law," rotflmao).

Hmm. I don't think this is the first legal contract of ambiguous intent. Surely any court would decide what the proper reading is and rule in some direction.

While it's certainly true that there are plenty of legal cases that hinge on the inclusion or omission of a single comma, or a single word, or something like that, by and large the courts (and the whole system) try and sort such things out through principles such as intent and least-harm.

This is particularly the case with ownership of money. If you've put money in a bank, and the bank says "sorry, due to a programming error you can't get your money back," that's on the bank. They are legally required to try and get you your money back.

Similarly, legal contracts (as opposed to defi smart contracts) must contain certain elements to make them legally enforceable. These include such elements as capacity (the capacity of the signer to enter into a contract, which can take into account whether they can fully-understand the contract) and adequate consideration (whether the contract is blatantly unfair to one party). So a contract that seems reasonable but might have some complex edge-case that requires extreme fine-grain parsing or auditing to see how you might end up with no money may not be legally-enforceable at all.

In the defi world, it seems like you're entering into a contract that's written in code, but there's no requirement to be able to actually parse and have the capacity to understand all the code that is written in the contract (or omitted, in the case of edge-cases the programers didn't think about). This seems like it wouldn't fly in any legal contract.

I have never read so much about nothing as I have when reading about some new coin. It's worse than a pyramid scheme. At least there, you end up with a decade-worth of skin cream.

I missed out on the unregulated ICO rush because I thought you had to, you know, develop a new blockchain technology for your new cryptocurrency, which is really hard, and I was busy.

Much later I learned all you had to do was copy and paste a Solidity program and then promote it.

Guess I dodged an ethical bullet in my ignorance, but still...

You can create a new coin in a couple hours, the "hard work" is in selling and promoting it...

…and for Americans, not getting in trouble with the SEC.

with bitclout it's now a couple seconds.

15 seconds for the transaction

You're talking about multi-level marketing. Which isn't quite a pyramid scheme (even though it is pyramid-ish).

Pyramid Schemes have the originators (the "top" of the pyramid) win lots of money, while the base (the "bottom" of the pyramid, where most people are) losers. And the top barely did any work to get there: they just took the money from people below them.

Many MLM companies fit the legal definition of a Pyramid scheme (and have faced consequences from the FTC in some cases).

The general rule is that if the majority of money does not come from selling to retail customers (either directly or downstream), but rather from recruiting new members, then it's a pyramid scheme.

There really is no "general rule" as evidenced by the fact that companies accused of being MLMs have gone on as publicly traded companies for ages, while even billionaires and hedge fund managers have feuded about whether it is a scam.

See: Herbalife and Ackman vs. Icahn.

Or AFLAC. (I'm not saying they are an MLM, but I've been personally approached for a "job" that seemed to be sales with no qualifications needed and I wondered)

My general rule is paraphrased from the FTC website[1]

There's more detailed information on a different page[2] including the following quote which I think supports the general rule I listed in my original comment:

> ...[Amway's] sales plan was not an illegal pyramid scheme. Amway differed in several ways from pyramid schemes that the Commission had challenged. It did not charge an up-front "head hunting" or large investment fee from new recruits, nor did it promote "inventory loading" by requiring distributors to buy large volumes of nonreturnable inventory. Instead, Amway only required distributors to buy a relatively inexpensive sales kit. Moreover, Amway had three different policies to encourage distributors to actually sell the company's soaps, cleaners, and household products to real end users. First, Amway required distributors to buy back any unused and marketable products from their recruits upon request. Second, Amway required each distributor to sell at wholesale or retail at least 70 percent of its purchased inventory each month -- a policy known as the 70% rule. Finally, Amway required each sponsoring distributor to make at least one retail sale to each of 10 different customers each month, known as the 10 customer rule.

Lastly, just because people disagree about the nuances of the rule, does not mean the rule doesn't exist. I feel very comfortable with my original statement, and those in favor of e.g. Herbalife would vigorously argue that meet my definition of MLM, while those who think its a scam would argue that they don't meet it.

1: https://www.consumer.ftc.gov/articles/multi-level-marketing-...

2: https://www.ftc.gov/public-statements/1998/05/pyramid-scheme...

Herbalife was fined $200 million by the FTC a few years ago.

Bill Ackman declared: 'Herbalife has actually been shut down by the FTC, they just haven't realized it yet'

But Herbalife management, and Carl Icahn, said that the FTC had determined it was not a pyramid scheme despite the $200M fine.

The chair of the FTC denied that they determined it was not a pyramid scheme - but at the same time, they carefully didn't say it was.

I'm just saying you can't really treat the FTC as the ultimate authority, because even they don't know.

> You're talking about multi-level marketing. Which isn't quite a pyramid scheme

Aunt Meg, is that you? I told you to stop it with the essential oils already.

She’s this close to getting her Lexus*

* (A lease in your name on Lexus that they will cover the payments on so long as you keep consistently bring in a statistically unlikely amount of product every month for the entire 72 months you were signed up for)

MLM is about concealing your status as a pyramid scheme from investigators, in the hope that either their resources are too limited to chase you or that by the time they do you've cashed out anyway.

On a forum I used many years ago a regular was forever pushing an MLM and I investigated how it worked, just to try to understand how screwed he was rather than out of any misunderstanding that MLMs are a good idea.

It was one of those health juice MLMs, and what I realised was very clever was that the business structure was set up so as to on the one hand make it less obviously an MLM, and then on the other hand ensure the scammers were insulated from the scam.

There's a pretty ordinary over-complicated compensation package, with tiers of distributors getting a percentage from those beneath them in a structure that sure looks like a pyramid - and imaginary "consumers" who buy at the supposed retail prices at the bottom of the pyramid. But the juice itself is bought exclusively from a separate company at an inflated price.

If the government shuts down the MLM company, few there were getting rich, it's just a handful of people out of an office somewhere. The big money flows into the juice manufacturer selling this awful tasting muck - and they can claim they know nothing about any pyramid scheme. Selling cheap juice for lots of money isn't a crime it's just capitalism.

You are correct, good sir. As you point out, both are somewhat the same: your value increases as more people buy into the illusion of value.

> _share_price here refers to the price of TITAN, as provided by an oracle, which is correctly reporting it as… 0 (somewhere in the distance, you can hear a room full software engineers burst into laughter ).

Aside from the amusing programming error, the main problem with much of the "smart contract" activity today is that doing anything remotely interesting requires an oracle. An oracle is basically a server that reports the outcome of an event. And servers can be attacked in ways that systems like Ethereum can't.

So a lot of the hype around Ethereum and its "smart contracts" is really people just misunderstanding the security model. The weakest link is a server in a dorm room or data center reporting a number.

Here the oracle is doing the right thing. But it could easily go the other way.

And without an oracle smart contracts are useless for anything that relates to the real world. And guess what folks... we live and spend our money in the real world.

This has been the problem with smart contracts since day one. It is that simple.

> Aside from the amusing programming error, the main problem with much of the "smart contract" activity today is that doing anything remotely interesting requires an oracle. An oracle is basically a server that reports the outcome of an event. And servers can be attacked in ways that systems like Ethereum can't.

Thank you! I've tried to put it into words before but I think this is as close to perfection as one can get while describing why smart contracts are not what people believe them to be.

For prices you can use Uniswap's oracle which is time weighted average price and can't be manipulated unless you buy a ton of the token over the entire time period. In this case it was using a Sushi swap oracle (uniswap clone that's on matic) with very liquid pools so it was accurate, just lagged a bit when titan was dropping rapidly.

The general consensus is that it's a terrible idea to rely on Uniswap (or any other dex) as a price oracle for valuation/pricing for other on-chain defi applications/dexes. With enough capital (which can be acquired through flash loans) you can absolutely perform economic attacks though atomic transaction chains involving moving the dex price. Uniswap, Kyber, and others will tell you the same thing. This makes me think that even things like DAI/MakerDAO (and anything that relies oracles like Chainlink) can start to get brittle when/if the major price discovery and liquidity are on Dexes.

This has been seen in practice, for example in the Fulcrum hack:



Flash loans are not relevant to the uniswap TWAP oracle, which ignore any transactions in the current block. That oracle was written specifically to be resistant to manipulation and I don't think there's any consensus not to use it.

It's definitely an improvement. Still, I would advise against it in general, especially for arbitrary pairs. This category of attacks can be difficult to foresee and even arise after deployment due to new incentives outside of the system.

