One of the busiest days of the year for DeFi featured exploits, rugpulls, protocol pivots, and more.
Never a dull day indeed.
Today was among the busiest in recent DeFi memory, featuring a hack worth eight figures, a token dump worth upwards of eleven from none other than Ethereum co-founder Vitalik Buterin himself, a significant update on institutional adoption from Aave, and a proposal on Uniswap’s governance forums to turn $UNI into a governance token — a proposal once again courtesy of Vitalik. Rapid reactions, roughly in chronological order (assuming my memory isn’t totally fried from today):
Aave announces permissioned institutional trial pool
As first reported by Cointelegraph earlier today, Aave currently has a private test pool with institutional investors who are trying out DeFi.
I had the distinct pleasure of chatting with Ajit Tripathi, the head of institutional business development for Aave (who is also an excellent Twitter follow BTW) about the initiative earlier this morning. The key quote from him is that the test pool is in an “advanced” state, and will likely be live and ready for production as a permissioned market with KYC/AML features soon.
The news set off a flurry of debate in the DeFi community about whether or not institutions and their legal needs — specifically, those KYC and AML barriers — are ideologically and technically compatible with DeFi.
Pandering to institutions will kill this movement, mark my words. https://t.co/7AQTFcQD0P
— Ser Doggo IV, last of his name (@fubuloubu) May 12, 2021
Here’s the reality: in the short term, institutions dipping their toes in will inevitably be a boon for the space. More liquidity, more adoption, more users, more money floating around to fund your favorite projects staffed with wildly ambitious teenagers. Take their cash, their positive press, and shake them down for whatever they’ll give.
In the long term, their walled gardens will ultimately be a historical blip. Permissioned pools will be slower, less agile, and have less liquidity than the wider space — they’re doomed to fail. This is a first step towards the institutions eventually embracing participation in fully decentralized systems, which is the inevitable endgame.
If that take makes me a bootlicker pandering to our CeFi overlords, so be it. The jokes at my expense have been good at least:
Choke me daddy https://t.co/QpRVMU9bcH
— banteg (@bantg) May 12, 2021
xToken gets exploited
One of the most promising projects in the space was exploited for upwards of $25 million this morning. While the nature of the exploit was complex — effectively merging and leveraging two attacks into one — there’s some argument that simple steps could have mitigated the problem.
xSNXa and xBNTa contracts have been exploited. Minting paused on all contracts as we investigate further.
Liquidity pools have been drained, however most SNX and BNT remain in xToken contracts.
We owe the community an explanation and will be providing another update shortly
— xToken (@xtokenmarket) May 12, 2021
xToken allows users to hold interest-bearing derivatives of core assets like Aave and SNX that require some form of staking and/or governance or protocol participation in order to access their full value. The design is clever, even allowing users to select risk appetite or governance participation philosophy as options — much more nuanced than your standard “index” or “easy” product.
However, the trade between the synthetic or derivative tokens and their parents is partly to blame for the exploit this morning.
Per whitehat hacker Emiliano Bonassi, the attacker manipulated the Kyber dex marketplace while also simultaneously taking advantage of how xToken calculates the price of their x-token derivatives. As he told me on Twitter, the attacket effectively put “two exploits” into a single transaction:
So the problem is that the undervaluing is related to get the price on the amount exchanged on Kyber which is low because of the flood of SNX borrowed from Aave and dumped on Uniswap (connected via private reserve to Kyber)
— Ξmiliano Bonassi | Ξmiliano.eth (@emilianobonassi) May 12, 2021
It’s becoming increasingly clear that using a single DEX as an oracle is irresponsible without some form of time-weighted average price calculation involved, which mitigates the effects of flash loans intended to throw of DEX prices.
Products like xToken are important for tax efficiency and low-effort participation; here’s hoping they recover.
Sign up to get my bad takes right in your inbox!
Vitalik proposes Uniswap as a stablecoin oracle
After a successful launch of their v3, Uniswap has been on a roll.
Yesterday news emerged that Uniswap had flipped Bitcoin in terms of daily fees generated, and this morning none other than Vitalik Buterin weighed in on a possible use for the $UNI governance token.
In a post on Uniswap’s governance forums, Vitalik proposed that UNI effectively become an oracle token, utilizing its high marketcap to create an oracle service similar to UMA’s design, which would use cryptoeconomic guarantees to ensure respondents give truthful answers.
While Buterin believes an oracle focused on stablecoins could bolster the health of the DeFi space, perhaps most compellingly from a UNI hodler’s persepctive it would finally give the token a purpose.
After all, competitor DEX SushiSwap was founded in part because developers saw an opportunity to fork the project and create a version that did not have a significant team and VC token allocation, as well as offering a token use case beyond amorphous, eventual voting.
While the Uniswap team has said that they intend to transfer to a fully decentralized model where UNI will presumably have more utility, this proposal from Vitalik might give it some purpose beyond speculation as well. Not a great look that you need a future Nobel Prize winner to figure out a use case, though…
Lots of folks doin bits about how they think the $Link marines are gonna lose their minds over the Uniswap oracle proposal
Not enough folks are doin bits about how it took one of the best minds of our generation to come up with a use for $UNI lmaooo
— Andrew T (@Blockanalia) May 12, 2021
(For the record, the Uniswap guys are brilliant and I frequent the protocol with regularity).
Vitalik chooses violence
As Cointelegraph reported, Vitalik Buterin sold or donated today huge swaths of shitcoins that developers sent to his wallet in recent months in lieu of a proper burn. Some highlights of the ad-hoc charity drive per former Ethereum Foundation member Hudson Jameson:
Epic crypto donation spree by @VitalikButerin!
All AKITA tokens to Gitcoin Community Multi-Sig
13,292 ETH to Givewell
1000 ETH + all ELON tokens – Methuselah Foundation
1050 ETH – MIRI (AI safety org)
500 ETH + 10% of the SHIB – @CryptoRelief_
500 ETH – Charter Cities Institute
— Hudson Jameson (@hudsonjameson) May 12, 2021
All related tokens are down double-digits, with one of the dog-Elon crossover monstrosities down an astonishing 90% last I looked. My advice to those investors jilted by the events remains the same as the last absurd memecoin washout on 4/20: learn to laugh.
(As a side note, I enjoyed how people used incoming transactions to effectively turn his account into a graffiti wall — insults, pleas for mercy, and ChainlinkGod cheering him on among the highlights).
Buterin also transferred some 320,000 ETH to a Gnosis safe — one which I suspect won’t accept unapproved incoming transactions, which will prevent this situation from happening again.
Ultimately, I feel for Buterin. He was put in an absured position, with projects sending him tokens as a “burn” in what was ultimately a marketing stunt. Moreover, these projects are forks with little by way of innovation and value add — simply speculation vehicles enjoying unusual success during an even more unusually frothy period in the markets.
It all leads to an ethical tangle: is dumping those tokens moral, given the damage it would do to speculators? Does Buterin hold responsibility for those speculators? Would he hold responsibility for NOT dumping the tokens if he determined the funds could be put to better use elsewhere?
Funnily enough, however, chewing through these questions might be a task he’s especially well-suited for.
A little-known fact about him: he’s read — and I’d argue has been significantly influenced by — the contemporary moral philosopher Derek Parfit. My editor says I need to stop linking to outside material, but forgive me this one, a beautiful profile of an even more beautiful mind.
Parfit’s impact on Buterin is clear. A few years back, while puzzling through the problems of competing stakeholders in a crypto governance context, he posted multiple repackagings of famous Parfit paradoxes:
Suppose 4000 people support a proposal and 6000 oppose it. However, *30 minutes in the future* one of the supporters will be copied into 20000 people by a Star Trek-style replicator, and they will from then on live separate lives.
Should the proposal be implemented?
— vitalik.eth (@VitalikButerin) May 27, 2020
We’ll wait to see what his eventual blog has to say on the matter, but my suspicion is whatever his justification might be, it’ll be well-reasoned and defended. Turns out he was more pragmatic than some scammer devs expected.
Other major stories this week:
Rari Capital loses $11 million to exploit
Yearn launches affordable, YFI-pegged dog token
Rugs on the rise on Binance Smart Chain
EasyFi releases compensation plan