4 Comments
Apr 17Liked by David Z. Morris

DZM's articles (per the soul of DeFi) on Unchained are fantastic. I don't know about this: "Systems as complex as DeFi face huge, maybe inherent, challenges in formally eliminating those kinds of edge cases." I'm foreseeing people will recognize that having risky assets unisolated in lending solutions will simply be ticking time bombs, much like many do with under-collateralized algorithmic "stable"coins. I always liked this exploit analysis, especially for this part which I have quoted regularly: "When you have shared borrowing/lending markets, even a single bad asset can lead to a total collapse. Isolated markets like the one provided by Kashi protocol from Sushi limit the risk of a bad asset to just that asset’s borrowers and lenders. Hence, you can list more exotic assets on Kashi with lower risk." https://mudit.blog/cream-hack-analysis/

Of course, it's a bit ironic using a Sushi product and "lower risk" in the same sentence per the Sushi problems of late. Sushi's problems are much like Fortress' as per the article (https://finance.yahoo.com/news/another-fork-bites-dust-looming-084601883.html) by Brady Dale (who I just coincidentally mentioned in my last comment) as linked to in the Unchained article. "It’s like a small republic that spent too much money on their military." I may be quoting that sentence quite a few times also in the future.

Anyway, Mango token being mixed in with the rest of the lending tokens is a huge amount of risk. It's not so edge case, or at least not that surprising, and not something too complex to avoid.

Expand full comment
author

Yeah good point specifically on Mango. Putting your own token "inside" your system is always cancer, basically also one of the fundamental mis-steps of FTX. That said, my point at Unchained was more general - complex enough systems always have edge cases, and some of those will be destructive.

Expand full comment
Apr 17Liked by David Z. Morris

Agreed on both points.

For the first: It's as simple as keep your own token out of it. I worry about DePIN. I think infrastructure is indeed the best place to look for crypto utility. Let's use crypto to get away from AWS reliance. But pay everyone in your own token? What's the token's value then? Just to then sell it? Like it is some infinitely mintable farm token on a pancakeswap clone to make up BS APYs that will never actually happen? If/when DePIN was paying infrastructure providers in ETH, BTC, USDC, or something sensible, then I'd/I'll be far more excited.

For the second: Yes, DeFi is definitely complex and full of weird edge cases. Will totally agree. But when you read enough rekt.news, it seems like the articles repeat sentiments like "the same reentrancy bug again, really?" and "seriously, this is a fork of that protocol that got hit with the same exploit last week, why wasn't it fixed then?" and "another Dapp upgraded their contracts AFTER their audit and didn't get it re-audited?" Granted I am trusting rekt.news when it says these root issues which are constantly being overlooked are not so complex because the code is too complex for me to read directly to verify myself. I realize the irony in that. And, again, even if there are a lot of repeated mistakes, sloppiness, and possibly malfeasances--there will definitely still be edge cases. In fact, it's the edge cases that make up the really interesting rekt.news articles.

Expand full comment

https://www.coindesk.com/policy/2024/04/17/jury-begins-deliberations-in-110m-mango-markets-fraud-trial/

https://www.coindesk.com/policy/2024/04/18/mango-markets-exploiter-avi-eisenberg-found-guilty-of-fraud-and-manipulation/

Doesn't seem like Mr Mango (MM) had much of a defense team. Where are the crypto lobbyist organizations that rushed to the aid of Centralized Exchanges when they were/are in court? Don't they love all crypto and believe in crypto ethos like they claim and not just those with big TradFi pockets? Even though it seems they are all funded by Cex money? Funny how that happens.

Guess if you are in lowly DeFi you need to sell NFTs to crowdfund your defense, a la Poolys, which were somewhat of a success. Of course I see nothing wrong with crowdfunding via NFTs, especially for crypto-related artists and content creators.

MM's defense rested on one expert, and most of that expert's testimony got dismissed. Axiom says a juror even fell asleep during the expert's testimony. Also per Axiom, defense only relied upon how much money MM had to risk and the fact that everything MM did was visible and on chain.

That was all MM had for a defense? I'm surprised the defense didn't try attacking the "securities" part that the whole case hinges on. Bring out a host of experts who will at least be able to say it's a really hard problem to define a security, especially with regards to crypto. Then the defense should ask the jury, do you really feel confident enough to say beyond doubt that the instruments involved were securities? Because if you can't, whether he manipulated or not is moot. You're asked to rule according to securities.

And how did the prosecution get away with the flimsy analogy of lending a fake diamond? That has nothing to do with market trading. Also, it's not at all like lending a fake diamond. It's like lending a real diamond and basically doing exactly what DeBeers did over years and years to trick people into think diamonds are actually worth a lot more than the value of a really strong drill tip, and doing it really really fast, and then people realizing DeBeers is full of sh**, which a lot of people are doing now, but having that realization happen really really fast. DeBeers might have done some crimes (they probably have some “blood” on their hands), but running an extremely successful ad campaign likely isn't one of them. Or, perhaps more accurately, a “highly profitable marketing strategy.”

Then there's the Terms of Service (ToS). As I have said, I was interested in any ToSes. And apparently there were no ToS for Mango Markets. I'm pretty sure other markets were involved too and they likely has ToSes. FTX (lol, would be pretty funny to expect the users to follow the terms SBF himself broke regularly) and AscendEx, I believe. But I don't think those, or their ToSes, were brought up in this case, perhaps the prosecution couldn't because those markets aren't plaintiffs. But again Mango had no ToS. Seems pretty clear to me that MM had free reign to be use as designed, not necessarily as intended. I remember reading somewhere that someone on the Mango Discord even highlighted this exploit was possible, of course that doesn't mean the developers read it, but whether they learned it from Discord or again lots of previous exploits, I'm pretty sure the Devs could have done something prior to the exploit. Even if contracts are immutable, which I am not sure if they were in this case, front ends aren't typically. Even when frontends are immutable, you can always create new frontends. At the very least Mango could have created new code without the exploit and a new frontend and pointed everyone there. Not saying that Mango should have had to when the code is flawed, but by the same token, not everyone needs to follow the spirit of the code as is when flawed. I dare say that is what makes it a bit fair.

And the internet searches! Supposedly those were the prosecution’s strongest evidence. I don't agree that evidence is strong at all.

Sure, someone Googles "how to make a b--b," then makes a b--b, and by a b–b, I mean something that clearly has no other purpose than to go boom... Well, outside of the bigger question of should someone in a free society be prohibited/penalized for simply obtaining information, assuming what a person searches for on the internet really is and should be admissible, OK, that is pretty good evidence. They tried to find out how to make a very specific thing. That very specific thing was made. Very likely corroborates an accusation that person made that thing.

But let's say someone wants to create something that might accidentally explode. Let's say it uses flammable parts in a very pressurized container. That someone knows making or setting off a b--b could get them in trouble and they google “how many years in jail would I get for making a b--b,” does that count? Does that mean they made a b--b?

If I Google “what's an example of illegal market manipulation”. And read a great example of market manipulation is order spoofing /stocks/. And then I Google “what's the statute of limitations on market manipulation.” And then open my /stock trading program/ and open a bunch of buy and sell orders of /stocks/. And such prior searches are admissible in my later trial. Okay.

But MM did not open his Fidelity stock trading account and try to open a bunch of buy and sell Alphabet stock orders, did he?

The defense could easily (I'd hope) convince a jury that the question of whether a Mango token is like a stock is really hard to answer (so is whether a Dapp used for token swaps is like a stock broker, but that Well Notice for Uniswap is pretty recent, the stocks = crypto is far older and more talked about). Because you don't actually have to understand all the complexities. You just have to say “woah, cases are going either way for the organization enforcing stock compliance on whether crypto is like stocks; the people currently and historically in that organization aren't even sure if crypto is like stocks: the governing body that determines the laws for that organization isn't sure if crypto is like stocks. And yet the prosecution wants me to send to prison some guy based on this really complicated issue, even though I'm a farmer who thought mangos were just something that grew on trees before today.”

Part of me wonders if the reason I'm the only person seemingly defending MM is that he's a bit of a John Brown figure. We're sympathetic now to John Brown because we generally know slavery was pretty f'in bad. But John Brown also did some bad stuff, even by today's standards. MM's personality, at the very least, does not seem very sympathetic. I even read on Protos that law enforcement found some really bad materials on his cell phone. I don't know if it is true that law enforcement allegedly found things or that any allegations of MM's fault are deserved. Regardless, that stuff does not sound like part of the case he was on trial for. It sure doesn't make him seem sympathetic in general. But that shouldn't be the point.

I think MM got screwed. George Soros becomes a revered investor after finding a way to exploit the British pound. But MM is very possibly going to jail. But I don't think just about him. I worry about the precedence this ruling might make. I worry that yet another avenue to short and keep at bay possibly dangerous financial instruments that might cause a lot of harm when they get too big is being taken away. And I worry all I can do is write this comment which likely won't be seen by many at all.

So it goes.

Expand full comment