While Chainlink has its own host of issues and risks, there are still valid reasons why companies are paying them and their node operators good money to feed price contracts for ERC-20 token pairs.

Could you not still use flash loans in attacks that take longer than one block? You'd have to pay the loan back within each block, but it seems like you could still shift markets enough to take advantage, if you were willing enough to take on some risks.

That'd be quite expensive. And as you manipulate prices across blocks, arbitrageurs would arb it back to "market price". Uniswap V3 allows for a 3rd party smart contract to ask its Uniswap V3 Oracle to employ a 9 day moving average price - which is of course, not very useful as a "spot price", but is super hard to manipulate.

This actually surprising and doesn't make a lot of sense to me. If the oracle is just an AMM, then presumably one could get the oracle to register a nonzero value by just putting a small amount of money in the contract. As long as there aren't an infinite amount of TITAN tokens (are there?), even if all of the TITAN in existence were put into this AMM, there would still be a little money left to give TITAN a positive price and fix the issue.

There's a bit more to what happened than the article lets on. The contract mints to provide liquidity (supposedly). There was 1.8m tokens at the time of the crash, now theres 26Trillion. you would need all the capital in the world to get it to .1 now.

The oracle calculated the price to a certain precision, so it rounded down to 0.

Oracle is a fancy name for an API, right?

In cryptography an oracle is someone or something you can query that returns an answer that you cannot know from just the math.

It doesn't have to be an API. Side channel attacks can provide unintentional oracles. For example, if you have a password checking function that takes longer to return a false result for "close" inputs, then it leaks information that can be used to crack passwords (simple O(n) string comparison would be an example)


An oracle is not just an API, but specifically one that your system trusts unconditionally.

I've been wondering the same for a few weeks but can't be bothered checking.

My uneducated inference is that an oracle is a data source and you can hook into it from the smart contract. The oracle seems to live off-chain and live on a traditional server/DB.

Please correct me if the above is way off!

An oracle is a source of truth for information about the outside world to a smart contract. The smart contract doesn't actually call the oracle. This is because smart contracts don't self-execute and can't make external http calls. So a smart contract pauses, and waits for an oracle to trigger an update function. Because oracles have a lot of power over a smart contract (not all smart contracts need them, by the way), they have to be done in a secure way. The market leader in decentralized oracles is Chainlink. They power hundreds of DeFi applications.

At that point can they really be considered purely code contracts anymore? If their execution requires a trusted third party some of the rhetoric goes out the window.

They're sort of hybrid networks at that point, but Chainlink oracles are decentralized: each function is run by several nodes (31 for the BTC/USD or ETH/USD price feed, for example). The nodes have to come to consensus and individual nodes are slashed if they produce bad or late data. You can see an example of a LINK feed here: https://data.chain.link/ethereum/mainnet/crypto-usd/eth-usd

Decentralization is a spectrum. But I would argue this approach is far more secure than naive oracle implementations.

Not all applications need oracles. It depends on whether your smart contract needs information about the world outside of the blockchain.

Who owns those 31 nodes? Who gets to choose which nodes are part of the calculation?

I think they're just other smart contacts that use many data sources. Like if you wanted an oracle that returned the result of a baseball game, you'd have it check various newspaper websites and have it make sure the results were all the same. To attack it, you'd have to attack all the newspaper sources. It's still a weak point, but not quite a single point of failure.

Specifically for something that feeds data from an API (or really any other data source) into a blockchain so it is available from smart contracts.

I'd say Uniswap is interesting. That doesn't use an oracle.

But it also only works with on-chain cryptoassets.

If you want to work with off-chain things then necessarily your system is going to include off-chain things. I'm not sure of your point here.

However, I can think of an exception. Augur is a prediction market that doesn't use a trusted source to resolve bets. It doesn't get a lot of use these days, and probably won't before scaling resolves gas prices, but the bets that have been live on the system have resolved correctly.

no, an oracle is another smart contract that is called by the main contract, the oracle smart contract logs an event, this event triggers sources of truth (servers), each source of truth provides information for the oracle contract by modifying its state, the oracle contract decides if the data is reliable and calls the main contract if so

But there must always be a point where the oracle interacts with the real world, right? Which immediately becomes a point of centralization, which -seems to me- kinda defeats the purpose of having a decentralized system

Oracles have come a long way and very interesting work is being done to solve this problem. You don't always have to rely on one oracle and the amount of capital you'd need to 'trick' an oracle is too high to be economically advantageous. There is a possibility with very low-volume tokens, but good luck not getting eaten alive by arbitrage trying to trick a popular coin.

There are a lot of systems now that don't use oracles. Prices are maintained by people arbitraging any significant difference.

I love your rhetoric of "server in a dorm room" to make it sound way sketchier and amateur than it is.

Probably a dumb question, but is there any possibility of temporarily getting the price to slightly above 0 in order to let people get their money out? For example, could some group with a lot of money offer to buy/sell a bit until the oracle considers it above 0, in exchange for some sort of compensation from the investors or devs?

Their docs state that there should be a max supply of 1 billion iron titan tokens[0]. But according to coingecko, there are over 27 trillion in circulation[1]. I think that's probably where the trouble started, and at that amount, I doubt they'll be able to get the price up. I may be totally wrong though, I heard about this project for the first time today.

[0] https://docs.iron.finance/iron-finance-on-polygon/titan-dist...

[1] https://www.coingecko.com/en/coins/iron-titanium-token


On further inspection, it seems like they'd just need to get the price up to the 6th digit[3]. I'm not sure it's feasible though.

[3] https://github.com/IronFinance/iron-polygon-contracts/blob/m...

> Their docs state that there should be a max supply of 1 billion iron titan tokens[0]. But according to coingecko, there are over 27 trillion in circulation[1].

How on earth does something like this happen?

From the article:

"[EDIT: I’ve since learned that the developer(s?) behind this are already the laughing stock of the DeFi community, having wrecked each of their 3 previous projects (now 4) — though this might be their biggest hit yet]"

In other words: find a way to short their fifth project.

That seems like a poor idea when the collapse of this project was preceded by their failing token doubling in price before falling to zero. You’d need an unknown amount of collateral for an unknown period of time.

Well, we can already see they screwed up a basic piece of code in the IRON smart contract, so is that really so surprising?

I suppose yes and no.

Screwing up the maximum supply seems like an enormous blunder while I kinda understand the assumption that “price > 0” if they’re supposed to be backed by 75% usdc.

You might be confused. The "price > 0" refers to the price of TITAN. TITAN isn't backed by USDC at all. IRON is (ideally) backed by 75% USDC and 25% TITAN.

Oh you're right I am confused. I actually don't even understand the point of the price check in the first place. Why does the USDC portion of IRON tokens need to be locked in the smart contract based on TITAN price anyways?

>Why does the USDC portion of IRON tokens need to be locked in the smart contract based on TITAN price anyways?

It doesn't need to be. It's basically a bug in the code. They didn't consider TITAN price being 0 to be possible, so they didn't write their code in a way to handle it correctly.

A random guess for why they had the price > 0 check. They might have had code like this:

    // Returns (usdc_to_withdraw, titan_to_withdraw)
    def GetWithdrawalAmounts(iron_to_withdraw):
      usdc_price = 1  // guaranteed: USDC price in USD (aka USD/USDC)
      titan_price = GetTitanPrice()  // TITAN price in USD (aka USD/TITAN)
      iron_price = GetIronPrice()  // IRON price in USD (aka USD/IRON)
      usdc_to_withdraw = iron_to_withdraw * iron_price * 0.75 / usdc_price
      assert titan_price > 0
      titan_to_withdraw = iron_to_withdraw * iron_price * 0.25 / titan_price
      return (usdc_to_withdraw, titan_to_withdraw)
If you look at it like that, it's pretty obvious why they have the assertion that titan_price > 0. Without that assertion there's a divide by 0.

If you want to handle the ability to withdraw USDC even if the TITAN price is 0, you have to make the code more complicated. Likely not just this function, but the system as a whole, because it'll mess up all the accounting.

You can buy a lot if the price is zero.

Here's a better question: Why?

This is exactly what crypto-enthusiasts claim is going to happen to the US Dollar and I've never heard mention of crypto taking pity on fiat by offering to give them crypto when the bottom finally falls out of fiat.

So why should anyone else be responsible for people who took a calculated risk that blew up in their face?

Yes, this sucks for them. But this shit happens. Don't throw good money after bad.

> Here's a better question: Why?


There are a lot of people with USDC locked up in the contract and they might be willing to pay a share of it to unlock it.

>Here's a better question: Why?

A calculated risk is that you put money into something which may end up losing all of its value; not that your collateral becomes locked in a safe with an accidentally lost key. They had a reasonable expectation that even if the value was totally lost, they wouldn't have their collateral locked forever. Their investment, yes, but not their collateral.

Sure, one always has to account for extreme scenarios when doing anything, like the risk of a critical flaw in the code. But to give another extreme gambling scenario:

Let's say you put your car up as collateral for a huge gambling bet. You of course take a calculated risk that if you lose the bet, you lose your car. Then let's say you back out of the bet after putting up the collateral, or you even win the bet, but there was a mixup at the casino and they thought you lost the bet and they took your car without you realizing it and it's on another continent now.

In both scenarios, you hope that you can at least get some kind of compensation from the people you entrusted the collateral to, since it was just a complete fuckup on their part. You know you're not guaranteed to get anything, but I think it's reasonable to try to ask for compensation. If you just took a bet and the value plummeted, then you know it's tough luck for you and just a standard high-risk high-reward scenario that you ended up on the losing side of, but this is something else.

(At least if I'm understanding this properly and the collateral really was purely collateral. Seems to be a bit complicated because they were attempting to make a... stablecoin... pegged to an intentionally volatile asset, somehow.)

>This is exactly what crypto-enthusiasts claim is going to happen to the US Dollar

It's mostly just Bitcoin maximalists who think that, and they're a small subset of people who own Bitcoin. This is Binance Smart Chain (basically a copy of Ethereum), and I'm sure some BSC/Ethereum users believe something similar, but it's a much smaller percentage than even Bitcoin's small percentage.

Also, I don't think they think every dollar is secretly embedded with nanobots that'll encase the bill in titanium after someone at the Fed trips and falls on a big red button, which is what would be analogous to this. I think they think the dollar will lose most or all of its value due to hyperinflation. I think that's a completely unfounded belief based on an unfounded philosophy, but it's a different and entirely unrelated thing.

> They had a reasonable expectation that even if the value was totally lost, they wouldn't have their collateral locked forever. Their investment, yes, but not their collateral.

They literally handed their money to a computer program that works outside of human control and cannot be interfered with... which means if something goes wrong no one can intervene and sort it out. This is a risk they took willingly. It's not the first time a computer program malfunctions, and won't be the last.

>which means if something goes wrong no one can intervene and sort it out

That's true in general, but in this rare case anyone's USDC can actually theoretically be recovered in full if the price ever manages to get just barely above 0 for a period of time and they pull it out during such a period.

If nothing can be done, you have to just take the loss. But here something can actually be done, and it's not like it's infeasible. Just hard.

Why can't someone "paint the tape" as they called it in olden days?

If it's possible, what would make it difficult? Or what would make it impossible?

I kind of thought that there isn't normally any requirement for any particular volume of trading to set a price.

"And, look, if the casino gets robbed, and you are chilling in the lobby, you’re gonna get robbed too. Obviously you’ll be sad about getting robbed. You came to gamble, maybe to get rich or else to have fun losing your money, and getting robbed does not satisfy either of those desires. But it could be worse. You were … at the casino? You were mentally prepared to lose that money anyway.

Similarly the expectation for anyone trading crypto surely has to be that it’s a risky volatile asset class where you can lose all your money in a variety of exciting new ways, and if you are parking some of that money in dollar stablecoins some of that expectation ought to carry over. If you want to put your money somewhere safe, there are banks and money-market funds and Credit Suisse supply-chain funds, and if any of them go bust then that is a potential financial-stability problem. If you want to put your money somewhere safe for crypto, there are stablecoins, and if any of them go bust then that is a brief distraction from the crypto exchanges losing their customers’ money in other ways."

I'm wondering the same. I don't know how the mechanics of blockchain oracles work, but it seems feasible that the oracle operators could report a price high enough for the contract to believe it's `> 0`.

Reasons why this might NOT work:

1. The oracle "broadcasts" the price to the network, which other services may rely on. Broadcasting a false price could hurt those services, and the oracle would lose credibility.

2. The oracle's price is somehow tied into other blockchain mechanics (i.e. it can only report a price that the network consensus agrees is true)

I'm not sure how #2 could be true, since the purpose of an oracle is to provide information that the blockchain can't determine on its own.

EDIT: More info on the price oracle in use here: https://docs.iron.finance/mechanism/pricing-oracle

Still not sure the exact mechanism, but #1 seems to be the concern. Chainlink can't readily tamper with the price feed that may be in use by others.

Yep, and btw, how can the price of anything be exactly 0? This doesn't sound right either.

According to the graph in the post (https://miro.medium.com/max/6088/1*tzpAFvuxVeumWO8ENz_SZg.pn...), it's somewhere around 0.0961 as of that time, and I suppose the price oracle they're using rounds that down to zero, perhaps? Or maybe the contract is rounding it down? Either way, I agree it's odd that exactly zero would be reported even if it's very close to zero.

edit: Nevermind, I misread. It's -0.0961, apparently.

The price is actually something like $0.000000033869.


Negative 0.0961

Oops, you're right. I misread.

Price can be a number of things - current best offer from a seller, best offer from a buyer, mid between them, etc. (Stocks often report either the mid or “last trade” but the bid-ask spread can get wide for rarely traded securities, especially Lon-dated options).

I don’t know what the Oracle is using but it would be amusing if something else means the price is “stuck” at zero once it hits zero.

Well, a price can go negative [1], so I wouldn't consider zero to be surprising.

[1] https://www.cnbc.com/2020/04/26/why-oil-prices-went-negative...

A price can go negative for a physical thing which requires upkeep, but I don't see how a coin which imposes no obligations on an owner who just chooses to walk away, can have a negative price?

Oil went negative in the same way the price of my trash is negative: more of it was being produced than people wanted to buy, but the producer had to get rid of it because they couldn't stop production. As another commenter said, you can just walk away from a digital asset, so this isn't a problem. I can't walk away from my trash.

The article laughs at the developers but then gets things fundamentally wrong. The error isn't an off by one error, to begin with. Then, as you note, it doesn't make any sense for the coins to be locked. The oracle should always report a price above 0 and if for some reason it's not it should be relatively trivial to get it to

> Non-collateralized stablecoins require continual growth to be successful. In the event of a price crash, there is no collateral to liquidate the coin back into, and the holder’s money would be lost, as seen with many past projects trying to utilize such design [sic].

Isn’t that just a Ponzi scheme?

No, much different:

In a ponzi scheme, the perpetrators will not willingly directly reveal that it's a ponzi scheme.

In cryptocurrency, the perpetrators are honest and transparent about it being a ponzi scheme, but surround it in so much techno-babble that they make it sound like a ponzi schme is what you WANT.

These are not Ponzi schemes. In a ponzi you have a mechanism to distribute money to early adopters in the tree. These are just pump and dumps but you create and pre-mine the asset before pumping it.

There were ponzis some years back like OneCoin and BitConnect.

So basically a Ponzi scheme where only the earliest adopters get paid and everyone is remarkably open about that?? :)

Almost every scam gives money to the early adopters. It would only be a ponzi if they claimed that there was some kind of a business/mechanism that’s generating the revenue when it’s actually coming from the fools downstream from you. Usually it’s something like a guaranteed double digit interest on your money. You put the money in and receive the reward (from other people’s money) and that’s a strong psychological trigger to put more money in. You just saw it work and you have the check from the ponzi to prove it!

If you just have a large amount of a worthless asset and you convince other people to buy it on the market to pump the price up (mainly via social media and “influencers” these days) and then you dump it at the top then you have a…

My God, I haven't thought about the word "BitConnect" in a very long time. https://www.youtube.com/watch?v=AwDbx-nuQ5o

I think OneCoin would be classified as a Pyramid rather than "just" a ponzi - a lot of shady MLM promoters got very rich through the recruitment incentives

This is happening right now with the hilariously titled "SafeMoon" cryptocurrency. You can find posts on the subreddit openly asking people to buy a few million for $25 and 'gift' it to their friends and family.

The hot new Ponzi scheme is EMAX, which even has celebrity endorsement! What could possibly go wrong. If you want to see an endless number of other Ponzi coins, check out /r/cryptomoonshots

>In cryptocurrency, the perpetrators are honest and transparent about it being a ponzi scheme, but surround it in so much techno-babble that they make it sound like a ponzi schme is what you WANT.

I think this isn't quite right in all cases. I think some people know it's a Ponzi scheme and genuinely do want a Ponzi scheme. They just want to get in and out quickly. It's gambling. Sometimes you're a victim and you lose money, and sometimes it works out and you make money.

Its like the Uber of Ponzi Schemes.

The main innovation is that there's no one to sue. The founders can just print themselves a bunch of coins and remain basically anonymous.

They also bypass regulation, because its on the web?

Regulators are asleep at the wheel. This entire category of 'technology' should have been snuffed out years ago for the good of us all. Now, look around us as GPUs and other chips are out of stock, cities face blackouts due to coin mining, and the major use of these coins is to fuel ransomware attacks that take down critical infrastructure.

All entirely pointless - or even outright negative - activity.

Matt Levine had a great writeup about this:

> If the price of IRON goes down from $1 (good) to $0.95 (bad), you just issue some TITAN (worth $65) to buy some IRON until it’s worth $1 again. And if IRON keeps going down, you just issue some more TITAN (worth $60) and buy more. And if IRON keeps going down … [you can fill in some more iterations here] … you just keep issuing TITAN (worth $0.000000035) and at that point you’re not accomplishing much. If you could sell 286 trillion TITAN at $0.000000035 each you’d raise $10 million. That’s probably hard. There are 285 million IRON (formerly worth $1) outstanding.

So probably not a Ponzi scheme but also not a scheme that was created by someone who can think two steps ahead.

It sure sounds like it, new money needed to pay the old money.

A definition so broad it's meaningless. There was no Bernie Madoff here, no fraudulent scheme, just very poor design and outright mistakes.

What you're describing is what they tried (and failed) to avoid. How can you make it to the "I’m wondering if this can last mathematically?" part of this article and still think there's a mastermind behind all of this?

No, much different, in a Ponzi scheme you're fraudulently claiming that the high returns you're delivering your old investors are real, and result from your investing acumen, when in fact they aren't real, they're just money from new investors that was never invested in the first place.

This is more like if you bought a lot of dollar bills that were 75% backed by gold and %25 backed by Dogecoin. They are comparable in that both keep working as long as no one tries to cash out, and money keeps coming in.

"They are comparable in that both keep working as long as no one tries to cash out, and money keeps coming in."

So...a Ponzi scheme?

No, much different, in a Ponzi scheme you're fraudulently claiming that the high returns you're delivering your old investors are real, and result from your investing acumen, when in fact they aren't real, they're just money from new investors that was never invested in the first place.

They are comparable in one way however.

So it's an honest Ponzi scheme?

Bernie Madoff went to prison for fraud, what would "an honest Ponzi scheme" even mean?

I think a lot of people saw The Wizard of Lies and "Ponzi scheme" is the only financial scheme they're familiar with, so it gets thrown around a LOT.

So what you're describing is that this is a next-generation Ponzi scheme where nobody goes to jail but a bunch of people still lose money.

But yeah let's keep arguing over semantic definitions.

A Ponzi-scheme is a specific type of scam, it's not a generic word for any kind of unsustainable investment or scam.

This whole thread looks like someone saying "No, a boat is not a car" and the other going "but it does have an engine, right? It's a car. Let's not argue semantics"

No, this isn't a Ponzi scheme. That's the only thing I've said. I think you believe "Ponzi scheme" and "scheme" are interchangeable.

Usually the go-to lazy catchphrase is "we're just arguing semantics!" but "semantic definitions" is new.

To be charitable, I think it’s more likely that this is an entire area where regulation hasn’t caught up so we don’t have any common names available.

These coins are ponzi-like in that only the earliest of adopters have any chance and only if they know enough to get currency out without hitting an inflection point that brings down the whole thing. But that’s where the similarity ends - the mechanism is different, they don’t operate like a Bernie Madoff and they’re honest about the whole process.

This is something else and while it’s Ponzi-like, it’s a different beast. I don’t think there’s anything particularly wrong with expanding the definition of Ponzi scheme for now, just so we have something to educate some irrationally exuberant retail investors…

It depends on how the coins are stabilized. If they are stabilized by generating new coins and those coins ate given away to current holders (as opposed to sold to establish more collateral), then this is precisely a ponzi scheme.

It sounds exactly the case to me.

Isn't that how USD works too? It only holds value if people keep wanting it.

Yes, and the government demands that taxes be paid in it, so there will always be some demand.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact