Hacker News new | past | comments | ask | show | jobs | submit login
$34M permanently locked into AkuDreams contract forever due to bad code (twitter.com/0xfoobar)
241 points by donohoe on April 23, 2022 | hide | past | favorite | 256 comments



The unforgiving-ness and irreversibility of cryptocurrency are the reasons that it will never gain significant adoption by “normies”.

With fiat currency, we have many systems for dispute resolution and restitution. They are not all perfect but they work often enough that people still have faith in the system.

Most people do not have the risk tolerance to use a system where one typographical error can irreversibly lose your life savings (for example), the product of decades of work.


The "oracle problem" is the reason why I lost interest in crypto after the 2017 boom, when I really got into the nitty-gritty of crypto.

The trust built into crypto is rock solid, the problem is that it's scope is so narrow and limited that even after a decade it's still searching for a major trust problem to solve. In this case you cannot reverse crypto payments because there is no oracle that can do it. You would need to find God's own API for reality.

I was however totally wrong about the future (monetary) value of crypto in early 2018. I guess sometimes it pays more to know less.

Edit: Also of course every single crypto org obfuscates and is opaque as possible about the oracle problem. I'd venture that most investing in the space don't know what it is.


Same here but I had a much more cynical view of the oracle issue that it is by design aimed at eventual and total financial destruction of most participants. This cynicism were fueled further by the ideology that justified this for some great adoption that was promised even further back.

You can have decentralized systems but because monetary wealth accumulation is centralized by nature, and any decentralized system that introduces monetary accumulation and inflation reverts to a centralized state.

A good example of this is Bitcoin. Those with the most liquid currency (fiat) can buy more hardware that centralizes wealth. You simply cannot have an MLM scheme without a pyramid.


> it is by design aimed at eventual and total financial destruction of most participants.

Your entire post is about inevitable centralization but that is not the oracle problem. The oracle problem is about providing access to real life data on the blockchain, but the issue is that you still need to trust someone to provide that data. Maybe I am misunderstanding you but I don't get how that by design leads to the total financial destruction of most participants?


in my opinion oracle problem necessitates more middlemen to act as data / truth providers and of course they will have to be paid, and will impose an information bottleneck which they will leverage. this is centralization to me.


Agree and disagree. Yes, you’re right that in many cases you have to rely on an external oracle, so a protocol can’t be fully “trustless”.

However the difference is that we can abstract away the oracle from the rest of the value transfer mechanism.

For example if we want to bet on the winner of the Super Bowl, in the old days we’d have to find a trusted third party to hold the money for us. Essentially a bookie. Finding a trusted bookie, especially one who’s licensed in multiple jurisdictions is really hard.

In contrast, we can probably find a trusted “oracle” for the Super Bowl much easier. For example AP is extremely trustworthy (largely because they’re not in the legally dodgy business of sports betting). As long as AP cryptographically signs the outcome of the game (as they do for all HTTPS served content), we now have a highly trusted oracle. We can handle all the other mechanics around betting and payoffs inside a trustless smart contract.

In fact we can take this even a step further and use multiple trusted sources in a multisig setup. The chance that AP, ESPN, NBC sports and Google all collude to lie about the Super Bowl is extremely small.

So while the oracle problem means we can’t completely eliminate the need for trust, it can drastically reduce the surface area of risk by abstracting away the informational layer from the value transference layer.


The problem is that it inherently places an ever growing bounty on corrupting those "trusted" sources which are in fact human, not cryptographic.

The bounty in crypto is only in cracking whatever chosen cryptography, and this is the very heart of crypto's provably rock solid trust. This bounty is worth trillions, but we known with a (very) high level of certainty that no one can claim it. You would have to have broken cryptography, or developed a sci-fi level computer chip in total secret.

How much can you trust a handful of news sources when the bounty for gaming them reaches the billions or hundreds of billions in value? What kind of person suddenly wants to become an editor when they get to wear one of the rings of power? (sorry I've been reading LOTR lately)

There is a simple calculus here (and everywhere) that shows that as the value of trust grows, so does the value of breaking that trust. Crypto solves this by making the cost of breaking that trust far outside human's capability. It probably would be be asking too much to introduce an element that suddenly makes that cost practically obtainable compared to cracking crypto.


> Finding a trusted bookie, especially one who’s licensed in multiple jurisdictions is really hard.

Anywhere that it is legal, it is significantly easier than dealing with any blockchain. What you've stumbled upon is the reality that the only feature cryptocurrencies provide is opaque law enforcement, and that feature has a timer. Why would it be any easier for a blockchain to be licensed in multiple jurisdictions? The only difference is that the blockchains are almost definitely not licensed. I'm not sure what the statute of limitations is, but I feel like a blockchain holding accounts of illegal gambling is a pretty weird thing to want to create immutable records of, unless you're the FBI.


> As long as AP cryptographically signs the outcome of the game (as they do for all HTTPS served content)

I looked into this use case before and came to the conclusion that it can't work because TLS is not non-repudiable. Once the initial public-key handshake is finished, the rest of the session uses a symmetric cipher. Because anyone with the symmetric cipher's key can encrypt their own data with it, you could encrypt your own spoofed response from the server in any transcript of the session.

https://crypto.stackexchange.com/questions/29751/are-https-w...

One solution to this is to use the site's public key to sign a Web Bundle instead of using TLS:

https://web.dev/web-bundles/

https://wicg.github.io/webpackage/draft-yasskin-http-origin-...

Web bundles can be served from any origin (and I'd imagine can be verified by oracles) as the data itself is signed. However, this requires the server to use web bundles in the first place, which likely isn't happening any time soon. Mozilla considers the proposal harmful: they expect Google will serve the majority of web bundles, allowing them to see what sites the user is visiting.

https://github.com/mozilla/standards-positions/issues/264

https://www.ghacks.net/2020/08/30/google-proposed-web-bundle...


But even if you look past the technicals, the example of the AP being a trusted source for who won the super bowl has issues. What if the AP announces team a won, but then 2 months later it comes out that team a cheated and the NFL retroactively changes the winner (similar to lance armstrong getting wins taken away, or in some years the tour determined there was no winner because there was so much doping.). Is the expectation that the AP will update their page which says who won?

While I will concede the example I give above is an extreme edge case, I would also argue that “who won the super bowl” is also an overly simple example.


I suppose you'd have to write your resolution as "apnews.com will at some point publish a page with the <title> tag containing '49ers', 'win', 'Super Bowl'" and hope the possibility of some sort of retraction would be priced into the market.


TLS-n, which is a protocol extension, and therefore not supported by default, does enable non-repudiation via TLS.

Video is better explanation than the repos.

https://m.youtube.com/watch?v=HnrFsekayrM

So it could be done. Tho it would require the server to add support.

Repos: https://github.com/tls-n


Much like Signed HTTP Exchanges/Web Bundles, the value of an opt-in protocol such as TLS-n is much less than one that would work with all the HTTPS sites already out there. I doubt the Associated Press wants to get into the blockchain oracle business.


The obvious problem with Blockchains is that they can only manipulate things that exist inside of them. This means even something as basic as the interaction between blockchains is troublesome.


There is a lot of “hidden oracle” going on in the upstart “level one” blockchains too, hidden in the sense that an outsider would never guess that’s part of the deal.

I find it kind of fascinating to, for (made-up) example, place real-money bets not on the future of the price of gold but on what the contract at $ADDRESS will say it is in the future. Do people understand what they’re actually betting on?


The vast majority of gold speculation (well before blockchains existed) is not based on the actual price of gold, but rather what $EXCHANGE says is the price of gold. Very few gold investors are holding physical gold.


The actual spot price varies city to city and even dealer to dealer, just like any other physical commodity. But because gold is relatively liquid it is unlikely that this difference is too big, otherwise it allows for an arbitrage opportunity


That’s an interesting comparison, since that’s basically the game commodities traders are playing. Guess the price of oil (of this specific type for delivery at this specific place and time that generally - but not necessarily - align with an idealized “price of oil).

I suspect deep understanding and clever interpretations of those specifics in crypto will be rewarded. Though crypto has the added excitement that, as here, poor understanding and interpretation result not just in loss of value but it’s destruction!


My friend took a year, over 150 calls and legal intervention to get money back that HSBC stole. Obviously not the same but to say that banks are faultless just isn't true; their systems also have edge cases from which there is often little hope of return.


The point is not that banks are faultless (no one claimed they were) but that remediation is possible, as you have just attested to: your friend got his/her money back. Your story shows the system is working—that's precisely what "legal intervention" is for.


The issue with banks is that the battle is legal/social, for example as someone who get paid by international wires often let me tell you that sometimes (rare cases but when it happens it happen to many) the money just disappears for months, and there is no way to troubleshoot it as a normal individual, you just go to the bank and ask about your money and either they just deny there is anything they can do and blame it on the sender, or just give you looks and question the legitimacy of what you are doing.

Sometimes banks freeze international wires until the government investigate the source of the funds to make sure they are not funding terrorism, this happen to any sum higher than $5k in my country for example. I just wish to never be in such a position.


None of those issues are resolved by crypto.

If crypto is to be legitimized, the government isn’t simply gonna say, too bad, the stuff we think is absolutely necessary to the point we suspended civil liberties for, that stuff we will ignore for you.

Whether you agree with what the govt is doing or not, they aren’t gonna stop doing it because it’s crypto.


Not to mention when doing large wires with countries that have to do exchanges through a national bank your third party can just forget to accept it. Then you get a wire reversed for a large amount in some cases and the bank freezes your assets because you just got a huge amount of money from some random place. The thin vail of freedom is quickly lifted whenever you want to do anything international from sending money to getting married.

This happened to me when purchasing a house in another country.


> as you have just attested to: your friend got his/her money back

Missing the point.


How so?


They didn’t get their money back. The bank lost money, but they have a lot so they don’t care. In cryptocurrency every sat or Wei is accounted for. You can’t make them up. A loss can never be undone.

People need to look at this as like chartering a 17th century galleon. It sank. Gold was lost at sea, unreachable by todays tech. Maybe in 200 years someone can crack ECDSA and recover it.


The problem you're describing with physical coinage is one of the reasons why paper money was invented in Europe, among other places


Right — however it was always an abstraction. Lose gold at sea? Well just because the bank ignores this event and issues more paper doesn’t mean the ship didn’t sink. I understand that the concept of reversibility is highly desirable, but that bank can not raise the sunken ship right now. It has to take the loss and not just pretend it didn’t happen. Reversibility is always an illusion. Most things in this universe are actually permanent.


You're right, there's enough irreversible things in this universe already. Let's make something better.


Ah yeah, thanks to 21st century tech, now you emulate 17th century risks when holding wealth! Progress!


It approximates a different risk game, and as such has a different reward schedule. Some people like to play games on hardcore mode (eg: permadeath, 1 life) too.

Not everything needs to be sanitized for one’s safety.


Well, are you advocating crypto for investing, or for the future of money? If the future of money, then you can't ask everyone in society to "well it's going to be more risky! But it's better!". If it's for investing, go ahead, I can also suggest putting all your money on black and have a 50-50 risk of doubling it or going home empty handed.


Only if you truly, and I mean truly, understand the depth of chaos that has been brought on by "progress".


What chaos? It’s all documented for all eternity, I don’t see chaos.


They didn't say it was faultless. A year & 150 phones calls is a significant improvement on "nope, nope, not ever ever ever ever".

Also the current system at least has the potential to be improved, maybe. While irreversibility is baked into the ideology of many (not all) proponents if crypto.


You can implement irreversibility in a blockchain or a smart contract easily, many coins can freeze funds and issue funds, that's defacto irreversibility.


>Irreversibility is both easy & often

Did you mean reversibility? Because otherwise you're agreeing with me: I'm saying irreversibility is easy, often the default with crypto Yes, that is what I am saying. In traditional banking reversibility is easier, and (mostly) the norm for situations of standard human error.

In the case of this particular contract a limited form of reversibility is even what was intended, but that doesn't matter. It's a system that doesn't allow for honest error.

For some, that's a feature. For the vast majority required to take smart contracts mainstream, that is not a feature. Better error resistant reversibility can be built, and that's when things may become attractive to more people. But, again, many proponents view irreversibility as a feature so it's not primary consideration when building things.


Seems this is a counter example.


Only to the extent that the code doesn't have bugs and your algorithm has no design flaws. (All code has bugs and you should assume all algorithms have design flaws.)


I think that the point is not that non-crypto systems are perfect, but at least they do not have flaws which could make the reversal of a transaction a mathematical impossibility. In non-crypto systems if you convince the right humans, things can be reversed.


And in those cases you escalate or you lawyer up.

You can't sue a typo.


That is the best Web3 quote I’ve heard all year.


But there is insurance for smart contract integrity already deployed and in use for a multitude of projects (see unslashed finance for example).

I don't need to sue as long as I get my money back.


it depends on the country u are in. in Brazil the law is a joke. I prefer to risk a typo then be entangle in any legal battle here. I know people that won cases 30 years ago, and are yet to see any money.


I didn’t say banks were faultless. I didn’t say that any aspect of a fiat currency based system is perfect. I just said that redress works often enough that people don’t give up on it.


But he got it back, right? P(recovery) = 0 is a whole different ball game than flip a coin and maybe the bank will relent


That's terrible. I've only heard bad things about HSBC, although that's true of most banks to be honest.

However, it's going to take more than 150 calls and a lawyer to hard fork the ethereum chain to roll back this contract.

Perhaps a class action lawsuit can force the auctioneers to pay back the money despite not having access to it themselves. Either way, there's literally no way for the misdirected cryptocurrency to ever return.


> to say that banks are faultless

You are replying to somebody who said literally the opposite: "They are not all perfect"


Hey, are you still using Keybase?


I am not! Once they got in bed with cryptocurrencies, I closed my account. But I forgot to delete it from my profile here, so thanks for mentioning it.


No


I agree completely. Even as a person who is extremely confident with using computers I would not feel at all comfortable putting my life savings in a place where one typo or bug could cause me to lose everything.

How is the average person expected to feel comfortable doing it?


The simple answer is to not put your life savings into “Akutars”[1] untested and unvetted token contract.

[1] https://www.aku.world/


The challenge is, that's just one of many examples of problems that would be very opaque to non-experts.

Without deep knowledge of the crypto space, and excellent operational security pratices, putting a significant amount of money into these projects is a risky prospect.

For many people that's not a sensible trade-off.


Users sent their tokens to a contract that is less than 24 hours old, with code that had no prior exposure to the market. It does not take an expert to learn that “sending your tokens to random contracts is a high risk activity.” But I will agree that consumer education & protection does need to improve in this space.

FWIW the risk profile is different than interacting with something like WETH contract, which has had an $10+ billion USD open bug bounty for long time frame.[1]

[1] https://etherscan.io/address/0xc02aaa39b223fe8d0a0e5c4f27ead...


Yes. If you can't tell the difference in risk between a company that has been around for years and secures tens of billions, and a smart contract literally launched 24 hours ago, you shouldn't be investing in crypto right now.

If you have basic common sense though you'll probably be ok.


It IS reversible. Just whine on social media until the primary stakeholders fork the blockchain!


While that was true for the DAO, very few people are rich and powerful enough for the rulemakers to bail them out when they mess up.

If the typical NFT buyer has their 'Ape' stolen they have to spend tens of thousands of dollars buying it back.


It only works when they are the losers.


Good luck with that


This will never happen during such a stable and highly adopted period of Ethereum, FUD.


The DAO debacle showed that it's not really irreversible.

Thought experiment: a bug is exploited tomorrow which locks forever $50 billion worth of ETH, including of prominent VCs/users/exchanges.

You will see suddenly how consensus crystalizes to do a hard fork reversion of the exploit.


Since The DAO incident 'the code is the law' ceased to exist on Ethereum. It became 'the majority interpretation of the code is the law'.


So things are only reversible when the vast majority of users get impacted? That does not seem like a recipe for a stable financial system. Too many individuals will get screwed over in edge cases to drive mass adoption.


> So things are only reversible when the vast majority of users get impacted?

Close, but not quite. It's not a democracy, it's a plutocracy. Things are only reversible when those few who hold the majority of the wealth are impacted.


The Parity multisig bug locked 509019 ETH, which is around $1.5 billion today


The DAO fork was exceptionally sinister. In essence a new transaction was inserted into the Blockchain without an accompanying signature!


Layer 1 is not for normies, but abstractions on that can provide any functionality that they need.


I think this is a good point to go deeper on. Layer 1 should be immutable and irreversible, while Layer 2 can have public, multi-sig/vote-based upgrade processes.

In this case, on a layer 2, the contract code could be updated, but only if those with locked ETH vote for the upgrade to be processed. Better yet, the Layer 2 could allow ETH to be withdrawn from the contract by the owners and the contract itself could be deleted.

I think the general, technically-informed public often miss the distinction between Layer 1 and Layer X and how they differ in the need for decentralization and censorship resistance while still providing users with security.


Even the industry isnt quite there yet, what we will probably see, will be a truly post-maxi crypto that will focus on interoperable dapps and other higher abstract decentralized entities that will be agnostic towards their L1 and will just plug them in as needed ...


There are many thousands of contracts that work perfectly securing tens of billions of dollars. You have an anti-survivorship bias because only the failures make it on HN and in the media.

If you work in the space you realize only a tiny fraction of wealth gets lost to bugs. This $34M is roughly 0.02% of the wealth locked in smart contracts ATM.


I would agree in any free society, where you can trust institutions to fix such mistakes when they happen, this risk of irreversible transactions is not worth the reward.

But when the alternative is a dictator arbitrarily seizing/taxing your money, devaluing it through poor economic policies, the risk doesn't seem so bad eh?


> I would agree in any free society, where you can trust institutions to fix such mistakes when they happen, this risk of irreversible transactions is not worth the reward.

> But when the alternative is a dictator arbitrarily seizing/taxing your money, devaluing it through poor economic policies, the risk doesn't seem so bad eh?

I'm skeptical that reducing (at the margin) the pressure to transact via (and thus expand use of) free society's institutions is a particularly good side effect.


> Most people do not have the risk tolerance to use a system where one typographical error can irreversibly lose your life savings (for example), the product of decades of work.

This might be true without mattering much -- most people don't have decades of savings. If you're not willing to lose the product of decades of work, but you never have more than a year worth of savings, what does your unwillingness mean?


Just because savings won't last more than a year doesn't mean those savings aren't the product of a decade of work.


Most people do not have savings that are the product of more than a year of work.


Think I'm missing your point. Are you suggesting that most people have total savings < one year's income?


I'm saying something much stronger than that! Most people, at some point within the past one year, had total savings of zero or less. Most people do not have more than a year of savings, because they haven't spent more than a year saving.


Most people do have savings considerably less than a years income.


While it's true, on the other hand, third parties can't confiscate crypto without interacting with you.

But crypto should become smarter for real world use case than just following "logically right" rules like some rescue protocol that without a receipt signal, it gets rolled back.


try to reverse a wire transfer


Apparently, it's done by having professionals in the loop who will usually send the money back. (There are exceptions.)

<https://bam.kalzumeus.com/archive/no-payments-are-final/>

> Of course wires are reversible. They were not designed by children, but by professionals who live in a society which has systemically important institutions, and in the event of malfeasance or mistakes society does not tolerate a bank failing or a state missing payroll simply because someone said “no takesies-backsies” fast enough.

> Mistakes happen! By, conservatively, the hundreds of thousands daily across all payments systems, millions depending on your definition of mistake. Wire transfers, like almost all payment systems, explicitly contemplate them and have a sociolegal ritual to quickly reverse them.

> The ritual is called “hold harmless” and comes from a soft guarantee about the wire transfer ecosystem, which is that transactions are largely between sophisticated counterparties acting in good faith, intermediated by institutions whose probity is almost sacrosanct. Importantly, wires are in expectation worth having a human in the loop for; that is very not true of most payments.


This seems to be a description of how coordinating counterparties can reverse transactions made over any medium, with a bit of argument alchemy to shift the discussion from individuals to banks representing them.

> It took the combined forces of several agencies of the federal government more than five years to reverse ~$4.5 billion in Bitcoin transaction

Unlike the Bangladesh Bank hack, for example, which they were unable to reverse.


You're only illustrating the fact that given an honest error in crypto, reversibility tends to be the exception, not a rule. While in traditional finance it's the reverse.

Taking any one scenario where it didn't work out that way is highly selective cherry picking. There is not functional equivalence between "almost always impossible" and "almost always possible".


It's a counterexample, not an attempt to prove equivalence. Banks-as-middlemen allow reversing just about anything on the basis of firm handshakes, with little regard to the wishes of the parties they stand in for. Taking "reverse" to mean "do it again in the other direction" and "reversible" to mean "untrusted parties delegate control to intermediaries who trust each other", both of which are true here, means it's perfectly compatible with crypto. It does render any advantages moot, but avoiding the latter is typically the goal, and this linguistic sleight of hand obscures it.

For the actual topic, I don't have any respect for these ICOs/mints/[newest renaming], they're shameless cash grabs with 98% marketing and 2% upwork-tier code. However, you can burn a million quid; I don't think it's a big deal that you can burn 34 million in digital currency due to extreme negligence.


counterexample, not an attempt to prove equivalence.

That's fair, I just see lots of discussions where single examples are used to (often literally) say "that's no different from other finance".

And I agree reversibility can be built for crypto, it's just that right now that is not the norm, and defi probably won't see wide adoption until that changes a bit.


> However, you can burn a million quid

KLF much?


It’s only the rule in normal banking if you restrict your domain to large, powerful banks. Anyone else is on their own.

Elaboration: https://news.ycombinator.com/item?id=31139114


The Bangladesh hack was unable to be reversed because the attackers exploited holidays in multiple countries to create a multi-day window where they could be reasonably sure that people wouldn't be auditing the transaction.

And of that hack, I think something like 90% of the transactions for stolen money were reversed, but a significant portion got through because of the timing.

edit- and IIRC the whole thing was caught because of a typo?


Yes, I think it's pushing back on the overly binary idea that transactions are always/never reversible but it does it by being overly binary in the opposite direction.

A better summary might be "transactions are reversible in more cases than you would expect."

Also, transactions that aren't reversible at a low level are often reversible at a higher level in the stack.


Correct, if you have two powerful participants, who can hold mutually assured destruction over each other, then — stars above! — they play nice.

Now try the same scenario when you’re an ordinary Schmoe who wired money to an obvious scammer, and then tell me whether you still believe Patrick’s model of the banking system as a giant kumbaya circle run on gentlemen’s agreements to Do The Right Thing.


Linus from LTT recently reversed a $90k wire he was tricked into sending after a contractor was hacked. It's not like the destination of a fraudulent wire is an anonymous blackhole. In this case it was a wire to another Canadian bank. The money was frozen during an investigation and then returned a week or two later.


Linus heavily implied that he had an "in" at a senior level that could make an investigation happen and get the funds frozen before they were moved. I don't know about you, but I certainly don't have that level of power.

The destination of a fraudulent wire will be known, but that money is practically unrecoverable if it takes another hop or gets withdrawn.


That only worked because the funds didn’t bounce somewhere else first. Wire transfers are final.


The wire transfer transaction may be final, but that’s not the end of the story. A court can subsequently compel the receiving bank or party to send the funds back to the sender.


That’s true, but depending on the path, funds might end up in various jurisdictions, complicating the recovery story.


The same thing applies to crypto.


Do you always know who you’re trading with in crypto? How do you identify the counterparty to make the demand from? This isn’t a problem with ordinary transactions, where the two parties have regulated organizations making the trade on their respective behalf. Even in stock trades, where the counterparties are anonymous, there is a mechanism for reversing trades because the system was designed for it.


Until the two banks agree that it isn't. Errors happen all the time.

https://bam.kalzumeus.com/archive/no-payments-are-final/


“The finality of wires is path dependent” is a statement that I would agree with.


Ah, but you can go an entire lifetime without doing a wire transfer, and even if you don't the risks are well known at this point.


In Europe you have SEPA transfers where the reversibility after a transfer is comparable to a wire transfer. You can't really avoid them because they are the standard way of transferring money (if you don't pay by card or use direct debit).


You’re right but I find it funny that before this thread I was reading this one https://news.ycombinator.com/item?id=31133963


In Europe you can't, wire transfers are the main way of transferring money.


That, vs this situation, is the difference between "difficult, maybe costly (legals bills) & time constrained" vs "impossible"

I don't want the later for anything I consider a large financial transaction.


Welp, at least, the wire transfer process itself delivered the money to the correct recipient.

Now, imagine this: an error in a transfer contract locks away funds, not only from victims, but also from phishers. What a beautiful world to live in.


You could design a contract that could be bug-fixed and upgraded provided some % of stakeholders consent to the upgrade. These platforms are still in their infancy so upgradability or even just thorough testing and auditing is rare.


It also works the other way around: When in conflict, law (and force) will always have precedence over smart contracts.


Well:

> The unforgiving-ness and irreversibility of cryptocurrency are the reasons that it will never gain significant adoption by “normies”.

Exactly. Such that bank / wire transfer, didn't take off or gained significant adoption by normies?

> With fiat currency, we have many systems for dispute resolution and restitution. They are not all perfect but they work often enough that people still have faith in the system.

Chargeback fraud for both the consumer and the merchant is good as well? Is that why when the payment processor encounters tons of friendly fraud in a merchants account they lock up your account and you're unable to accept payments anymore, effectively killing your business.

The bank doesn't even know if the chargeback is fraudlent or not and will take the money from you regardless of you wasting time countering the disputes to prove that it is fraudlent. Thus, it hurts both the merchant and the consumer and that system can be abused.

> Most people do not have the risk tolerance to use a system where one typographical error can irreversibly lose your life savings (for example), the product of decades of work.

Yeah, most businesses and banks are doing just fine with the reversibility of wire transfers aren't they? [0]

[0] https://www.bbc.co.uk/news/business-59826345


> Exactly. Such that bank / wire transfer, didn't take off or gained significant adoption by normies?

ACH has reversal built in. Wire transfers are harder but there are remedies through the legal system. In neither case is the money simply locked up and never usable again.


Companies like Visa/Amex don't just provide a transaction network, they provide insurance for a fee. You know when you use your Visa debit/credit card that certain assurances are made. Among other things you can do charge-backs, and they will debit the merchant. The merchant pays a % cut to the network/insurer and it's built into the price of goods and services.

If such insurance/service guarantees are of interest to the market, they will be provided.

The weird thing is people associate Visa transactions with business that are real legal entities that have contracts with Visa and you could sue, but as soon as you say Bitcoin they assume every transaction is like a Nigerian prince scam. These associations are the result of effective marketing by people who want you to feel that way.


>Chargeback fraud for both the consumer and the merchant is good as well? Is that why when the payment processor encounters tons of friendly fraud in a merchants account they lock up your account and you're unable to accept payments anymore, effectively killing your business.

>The bank doesn't even know if the chargeback is fraudlent or not and will take the money from you regardless of you wasting time countering the disputes to prove that it is fraudlent. Thus, it hurts both the merchant and the consumer and that system can be abused.

Merely because the US system of handling chargebacks is dogshit and your companies have taken to making processes so unpractical that chargebacks are common practice. European banks perform 2FA checks for online purchases, and chargebacks are harder to execute, while still doable.

But sure, throw the baby with the bathwater, the bath, the house and the city's water system because you forgot to decrement a counter in a shitty contract.


I never got why we call those things "smart". It just seems like a dumber, more pedantic kind of contract.

The kind that can take into account intent via the courthouse mechanism is smarter.


I actually like this kind of naming nowadays, it tells you right away how trustworthy it is. Smart is becoming the Karen of the tech industry.


As a person who never lived in an English-speaking country, associating Karen (or any name really) with such a bad personality has always made my "be nice" alarm bells ring.

Truly sorry for the digression, just wanted to know what others think, and not blaming you or anything. Spoken languages are weird, even weirder than cryptocurrency contracts with accidental bad logic - the weird logic in spoken languages seems somehow desired.


I don't live in an English country either and we have our own equivalent male and female names. This is basically a common stereotype being so universally seen as negative that it becomes an insult. Not great because some people actually have that name (and most of them don't deserve this association), but then again a person's annoying behaviour isn't the worst reason for negative labels.

Like always you can insult and hurt people with "clean" language and use vulgar words in non-offensive ways. But say what you want, I'll keep calling "smart" technology trash ;)


"Smart" these days often feels like it really means "smart enough to subvert the user's interests".


You are right, of course. Imagine how shitty is must be to be named Karen and have millions of people one day start using your name as an insult. Just one of the hundreds of ways the internet mob steamrolls over people.


>hundreds of ways the internet mob steamrolls over people.

There's lots of names that have acquired negative stereotypes before. In my lifetime the name "Mike" at one point basically meant asshole (not so much anymore) and "Bob" basically meant boring, and "Patel" was a catchall negative for anyone from India.

There's even research on some of the nuances of the phenomenon. [1]

This isn't an aspect of internet mobs, it's an aspect of human nature, or at least society in general.

The Internet may shine a light on our flaws, and provide some new outlets for them, but it doesn't really create new ones, we brought them with us, like settlers from Europe going to the "New World" to escape the plague only to find they brought it with them.

[1] https://www.tandfonline.com/doi/abs/10.1080/00224545.1996.97...


It wasn't fun being an Adolf in the beginning of the previous century =)

These things tend to happen.


That had happened to Dicks before though.


People are able to distinguish between "Karen" and "a Karen". It's no more of a problem than my dad had with people distinguishing between his name "Bill" and "a bill".


Unrelated, but I live in Poland and there's similar thing related to names. Stereotypical Janusz and Grażyna are boomers, Karyna means a poor woman that's not exactly educated, and so on. It is not only American phenomenon.


It's just some lingo, dog. (Not actually calling you a dog.)


"Smart" is to contracts as "Democratic" is to country names


Turns out unfettered immutability isn't the holy grail it was made out to be


Depends on the audience. This sort of immutability is still deeply loved by the blockchain idealists and the criminals. And more casually by all the people who love them some victim-blaming.


Really? I would have thought that a "bulletproof" contract is better than a vague one, precisely because the latter is more likely to be litigated. What's the value of having a contract, if you have to go to court to find out what it means?

Of course, I don't want a bulletproof contract imposed on me. It's better if "our standard contractual terms" are vague, so that I can sue suppliers. But if it's a private, custom contract, then I really need to know beyond doubt what it means.

My problem with blockchain "contracts" is that they don't seem to be able to affect (or be affected by) the real world - fiat bank accounts, delivery of goods in working order, etc. They only seem to affect digital pictures of monkeys. I suppose that simply means I don't "get it".


> What's the value of having a contract, if you have to go to court to find out what it means?

The vast majority of business is performed under implicit or explicit contracts without any disputes whatsoever. We’re talking billions of interactions per day.

Courts are there for the rare occasion when a dispute occurs. There are many kinds of disputes, but one occurs when there is a complex agreement that was drafted either vaguely or incorrectly. This happens because human beings are imperfect; unforeseeable events occur; and because the language in which the contract was drafted might be vague or capable of multiple interpretations. Court hearings give the litigants the opportunity to provide evidence and context so that a judge can decide the fairest outcome.

So we don’t need courts to do business, but they exist because we need some peaceful way of resolving disputes. The alternative is violence.


In professional live, when you are talking contractual provisions, after signsture, and during disputes the relationship is already ruined in most cases. And those conflicts are hardly ever litigated.


Nearly all major commercial contracts have an arbitration clause, so it's true that those conflicts are rarely litigated. "Disputes" are expected, but they go to arbitration. That doesn't at all mean that any relationships are ruined.

There is a whole industry of arbitrators for hire. They are usually specialised in some field of business, so they don't need bringing up to speed. And they're all experienced lawyers. The work is nearly all paperwork - submissions, affidavits, disclosures. There is rarely a face-to-face hearing. It's more like doing accounts-receivable than sueing someone's ass.

"Just business", as some mobster might have said.


Well, non-repudiation is not the same thing as non-reversibility. The former is part of a Smart Contract. Unfortunately, most (all?) cryptocurrencies make you take the latter too.


Some variant of this kind of disaster with smart contracts seems to do the rounds on Twitter every couple of days. Why does this keep happening?

Since software will always have bugs, how do developers of smart contracts intend to fix this kind of problem? Does anyone actually have a solution to this?


Approximately $300 billion of value is secured by on-chain smart contracts. What makes it to the front page of HN probably gives a distortionary perception, in the same way that watching sensationalist news makes you think kids are being abducted left and right.

Only bad news sells. A $35 million bug makes it to the front page, but how often do you hear about Uniswap processing $1+ billion in trading every day without a single hack in 5 years.

In general, there’s actually been a sustained improving trend of fewer hacks, higher likelihood of recovery, and lower losses as a percent of assets. The headline numbers may be higher, but that’s largely a denominator effect of the meteoric growth in on-chain assets. It’d be like judging New York City based on how many murders are in the paper instead of the murder rate.


This kind of code is usually contracted out to the lowest bidder because the people that want to pull the scam/MLM/NFT project/whatever you want to call it don't have the technical skill, but can do the marketing.

This leads to bugs or exploits often ending up in these "contracts". The concept is inherently flawed, as they can't be updated and can't be reevaluated or reinterpreted by e.g. a court. The money's just lost.


> The concept is inherently flawed, as they can't be updated and can't be reevaluated or reinterpreted by e.g. a court. The money's just lost.

This is the way it seems to me too, but I just can't understand how a flaw this obvious could be overlooked by so many people? Surely we are both missing something?


It's mostly neglect on behalf of the teams. In this case, the code was never audited and was created by a rather immature team that was rushing for production. So recupe for disaster.

In truth you can write code that is upgradable or ammendable, but always within limits of Ethereum transactions being immutable. However, when a project wants to emphasize that immutability, because that's perceived as the need by the users and the devs, then you end up in this situation.

So, as usual, the problem is solvable with a little diligence. The challenge is for crypto culture to get over itself and mature and actually perform that diligence.

I will say that there are very mature, very well developed projects that you don't hear about getting hacked, because they take advantage of the wealth of experience that's been built on this subject.


>So, as usual, the problem is solvable with a little diligence.

If you're going to potentially lose tens or hundreds of millions, you need a lot more than a little diligence. Formally proved code (something along the lines of Ada with Spark Pro) is the bare minimum for something with some much money on the line, and even then I'd still prefer a traditional contract and leave things to the courts.


It wasn’t overlooked - someone noticed the issue and reached out to the team just before launch but it was declared ‘FUD’. Ultimately it’s a junior team - this should have been caught. While not perfect, smart contracts are starting to mature - well-tested contracts become templates, access to 100% control flow fuzzing becomes easier, more people are releasing testnet versions with bug bounties… it is going in the right direction but only if you can be bothered to put that effort in. Ive worked as a contract test engineer in crypto for over three years now across several projects & blockchains, and yet to have a project have an issue like this.


True believers think court interpretation is inherently corrupt and a systemic flaw, while these are just implementation bugs and ultimately fixable. Everyone else is either running a con, or a mark. There's really only three categories here and very little to miss I think.


Each time I’ve given crypto a chance, I get about 5 minutes into looking at Ethereum contracts and the EVM and end up walking away because it’s such a mess IMO. It really all feel very junior.


At this point I wouldn't bother with smart contracts and just use it as a medium of exchange or investment.

However, if Ethereum sticks around there will be standardized, off the shelf contracts for people to use that have wide-spread testing/adoption. Once we reach that level of maturity then it could make sense to use it for things like escrow on a contract/purchase.


How do you use ETH on a contract to purchase goods? How does the contract know when it has been completed?

I can imagine using ETH for escrow; but there has to be a human in the loop for escrow, to direct escrow funds to be released. I guess one could contrive a situation where a "contract" could autonomously determine when it had been completed. But that's not the general case.


You put $10k in escrow to buy a house. Either both parties agree (human intervention) that the requirements have been met and the escrow is released to the seller, or the funds are returned to the buyer after some deadline.


Always good to have a consultant around to explain the tough words ;)


> How does the contract know when it has been completed?

Escrow, or an oracle (checking, say, FedEx delivery.)


There already is: https://openzeppelin.com/

Most people use them for their projects, but you don't hear about them because they don't make it to hacker news as only crypto pessimism is upvoted here.


What do you dislike about the EVM?


This is admittedly secondhand knowledge, but my understanding is that the EVM was written with 128 bit words, and consequently cannot be implemented using any common general purpose computer hardware. All of its operations have to be implemented in software, making it significantly slower than it could be as a result.


Isn't the whole point making the decentralized network itself the computer...?


Market makers need the ability to process transactions quickly. There is indeed a network of computers involved, but each computer is, well, a computer, and needs to make computations in order for transactions to process.


Does a zkEVM by Loopring+Vitalik consulting on it scratch your itch?


If you code it properly you can release a new version and disable the old version, forcing your users to use the new contract. It doesn't mean you can retrieve the money locked by this particular contract though. If the logic doesn't allow it you're out of luck.


To me this almost seems like an argument to insist on legal level protections for development of contractual code. As in, you need to have qualifications like a lawyer, liability coverage like a lawyer (or bank) and have to be approved in some fashion before you can publish a contract that deals with more than a certain amount of capital.

Theres no difference between a badly codes contract and a badly written one that doesn't do what one signer intended. Short of you can try to convince a judge to adjust it or handle it differently.

In this case. There is no judgment system to allow for reversal of badly coded or misunderstood contracts. Which means that the standard for the development should be far higher with considerably more insurance and coverage for risk.


At this point I just want to know why it's considered news. This site is called hacker news, after all. The sun rises in the east, another smart contract eats people's money, another shitcoin goes to zero. Here's your coffee, sir.


I guess crypto haters are trying to prove to themselves their vision.


> Since software will always have bugs, how do developers of smart contracts intend to fix this kind of problem?

They don't. I doubt most are even thinking about it, and of those that are, most probably think it can't happen to them.

Crypto tries to make financial programming more like web development, and less like writing code for a bank, but there's a reason writing code for a bank is such a pain in the ass: it has to work more or less perfectly, every time, at least on the backend.

If you trust your financial framework to someone who took a UDemy course last weekend, you get what you deserve.


And when there inevitably is a problem with the code at a bank, you call a real person who investigates and then fixes the problem and makes you whole. This process is far far far from perfect, but at least it exists.

When a smart contact developer makes a mistake, your money is just gone, forever, with no recourse.


>They don't

This is wrong. It's pretty standard for contracts to be able to be upgraded. Usually you want to put a delay before updates are applied. This time delay allows users to see what is happening with the upgrade and gives them a chance to cash out if it's bad.

There might also be a way to do an emergency upgrade, but typically this account is much more locked down compared to just being able to make a normal update.


> Some variant of this kind of disaster with smart contracts seems to do the rounds on Twitter every couple of days. Why does this keep happening?

Because it’s code which means errors are a fact of life, and the goal of crypto pushers was to spread the scam so instead of looking at formal methods in order to make “smart” contract ironclad, they started from ECMAScript so that any idiot could go from a frontend widget to deploying a smart contract with minimal introspection or reflexion.


I always wondered why aren't smart contracts developed strictly; proving them with Coq or some proof assistant, or making a formal TLA+ struct to define them before coding. As the siblings say, it smells like contractors that don't take it as seriously as (imo) they should.


Most important smart contracts like MakerDAO are formally verified already and there are ways to code smart contracts in functional and other safer languages.


Bar to entry is extremely low; copy-paste existing contract, change a few variables and launch. Yet, the contract must resist state-sponsored attacks, eg. https://rekt.news/big-phish/

Maybe one day there will be a sort of unhackable template that everything derives from, or an automatic software-prover.


The academy have developed tools for code verification, state modeling and formal proofs. The choice of using a javascript fork for financial contracts is deliberately dumb and will result in the craziest bugs we could imagine.


Formal proofs will not save you if the assumptions are wrong. You can formally prove a bug that you thought is a feature.


You could at the very least model impossible states and check they won't happen. The assumptions are not that hard to model either, there are not that many moving parts.


Probably because there are tens of thousands of smart contracts now and hundreds are created every day.

Companies get hacked every single day too, probably many that you use, it's just more opaque when that happens.


IMO the APIs are overly complicated and there's no proper dev tools to test and debug the code. There's a few testing frameworks out there but I'm not really sure how well they work considering how often this happens. I don't get why there isn't some straight forward way to build failsafes into these contracts.


I imagine the process of "building a failsafe" is just as bug-prone as writing the main contract. It's just more code, after all.


They will certainly fix it if you give their startup another metric fuckton of money. ;-)


I know a lot of smart, professional software developers. Many of them, me included, have taken a look at this stuff, or even been recruited to join a cryptocurrency-related project. Some of them even tried it out. But very much on purpose, none of them are currently involved.

So my guess as to why it keeps happening is a sort of Dunning Kruger effect combine with a selection filter such that the people most eager to get involved are the ones least likely to be able to spot the problems.



$34 M worth of Ether at today's prices is lost. The dollars spent on them (probably a lot less than $34m) are almost all still in circulation.


That's an interesting way to think about it. No resources have been lost as it is a virtual thing and if we assume it to be worthless we haven't lost anything. Mind blown


All of the resources were wasted buying power for mining rigs. Can’t get that electricity back, and the power company doesn’t do refunds


Except people spent money in the market so - the mining rig companies now have the money and computers were built. The “waste” leaks into productivity at every joint.


The power company has the money, coal was bought+burned. Ultimately this is a form of broken window fallacy - buying resource to literally burn them into thin air is not stimulating the economy


Agreed. The $34M goes to all current ETH holders (in the long term of course).


so the ether went into the ether ;) & nothing is lost


I've never seen whatever code this is, so correct me if I'm saying something stupid, but do they really use uint256 for their number variables? Like a number that goes from 0 to 115792089237316195423570985008687907853269984665640564039457584007913129639935? Are they trying to keep track of the number of atoms in the universe or something?


Vitalik has said using 256-bit word sizes in the EVM was his biggest regret from the early days of Ethereum.

As others have mentioned, it was largely chosen because of the ubiquity of 32 byte hashes. But overkill for regular math. One pernicious issue is that it makes translating existing smart contracts into ZK rollups really challenging because 256 but arithmetic blows up the circuit size.

https://www.theblockcrypto.com/post/116413/vitalik-buterin-r...


It’s to prevent any possible chance of brute forcing the value. 64 bits is vulnerable. 128 bits is impervious, and probably won’t ever be vulnerable. But 256 bit crypto keys are common.


That's not quite right. We're talking about the type of the integer, this doesn't have anything to do (directly) with cryptography. It's a bit of a silly decision but Ethereum uses uint256 for many things to avoid having to do floating point math.


> Ethereum uses uint256 for many things to avoid having to do floating point math.

Wow. I'm pretty ignorant when it comes to Solidity, so it hadn't previously occured to me that it doesn't have floating point. It stretches the limits of the imagination to consider the insanity we'd be seeing if Ethereum did have floating point math.


Sure, there are other benefits of uint256. But it does simplify carrying around crypto keys.

256 bit integers to avoid floats seems like a good idea too. I’ve wished for it whenever I try to represent integers as double. 2^53 is such an arbitrary restriction.


Has an insurance market already arisen?

I.e. can I buy insurance for some percentage of my transaction against a bug swallowing the whole value of my transaction?

Seems like an opportunity to let an economic market drive more rigorous dev and test practices by giving shops with more rigorous practices lower fees.


yes, its pretty vibrant for the past 2 years. claims get made in advance and paid out unceremoniously with no fanfare (just like outside of the crypto space) but there could certainly be more fanfare and articles around that experience, since you can tell by this thread that people who should know about it don't know about it. You can find people in the discords of most communities who have the claims after an exploit who are like "yeah they paid" and move on, and you can look at the insurance protocol's contract to see it paid out for your own verification of that.

not sure if I've seen it for NFT collection contracts, but they're pretty robust and actively cater to the DeFi category of services.

here is a list of insurance protocols that also use a token for any number of reasons. its a whole category on the "marketcap" sites.

https://www.coingecko.com/en/categories/insurance

there are likely many well capitalized insurance protocols without a token but I don't know about them for that specific reason, which is a fun irony when wondering "but does this need a token?"


Yes. I'm not going to name drop for fear of it coming off as shilling, but I'm familiar with a couple DApps that are two-sided marketplaces for insurance on other DApps.

If you lose your money to a smart contract bug in the insured DApp, the insurers will reimburse you.

If you really trust the code of a certain app, you can earn revenue as the insurer on the other side of the trade.


The people that sent money to this contract still received the NFT right? Or can still receive the NFT

Its more about the project not having the operating capital (99% margin lol) and also loosing some confidence which they can recreate by performing parts of the roadmap and getting the community their NFTs? (the verified person is already saying they will airdrop NFTs and reimburse some participants when banks open so they wire dollars, convert that to ether, and send to some participants)


Correct, the project can just create another set of NFT's and "bless" them as the official ones.


Only demonstrating that the "original" NFTs were worthless to begin with.


the project created mint passes that qualify you to receive an airdrop. this hasn't changed


People keep claiming over and over that you'd not lose money like this with (non-smart) contracts because the court would always rule your way. That's absurd. If you went around making the kind of contract-of-adhesion offers to the general public that smart contracts represent, you're not likely to get the benefit of the doubt in court. And if you had a lawyer as incompetent as the devs writing these contracts, you'd have plenty of errors.

I want to be clear: the devs aren't incompetent because errors exist; they're incompetent because they're incompetent. I hang out in programming help spaces for devs of varying skills, and 100% of the crypto questions come in on the lowest skill help channels with the most basic questions. It's often opined that programmer skill isn't a real thing. Well, such beliefs have consequences.


> People keep claiming over and over that you'd not lose money like this with (non-smart) contracts because the court would always rule your way.

I don't think anyone is claiming that the court would always rule your way; that's a strawman. Courts do stupid shit all the time.

The point is that a court could rule in your favor. With something like this, what's the remedy? How is a court going to order some developer to undo a transaction posted to an immutable ledger? What do you do when the source of truth is wrong, and cannot be altered?


Agreed the original post was a bit of a straw man but now we’re just weighing risks. If a court can make a stupid decision with someone’s assets then it flows both ways: a court can take as well as return. So yes crypto fails to be recoverable by a court - but that’s obviously offset by being difficult to be stolen by a court too. The fact that most western countries don’t wholesale steal from their citizens means it’s easy to discount this benefit in the face of this cost.


I don't think any "people" are claiming it will ALWAYS go your way, and if they are they are wrong. The point is at least you have a shot at some sort of remediation. You can appeal to courts and work it out. Sometimes there can be an error so egregious that you end up losing your money. But in general the intent of a contract is strongly considered with human decisions. Computers have no concept of intent. Yes incompetence is everywhere, but how often does one messed up line lose millions of dollars? Even skilled developers make mistakes. We saw it at the very dawn of smart contracts with the DAO being broken, and Ethereum forking which blew up the "irreversabilty feature", and showed that there is great potential for a contract to be not what was intended.

With crypto if the cryptography is secure you have absolutely zero recourse to get your money back. Ever. One of the selling points of cryptocurrencies and smart contracts is the non reversibility/mutability of them. However it has been shown many times that that causes harm more often then it has benefit. Loads of assets have been stolen/lost/rendered irrecoverable.

In this case ALL parties would agree that it is definitely not was desired when they went into the contract so it would not even have to go to mediation. They could simply write a new contract rendering the other void in the non crypto world.


> People keep claiming over and over that you'd not lose money like this with (non-smart) contracts because the court would always rule your way.

If people do it that much, surely you could give us links to 3 or 4 of them? I'm interested, as I've never seen anybody claim that.


Excuse the basic question but what language is that? And does anyone have a good tutorial or similar on writing things like this? I know this is basic stuff but I hadn't really seen a real example of a 'smart contact' (I assume that's what this is) until now and seeing it like this is intriguing.



https://cryptozombies.io/ may interest you


If you are wanting to read some code, here's a an "ERC20" contract (a "money").

https://github.com/Rari-Capital/solmate/blob/main/src/tokens...


Everytime this happens in the cryptocurrency space it makes me want to laugh and to cry a little.


How much money needs to be lost or stolen before it's declared a bad idea?

Like at this point I'd take my chances in the wild west with a stage coach, a shotgun and a handful of friends over...whatever is going on with crypto.


It seems like these systems ought to be developed with independent formal verification as a legal requirement. Or maybe that's too naive to dream about?


I've worked with using formal verification systems to secure smart contracts. It's less useful than you would think, for two reasons:

1. It's extremely hard to come up with the correct rules for expected behavior. It's like making a safe wish versus an evil genie. It's also surprisingly easy to make a rule that doesn't check anything, or what you think it does.

2. In the areas that deal with the most money, DeFi, there may be thirty program involved, most of which were not made by you or under your control. Current formal methods can just handle a single program. The common way to handle networks of contracts is to test each in isolation, making assumptions about what the other contracts can do. But it's really easy to make a wrong assumption here.


OK, that makes sense, thanks for the insight! I do still think it would be "helpful" to apply formal methods, even if they don't solve the problem 100%, just like some testing is better than no testing. Better than the current wild west at least, it would seem.


Code is protected as free speech by the US Supreme Court. There’s no legal avenue by which you could prohibit someone from writing and publishing smart contract code.

At best the most you could do is setup a legal barrier to deploying that code to a block chain. Even then, this is legally iffy, since deploying chain simply involves broadcasting a message to the network. Most likely the court would interpret this as a form of published speech protected by the First Amendment.

But even if not, you can still publish the smart contract code on GitHub and say “I sure hope no one outside my jurisdiction or an anonymous address takes this code and puts it on-chain.


I'm not sure I agree with these points (although these are good insights). There are regulations that apply to code in other domains, like HIPAA/FedRAMP/banking compliance etc, so why cannot they be applied to blockchain providers as well?


You could do that, it would still be up to the consumer to only choose to interact with those contracts and projects, just like it is now. But the consumer is undiscerning.


Besides the badly written smart contract I'm also struggling to grok what exactly is Dutch about this auction. It's not that the price of something keeps dropping until somebody makes a bid.

Instead everybody pays the lowest bid? Does everybody get a token as well? Why would anybody bid more than the reserve im this model?


Correct me if I'm wrong, but someone could fork Eth, and write code to "release these funds" back to their "owners" right?

Adoption of this fork would be the critical factor, but if enough money gets locked up, it get more and more lucrative to "unlock it all" will be with your eth-unlocked fork.


This has happened. It’s called Ethereum.

The original fork was mostly abandoned, and is known as Ethereum Classic.


They already do this whenever one of the developers fat fingers their code and loses all their own holdings. The whole thing is kind of a scam.


> whenever

lol, once, at the beginning before it had traction...


A fool and his money are soon parted


$34M are not locked. Rather the tokens some people paid $34M have now become worthless (untradeable). But those $34M have not disappeared they're on somebody's bank accounts. Such rhetoric is very deceptive.


I am going to have your comment bronzed. It's such a perfect example of how in the crypto world the US dollar value is hyped in the good news. But once the news is bad people get all, "What even is money, man?"


The car did not crash. Rather the money you paid for it has now become worthless (unridable). But that money has not disappeared, it's on somebody's bank accounts. Such rhetoric is very deceptive.


I think you've got the logic other way around.


I think this is a strange take, sure the $34M is in the ethereum account but it is not in someone's bank account, but the people that sent money to that contract do have an NFT right? or have a claim for an NFT that can still be sent to them manually right? I think those NFTs don't have to be worthless, there is just a temporary blip in confidence until the project proves they are still able to perform with less revenue/capital and also still motivated to do so.


Effectively identical.


Where can I view git blame?


Does this mean an infitesimal bump in the value of remaining ethereum?


Infinitesimal is right.

Since EIP-1559 went live in August 2021, over $6.3 billion worth of Ethereum has been burned since they now burn transaction fees instead of giving them to miners. They burn about $11 million per day!

This $34 million is a drop in the bucket and note that even though all that was ETH burned, the price is still below where it was when they started.

https://watchtheburn.com/


yep! one could make a "locked clock" that predicts the distribution of inaccessible Ether to support their bullish hypothesis


Here, I fixed the headline: $0.0 permanently locked into AkuDreams contract forever due to bad code.


I think that the programming models used in blockchain are entirely wrong. This kind of thing happens all the time.


Crypto once again showing it’s a solution to a problem that hasn’t been found


The reason why thats an odd take is that it scapegoats poorly run companies when we should be just shaming the specific project team and organization and doing post mortems to make it less likely to occur. Just like we do on this very forum when not talking about the crypto space.


code was (f)law(ed)


This is excellent.


Ah yes. But you see, this time is different.


but i thought leetcode style interviews was the best way to screen people and nobody needs people with experience???


[flagged]


“Everyone keeps reporting about how this bank keeps getting robbed every day but no one is reporting about how their ATM sometimes works okay.”


I think most of HN are atheists who don't buy in to the cryptocurrency religion.


You sat there waiting to copy and paste this comment weren’t you?


Perhaps it was posted using a DAO running a SmartContract on The B_Chain?

;)


Answering a question with a question (especially a totally unrelated one) isn't a great start to a conversation.

Given that we have seen tons of scams in crypto like this random project and now a payments platform called Stripe has joined in (needs no introduction), I am now asking you, (assuming you know what Stripe is and what they do) where is the scam that Stripe is doing in their announcement of Crypto payouts?


HN does not have a nuanced view of this space. There's a lingering assumption that everyone involved in crypto naively wants the "old way" gone in favor of bitcoin, which is completely absurd, or that the rest are scammers.


Well, basically everyone I've talked with on here about it that supports blockchain and cryptocurrencies has either explicitly or implicitly taken that position (that "fiat" should be replaced by cryptocurrency), so yeah, that is my assumption.


We agree there is a group of people who don't have a nuanced view of the cryptocurrency space. But you seem to have overlooked about 99% of people advocating for crypto.


Bad look to be silencing negative opinions about YC backed companies. Seeing this more and more lately, and am assuming my comment noting this will be gone soon too.


Just to be clear: I downvoted this because I sincerely believe it is not true. I have seen enough negative things about YC backed companies here, especially about Stripe, that I don't buy support spreading this kind of narrative without any evidence. It's not helpful or healthy for this community to spread false accusations.


> I downvoted this because I sincerely believe it is not true. I have seen enough negative things about YC backed companies here, especially about Stripe, that I don't buy support spreading this kind of narrative without any evidence.

What narrative? What false accusations exactly?

I see "Crypto is scam" comments on here from time to time and I'm looking for an explanation about Stripe's entrance into using crypto-currencies [0] themselves without any answers.

It's interesting to see that all the replies here have deliberately avoided my question into where the actual scamming that Stripe is doing in offering crypto payouts, since others like to scream the same "Crypto is scam", 'snake oil' nonsense.

[0] https://stripe.com/blog/expanding-global-payouts-with-crypto


> Bad look to be silencing negative opinions about YC backed companies.

That narrative. I wasn't replying to you, but to the "am assuming my comment noting this will be gone soon too" statement as his comment was bound for a lot of dislikes and I wanted to give him an explanation that that has nothing to do with his perceived reality.

I don't care about the Stripe feature and it's not related to the topic of this post, except that both is crypto. If you haven't gotten any satisfying replies in the actual submission you linked why do you think it's necessary to ask about what Stripe is doing in an unrelated story just because it's about bad crypto practices and then complain that you don't get answers to the derail?

If you post a story that details that Stripe is actually scamming with crypto (more than just offering the option) I'm sure it would get traction.


TL;DR

Is this sort of like "I forgot my password"?

If I put 100 $20 bills into a paper shredder, will someone make me whole?

Of course not, yet when the analogous thing happens in crypto, that's somehow an argument crypto is fatally flawed.


Yes, if you can recover 51% of a bill and send it to the treasury they will make you whole. Not a perfect system and obviously can't help if both shred it and light it on fire but there is a recovery mechanism.

Crypto has none, it's a feature to some but a deal breaker for most.


Weird analogy because yes, if you put money in a paper shredder (at least in the US) the Mint will indeed allow you to send in your shredded money and receive cash in return: https://www.bep.gov/services/mutilated-currency-redemption/s...


Although they might refuse if they suspect "...a pattern of intentional mutilation...", so I wouldn't recommend shredding your savings just to demonstrate the system.


Ah yes. When crypto works, even barely, it's the magic perfect future financial system. When it doesn't work, it's entirely the user's fault and they are stupid doo-doo heads who deserve the blame. Such a classic "heads I win, tails you lose," dynamic.


It seems to me like the comparison needs to be tweaked a bit (long before the possible recovery via the US central bank or treasury comes into play), this was a sort of guarantee/escrow, so let's imagine that you are told to put your 100 $20 bills into a safety deposit box, if you win the auction you give your key to the seller when you get the object, otherwise you can open the box and get your money back.

Only the deposit box has a sliding plate at the bottom that may (or may not) be randomly pulled out and when/if this happens your bills will fall into a shredder.

Would you make the deposit knowing how this particular box is made/managed?

Or would you think that this particular kind of deposit box is flawed?

Point is that you were told nothing in advance about the sliding plate and the shredder.


Unless this has changed in the recent times, then yes you will get your money back as whole. If you have all the pieces, the bank (at least in Finland central bank will) will trade it to a new one and the old one is demolished.

It is pretty normal for money to get damaged and reissued.


That’s a straw man. You’re giving your money to a vendor expecting a return, and instead your money is just unusable forever sitting in front of you as a monument to test coverage because of a bug in code. The thing that caused the problem is supposedly the key feature of the system (immutability). This is why people argue crypto is flawed.


Delicious. Somebody with $34 million of loose cash just got shown reality.


More like a few thousand people putting in $1000 here and there just got shown reality.


34,000 with cash to burn on NFTs, I keep up with the bigger projects, never heard of AkuDream and they got 34m, crazy




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: