On The Brink with Castle Island - Chris Blec (DeFi Watch) on the Pursuit of Transparency in DeFi (EP.220)
Episode Date: June 7, 2021Chris Blec is a researcher and the founder of DeFi Watch, a project dedicated to identifying points of centralization and risk factors in DeFi, in particular the presence of admin keys. In this episod...e: How Chris got interested in DeFi How he first noticed the risk of admin key usage The changing nature of admin keys and multisigs Whether project multisigs reduce dependence on trust Why worry about Admin keys in the first place? Have DeFi projects improved their key management and trustlessness over time? Chris' letter to 0xPolygon Chris' plans with DeFi Watch Should Bitcoiners care about DeFi? About admin key failures? Why transparency is a self-regulatory measure Sponsor notes: Copper is transforming how institutional investors engage with digital assets by developing award-winning custody and next-gen trading infrastructure. Headquartered in London, the firm is scaling rapidly across Asia and North America to bring its suite of products to a wider pool of institutional investors. To learn more visit copper.co or reach out on Twitter, @CopperHQ Aave is a decentralized, open source, and non-custodial protocol where users can deposits and borrow digital assets, and earn interest on those assets. Head over to aave.com to experience and learn more about DeFi.
Transcript
Discussion (0)
Hello and welcome back to On the Brink. Today's episode is brought to you by Copper and AVE. Let's start with Copper. It's the global provider of blockchain infrastructure solutions for institutional investors who are actively trading digital assets. Its award-winning custody application is connected to 25 of the largest exchanges in the world, ensuring safe storage and movement of assets for the biggest crypto hedge funds, market makers, family offices, and high net worth individuals. Their clear loop system,
is the first off-exchange settlement network for digital assets.
It's the safest way to trade balances in custody across multiple exchanges
without requiring on-chain settlement, on-chain movement of assets.
To learn more, visit copper.co or reach out on Twitter at CopperHQ.
This show is also brought to you by AVEA, AVEE.
AVE is an open source and non-custodial liquidity protocol
where users can earn interest on deposits and borrow digital assets.
It's a decentralized community government protocol.
More and more about AVE at AVE.com.
Brought down by bad mortgage investments, Lehman, which has 25,000 employees, will be liquidated.
The federal government loans American International Group, AIG, $85 billion.
This is a different kind of market, and the Fed is asleep.
The federal government is stepping it to stabilize Fannie Mae and Freddie Mac,
the two mortgage giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more to Britain's ailing economy
with a new round of Concentive Easy.
And print a couple trillion dollars
and all of a sudden people started to worry.
So out of this worry,
we have something called a Bitcoin.
Bitcoin.
So Chris Bleck,
you have done a huge amount of stuff actually.
I remember we met in D.C.
at one of the Fintech summit,
put on by Chris Brummer back in the day.
And then years later,
you're one of the number one.
I don't want to say influencers,
but people discussing Defi on YouTube.
YouTube, one of the top DeFi YouTubers, and now you've launched this pretty cool initiative,
Defi Watch. I'd say, at least as far as I'm aware, you're best known for trying to raise
awareness around admin keys and the risks that they pose. You know, you had this really
interesting letter to Polygon. Anyway, we're going to get into all that. Welcome to the show.
Very excited to talk with you. Thanks, man. Yeah, I think we might have first met at like an
MIT Bitcoin thing a few years ago.
And then definitely in D.C.
Yeah.
I'm not sure which one was first, but it was definitely like around the geeky,
either Bitcoin tech or Bitcoin regulation stuff, which I've always been fascinated with.
Yeah.
It's such an interesting space.
It kind of not that many folks that are into crypto are also like that dialed into regulation.
Certainly not.
There's not that many self-regulatory initiatives in the,
industry for better for worse. Yeah, I've always been more interested in the regulation, the tech,
the privacy, et cetera, than the price action and the, you know, the events and the conferences
that just focus in on pump, pump, pump. Not so interesting to me. Yeah, I want to say you're like
the number one champion of trying to get to the ground truth of the risks of some of these
protocols. I don't think that's an exaggeration. I've seen. I've seen.
cited some of your work and papers that I've written about Defi. So grateful for you having done it.
It's still, I think there's a lot to be done because these contracts and protocols just proliferate
so quickly. And it's hard to sort of keep up with the risks there. Maybe to zoom out a little bit,
just tell us about, you know, how you got interested in defy in the first place.
Well, I'm a Bitcoiner first.
You know, probably at this point, yeah, over four years in the space since I really, when I say in the space, it's from the point at which I, you know, the infamous rabbit hole, liberty, privacy, all the self-sovereignty, all the things Bitcoin can do for users.
So that's what drew me in.
And fast forward a few years and Defi started to burgeon up.
And I've never been a maximalist as far as technology goes.
I'm always exploring different stuff.
But I always bring the Bitcoin first mindset to it.
So Bitcoin is my benchmark when I look at anything else in crypto, including defy and Ethereum.
So when it first started to bubble up, it became interesting to me because I've always been under the impression.
And it's true.
Everybody knows like Bitcoin is a decentralized currency without a whole lot of decentralized ways to use it.
you know, services, decentralized financial services. So when DFI started to make that promise to the
community that it could provide decentralized financial services where we didn't have them before,
whether or not it was for a Bitcoin, that interested me. And I knew right away that it was an
opportunity to help mold the space potentially or try to mold the space into something
better than what it might become. You know, and to this day, I believe that D.FiFiFiFi's
I could end up in one of two places. It could either end up in a place where it truly does provide
beneficial, decentralized services for people who want financial freedom and economic liberty,
or, and this is more likely at this point, unfortunately, or it could end up as big banking 2.0
and giving superpowers to the banks that have been ripping us off for hundreds of years.
You know, so that's the dichotomy that I see.
I see it definitely heading in that big banking direction.
But what I try to do is I try to raise awareness because most of the people using it still don't recognize that.
They still think it has more in common with Bitcoin than it does with JP Morgan.
And I think that's a huge mistake.
And if we don't educate people about that, it'll just keep going down that road and the lines will get blurred.
And people won't understand the difference between decentralized and centralized anymore.
That's my biggest fear.
That's quite a stark tone to start us off.
That's my forte, man.
I'm all about dark and gloomy.
At what point did you start to get concerned about like points of centralization that you had noticed in Defi?
When I first discovered Defi, I didn't know what I didn't know yet, you know?
So I was still, and I'm not a developer or an economist.
I'm just a regular guy who is into this stuff.
So when I came in, you know, I saw the ways that people were using compound and MakerDAO
and these different technologies to basically replicate things that you could do with banking.
You know, and I didn't realize, yeah, what kind of centralized control was necessary to make
that stuff happen.
So I created a lot of video content.
I've always been excited about like creating video and just learning materials and,
making things easy for non-developers to understand because no matter what cryptocurrency or technology
we're talking about, I really believe it's important that regular people feel comfortable using
it. So I was doing that in the beginning. Then, yeah, I think it was like in 2019 some point,
maybe about two years ago or a little less than two years ago. Amin Soleimani wrote a paper,
who's another, you know, prominent Ethereum guy, wrote a paper about, or a blog post about
compound's admin key. And he described how it worked, you know, basically it's just a
Ethereum address that can be used to modify key parameters of the code, which for me,
it opened up my eyes because, you know, yes, you deploy smart contracts on Ethereum and they're immutable.
But what I didn't recognize up until that point was that you can.
could basically have these variables, parameters, et cetera, within that, that could be changed.
And those could range from just a single, you know, address that might be used in some way to entire chunks of logic.
Yeah.
You know, so when you have that kind of flexibility, it suddenly raises the question, like, how is this decentralized anymore?
And that's when it started to open up my eyes.
And I sort of moved away from creating educational content about just how to use this stuff and onboarding people and more to creating content about the risks and about what you need to know before you jump into this space with both feet.
So it's probably fair to say maybe you can disagree with me on this that most kind of D5 protocols have some sort of admin key or off switch.
actually I don't know if that is a fair characterization a good chunk of them do some of them don't
like I guess uniswap is sort of the canonical example where it is literally just code that is
deployed to the blockchain then people can choose to contribute liquidity to it and to move to the
next version of uniswap they deploy new code and then you can choose to use the v2 or the v3 etc
But many other projects maintain some measure of control over the contract.
Can you sort of just explain to us why you would want to do that, like what the purpose of that would be?
So there's so many defy projects now that I'm not sure if it's most or what percent have it.
I will tell you that out of the top defy projects, since we started this discussion,
about a year and a half ago,
most of the top defy projects have moved away
from having the sort of stereotypical admin key
and towards tokenized governance.
Okay.
Where they use the, you know, they air drop their token
and they use that to replace the admin key, essentially.
It can do the same kind of stuff,
but you need those votes in order to execute the transaction.
So most of the time you will find these things in new defy projects.
Because every defy project that is launched,
is launched kind of it with an air of uncertainty around,
is it going to work?
And the fear of these developers is they're going to launch code,
they're going to deploy code in a way that they cannot edit it
and not change it.
And it's going to have a bug,
and they're going to lose everybody's money.
Right.
So in order to protect themselves and their users,
They keep that centralized control, which could be in the form of a single Ethereum wallet or it could be a multi-sig wallet or Dow.
There's a lot of different ways they can do it.
But they keep that with that justification in mind.
That's why they say they do it.
So it's being a bit uncharitable.
You're right.
Obviously, tokenized governance is very popular among, especially among the more blue chips, I suppose, you could call them, where you're done.
delegating control over these system parameters.
When it comes to tokenize governance, which I suppose is, you know, less exposed to some of these key risks, are there, you know, if you drill down into it, are there still risks that, you know, large token holders could potentially influence the system?
Yeah, absolutely.
I've written a lot about that, too, about the distribution.
of the tokens, you know, and a lot of projects claim that they're widely distributed and that
it couldn't happen. But the problem is when you look at it from, I like to say from the Bitcoin
point of view, the trustless point of view, you just don't know what is on the record and what's not.
And you don't know which investors, which founders, which employees of the startup that
produce this protocol, what they have in wallets that aren't on the record. And the question is,
how many people would a regulator have to get into a room and threaten if they don't vote in a certain way to make such and such change to comply with such and such new regulation?
How many people would they have to get in a room and threaten for it to happen?
And in a lot of cases, I would even speculate in most cases is probably less than 10.
Right.
You know?
Yeah, like the bus factor type thing.
it's a great point.
I believe, and maybe you can correct me on this,
that there have been instances where flash loans have been used to borrow tokens
on a short-term basis in order to tip a certain vote over the edge type thing.
Yeah, the only one that I know of for sure where that happened was with MakerDAO
with a specific proposal.
But then right after that, they woke up and they fixed,
that potential exploit, you know, but I think that's a lot less of a concern now than what I was
just mentioning, you know, sort of like the collusion among, or the potential collusion among founders
and investors to comply with the regulation where if they don't comply, then their business
loses value. Their token loses value. If regulators come along and say, do this or we're
going to shut you down or tell your token holders that this is now about.
volus token.
Their incentive, the problem with all in all these situations is when you have the financial
incentive so strong for the founding team and for the investors to get a return on their
investment, they're going to do whatever they have to do.
So with Bitcoin, if the possibility came along where the price could get hurt because of
XYZ regulation, nothing would change.
But with these defy projects, they can make changes that would make sure they keep the value
of the token afloat.
So returning to the classical admin key, there are a bunch of configurations there as well, right?
Like in some cases, you just have one kind of naked admin key that really controls critical system parameters and others.
You've multi-sigs.
Are there like other categories there?
Or is that sort of like the two common approaches?
Those are the primary ones.
People have used Dow's as well, which is similar in theory.
to a multi-sig in that regard, you know, where it's just trying to spread out the perceived risk,
you know, but there are still plenty of defy projects that use one single Ethereum account
as the admin key. And the biggest problem with those is that users have no idea and there's
no way to prove how they're being secured. Right. For all the user knows, and this has happened
a few times, the developer could be keeping that Ethereum.
Ethereum account in a metamaskot wallet that could be compromised, hacked, exploited, whatever,
private key extracted, put into a hacker's computer, and bam, they own the smart contract now.
They can do anything.
They can mint unlimited tokens.
They can transfer all funds to their own wallet.
Obviously, when you get that private key, it's over.
So that's the crazy thing.
And some of those projects have achieved $10, 20, $50, $100 million in users' deposits that have ultimately
just gone by by because of stupid stuff like that.
It's incredible the scale of this stuff.
In terms of like the specific risks of an admin key, there's clearly the hack.
What would you say are the other like possible negative externalities of having this
concentrated power in one or, you know, like a small multi-sig of keys?
The biggest vulnerability is is the fact that you have to trust.
what the team is telling you with regard to a number of things.
First of all, you have to trust, you don't have to trust how many signers there are
and what threshold they have to meet in order to execute because that's on chain.
You can see that.
You can also see which addresses have been designated as the multi-sig,
key holders, as the signers.
That's on chain too.
What you don't know is for each of those addresses,
is the sole person in possession of that address,
the stated keyholder.
Okay, we obviously don't know that.
Same with any crypto situation.
You don't know.
You can't prove that you're the only one
who's ever had that private key
or that demonic phrase or whatever.
So that's one big problem.
You have to trust in that.
Number two, you don't know,
and there's no way to prove
that more than one person on the team
doesn't have multiple keys.
So if there's eight total keys,
one person on the team might have three.
Don't know.
Not saying it's likely,
just saying it's possible, right?
So right off the bat, when you use a multi-sig in that way,
a lot of people perceive this as, okay, we don't have to trust it as much.
There's more people involved.
You know, there's a higher threshold that they have to cross
in order to be bad guys.
But 100% of it is based on the skill and the integrity
and the honor of that team, which right there,
it's an existential problem in my book.
You know, it should completely write off the validity
of a multi-sigas, a way to prove that a project is like, you don't have to trust it as much.
I think it increases the amount of trust that you have to have in it.
So I want to talk about a few case studies.
We were talking just before this about this website, wrecked.news, which lists a bunch of smart
contract exploits.
I mean, a mind-boggling number, truly.
and some of them have to do with the compromise of admin keys, others not.
But you're telling me that the second biggest one ever, according to this leaderboard, at least, uranium finance was apparently an admin key exploit.
Is that right?
Yeah, as far as I know, this is one project that actually basically lost the admin key.
You know, so it was, it was, I don't know if the details were ever released as far as how that happened,
but I could tell you the most likely way that could happen is just carelessness on the part of the owner of that single admin key.
So, you know, if it's not a multi-sig, you're just talking about one Ethereum address with one private key that may or may not be held in a secure way.
And keep in mind, too, it doesn't have to be, even if it's held securely at the time of the creation of the defy project,
That doesn't mean when that wallet was first set up, it could have been set up two, three years ago, right?
You go in, you'd create, you got your 12 or 24 word seed phrase.
Maybe you don't know as much about OPSEC at that point.
You're sitting in a coffee shop.
There's a camera on you.
You have key logger software on your computer malware.
You know, you don't know what.
You know, somebody's watching.
You know, so you set it up back then and then two years later, suddenly it's a admin key sitting on one of your accounts.
Okay.
boom compromise it was compromised before you ever created the project so we don't know exactly what
happened with that one but somebody got their hands on on the account whether they hacked in and
just took the private key out or whether they already had the mnemonic or you know these are the
situations we find ourselves in multiple times and as you know like you said like it's it's millions
and millions of dollars and the biggest problem is that users when they're putting their money into
these things are not asking these questions like they're not
looking at how these admin keys are set up, what the skill level of the developer is,
you know, how it was set up before, you know, how the wallet was set up. These are all questions
I would ask is somebody who's been immersed in this, but people are just coming in and dumping
$10,000, $100,000 into these projects. Just thinking it's as solid of a trust model is Bitcoin.
That's the big fallacy. Like literally people think it's Bitcoin level trustless.
where it's completely the opposite.
It's worse in my book than a centralized exchange in that regard.
You have to trust one single developer.
A lot of times they're anonymous.
It's like, what are you doing?
It doesn't make any sense.
So you've been chronicling this stuff and ranking some of these projects on their
trustlessness.
You've seen a lot.
What would you say?
There's probably a lot to pick from.
What in your view is one of the most concerning setup?
or situations you've ever seen in terms of a lot of funds exposed to, you know, really critical, you know, and undesirable situation as far as an admin key is concerned.
So, I'm sorry, excuse me. I hope you can edit.
I can, yes.
Okay.
So there's been a few in the past that have really caused a lot of concern.
one specifically was or is called Harvest, which uses one single admin key, one Ethereum wallet, not a multi-sig,
in possession of an anonymous developer that nobody, as far as I know knows who it is.
At the time I first brought it up, they didn't have any sort of time lock, and a time lock
basically is a smart contract that adds a delay.
So whenever they want to execute a transaction with that admin key to change something,
it has to wait a certain period of time on the chain before it can actually occur.
So there was none when I first called it out.
Right after I called it out last year sometime, they had an exploit.
They're on that wreck leaderboard somewhere.
And then they added a 12-hour time lock.
That was a bad one.
It's bad because when you have one admin key in the hand of a one,
anonymous person, you're even not, you're assuming it's a human at that point, right?
Could be an alien from outer space.
Yeah, it's like that's, I mean, for me, it's beyond reproach as far as like redeemability.
Currently, the biggest point of concern in my book is, is what's going on with Polygon.
And Polygon is an Ethereum.
I call them DeFi chains.
They're kind of like side chains, but they have bridges back and forth to Ethereum.
and they typically have higher levels of centralization.
And by and smart chain falls in this category and Phantom and there's other ones out there.
But Polygon is grown into the biggest one.
They currently are at a $11 billion total value lock.
They're actually, I think by this time this week, they could be considered to be the biggest
defy project period.
Right.
As far as rankings on a site like DeFi Lama or something.
something like that. So the, I've raised this on Twitter a few times recently. And, you know,
it was raised before, but I think I, like my loudmouth style got more attention to it. The fact that
a single multi-sig controls the security of the entire network. And there's now, you know,
$10, $11 billion writing on it. For me, it's not the, it's not the scariest as far as anonym
and as far as a single key versus a multi-sig,
it's the scariest as far as the centralized risk of the,
like I said before,
the skill honor and integrity of the team,
the signers themselves,
and how they would stand up to a number of situations,
how they would stand up to regulatory scrutiny,
how they would,
you know,
where they're incorporated,
what kind of jurisdictions they're dealing in,
because now we've crossed the line
from just like the defense,
community sort of losing money in a hack or an exploit, we're crossing the line from there
into all of a sudden this is a massive honeypot for a regulator in another country that might
not be so crypto-friendly with, by the way, with Polygon being started in India, which as we know
already is not the most crypto-friendly country in the world, you have to, you'd be naive to not
start thinking about what potential outcomes could occur when you have five of eight
signers capable of basically compromising the security of the entire network.
So it's not just about hackers and, you know, computer sign, Infosec exploits.
It's also about modeling out the security dynamics, including attackers like state-level attackers,
as these systems get larger and larger and larger
and as nation states have like heterogeneous reactions to them
with some presumed to be like very antagonistic.
Absolutely. Yeah, I think the big mistake a lot of people make
is starting from the point of view of the defy user.
You know, I'm thinking, okay, as a user, what might happen to my money
when I deposit it here? You know, it might get stolen.
It might get frozen. It might get whatever.
But not enough people are thinking from the point of view of the actual real world centralization that's happening.
And in a case like this where you have an $11 billion blockchain, whose security relies on five of eight multi-signers acting in a way that you believe they're going to act under incredible potential pressure.
That's where to, when you start to think about that, you just take crypto out of it for a minute, right?
Let's just say there's eight people in Europe and Asia where I believe they're all based, but I'm not totally sure all the signers, that each holds a key to $11 billion.
If you can get five of those people together to use those keys, you can get access to significant funds.
How many, it's not, I could see a movie being written about it.
It's like, you know, that show Money Heist, but it's like, let's put together a strategy to, you know, and we've seen it with Bitcoin.
Obviously, people know there's real world situations you can find yourself in.
So you have to start thinking about that with these keys as well.
You know, this is real world stuff.
And regulation in India and China and places like that become a real, a real question.
Yeah.
You know, when you have that kind of real world implication of actually five people who could.
make a big, big modification to the protocol. So you actually wrote them a letter,
which was that the first one that you've written from the kind of Defy Watch letterhead?
Yeah, yeah, because typically I've tried to engage, whether it's, you know, in their chat or
message boards or just on Twitter. And what I found is, as time has gone by over the past year,
I would say is we've been in this kind of defy bull, right?
It transformed from a minute for the tech to, I just know, gains, gains, right?
It's all about getting the yield, yield farming and D-Gen stuff and like all that stuff.
And the majority of the conversation has really been focused on that.
And developers have taken advantage of that, right?
So any critique, any criticism of any project results in people who only want that token price to go up just completely shutting it down.
And so it's really, it's hurt the conversation.
So what I've been trying to do is find other ways to raise the questions.
You know, because I think that a big thing too is this conversation has only been happening in the defy community.
I really believe as kind of a Bitcoin first person that this is the kind of.
stuff that could have a tremendous impact on on bitcoin regulation too you know because it's a regulator
in india doesn't know the difference right so you know there's there's there's implications here that go
far beyond just ethereum so yeah i've tried to start to to to really think through these points
put them in almost like a inquiry letter type of format because i want people to see i don't just want
the developers to see it and shut it down i want everybody to
think about these things. You know, I'm not doing this necessarily to strengthen Polygon or to help
them fix it. I'm doing it because I want every user to be conscious of these things and to be
aware of what's going on as they get involved with it when they're making that decision whether
or not to use it, knowing the risk it's opposed to the whole space. So regarding your point
about Bitcoin is what are you saying that if enough people lose money through,
potential collapses of these D5 protocols that will just potentially bring down regulatory
ire which will hurt all crypto assets the entirety of the crypto space is that kind of the
idea yeah i don't think it can be ruled out we've seen kind of like you know small problems
come up and then they get fixed with a shotgun blast of regulation right so it's i don't think
it's unreasonable to think that certain governments or jurisdictions would lump everything together.
And, you know, obviously, Bitcoin's a lot less vulnerable to centralized attacks, right, than
defy. But why risk it? Like, if we can raise the issues now and we can self-police them,
then why shouldn't we? Yeah. We should try to get ahead of it before others try to jump in
and they end up hurting the whole space and scaring people off from it.
So I'm presuming that you got a mixture of reactions when you've raised these points to various D5 projects.
So I'm sure a lot of kind of scorn or just rejecting the idea that there is a problem.
I mean, have you also achieved positive results?
I mean, have some of these teams actually changed their best practices in response to sort of your critiques?
Yeah, I'd say it's been about 50-50.
So over the past couple years when I've raised issues, some projects have just completely ignored, shut down, mocked, ridiculed.
A number of those ended up getting exploited and hacked or, you know, experiencing a problem.
How do you feel when that happens when you warn about something and then the bad thing happens?
I feel, well, you know, there's, there's.
I look at defy users in two categories.
One is the user who just doesn't know any better and who doesn't have the information.
And those are the people who I try to speak to and I try to give them the info they need to avoid losing money.
The other half is that degenerate gambler that knows it's a huge crapshoot and who knows they could lose money.
And I do think that I'm getting through to the people that want to learn.
And I always get messages from people to say, oh, I pulled my money out before they exploit.
thank you, you know.
But it still sucks.
I hate to see it because there's always going to be people that get caught up,
good people that think they're doing something smart with their money,
for their family, whatever, and they're going to get caught up in it.
But it's never good.
It's never a good thing.
You know, so, and I don't take joy in it.
I definitely don't take joy in it.
It's just really, it's a sad thing to see people lose money.
And I think people that think it's ever great that something gets hacked or X-plied.
I just, people always forget about just the average Joe who, you know, lives in Indiana and
who learned about this yesterday.
He's like, oh, you know, maybe I can earn that 500%.
He just doesn't know any better.
And the next thing you know, he lost it all.
You know, so that's not cool, you know, so I never take joy in that.
So I, sorry, I interrupted you before you were saying about occasional or 50% positive
engagement.
What does that look like when you're successful?
Yeah.
So there's been some cases like one was with sushi swap.
I noticed that one of their,
they have a couple of multisigs that have different abilities.
They sort of like have like this division of power with their multi-sig system.
One of them was able to sort of make changes to itself that sort of immunized it from like, you know,
it gave it the power to give itself more power in a sense.
I forget exactly what.
It might have been a time lock or something like that that it could change or remove.
And I brought it up to the team.
And this is the way I usually start.
Like, I'll usually go into their chat, ask a couple questions, see if they're willing to engage.
When they're willing to engage, then let's engage.
Like, if they're willing to take the feedback and make a change quickly, then that's great.
That's the perfect outcome.
It's solved in a couple hours.
And with them, that's what happened.
You know, they saw the issue two.
They made the change.
You know, so there's been plenty of instances where it's resulted in.
in good stuff.
The problems start when they don't want to engage directly.
And as soon as you get those token holders involved, it's, you know, it's very, very difficult
to have any meaningful conversation because the messages, the narratives just get completely
lost in this sea of greed and nonsense, you know?
And defy is, and crypto at large, right, is, it's different from any other space in that regard,
where you have this sort of amorphous sea of voices that all they care about is making more money
and anything that gets in their way needs to be destroyed.
And overcoming that is very challenging.
You know this too.
It's like it's very challenging to keep a thoughtful point of view on this stuff
while also being loud enough that you can be heard over that mess.
You know, and in Defi, I think it's even worse than other crypto projects just because of that sort of Wild West Anarchy vibe, right?
So, yeah, like I said, it's about 50, 50, but the 50% that haven't been productive, a bunch of them got exploited.
And, you know, there's other ones that have not, and they're still chugging along, but they still have the same kind of risks.
and people just continue to participate.
Do you have a standard list of best practices or suggestions that you extend to DFI projects in terms of Q management?
I've been asked for that quite a bit.
And at the end of the day, I have a hard time doing that because I don't believe that a DFI project should have a key.
I don't believe that having a centralized point of control is a good.
good thing ever for this space because I think that the mere presence of that could evolve
either into a tokenized governance structure like we were discussing before where you still have
sort of like that decentralization theater where you still have that small group of people
who basically avoided the problem of having that key by distributing these tokens and maybe
they still have control through all these different waltz they have it either evolves into that or it
evolves into something, you know, where it could be easily regulated and turn into something
way worse than a traditional bank. You know, so I'm of the point of view that I'm not the person
who's here to try to help you figure out how to keep your admin keys safe. I'm here to tell
you that that defy with admin keys or with multi-sigs or in some cases with tokenized governance
will inevitably lead to something worse than traditional finance today.
And I believe that those situations, the natural course of events,
will leave us prone to more surveillance, less freedom.
You know, the digital dollar is coming.
And I could see a lot of the stuff that's being invented with Defi.
I could see a lot of it being co-opted by governments.
it definitely won't be decentralized at that point.
But the elements, you know, decentralization in a lot of cases with this stuff,
with Ethereum especially, is no longer, it's no longer about trustlessness or removing centralization.
It's about permissionlessness.
You know, and permissionlessness itself within a permissioned setting could be very, very dangerous in my regard.
You know, so I think that a lot of this stuff could lead to something way worse than what we
have now. And I don't see any way to fix that other than just to push more projects to sort of do
the Uniswap model. You mentioned Uniswap before. Uniswap is one of the very few DeFi projects
that does not have any admin key, was released in a fully immutable way, deployed, unstoppable code.
Yeah. Versions one, two, and three. Version four, I don't know. But it's the three that are out so
far have been completely trustless in that regard. Yeah, that one is definitely a model.
Something that strikes me is like having seen your work, you know, a lot of the early
investigations you did, you know, the way you summarize a lot of these projects is like it's
very unclear, they're not disclosing anything about their IAN miniki or multi-sig setup. And then
like over time, like the disclosure seems to get a little better. Aside from like going in
discords, how do you, like, do these investigations? Like, are you looking at ether scan, like,
look at the contracts themselves? Like, what are, like, your tools to, like, investigate,
you know, the trustlessness of these projects? So I mentioned I'm not a developer.
You know, I'm sort of like an amateur technologist in that regard. So I, my path has typically
been to, I've taught myself enough about how solidity works to be able to look at EtherScan
and look at the read contract tab and the right contract tab and look for specific clues.
And that's usually where I start. The hardest part is usually finding which smart contracts
you need to be concerned about. So what I try to do is I look for the ones that have the most value
or the most control over value,
they could be vaults or bridge contracts or,
you know,
there's like staking contracts.
There's a number of different points within these systems that are usually have something in common.
So they're not that hard to find.
But then trying to figure out if they have owners and if they have admin keys.
Yeah.
And from there,
it gets challenging because just because a defy project has an admin key doesn't mean it's like,
a god mode we like to say admin key it doesn't mean it can do anything some projects limit more the
powers and the abilities that those keys have so at that point it starts to get a little i do look at
all the functions on you know on a block explorer like ether scan but then i have to ask questions
and i have to ask the developers or other people that i know who can sort of dig deeper into this
than i can what can this thing do is it capable of
of draining all the funds, of changing all the code.
What I try to do, though, is I don't really care about every single thing it can do.
I try to find the worst thing it could possibly do.
Yeah.
Because the worst thing you could possibly do is usually pretty bad.
So if I ask the question, if this key was lost, stolen, whatever, could that person holding it drain every last dollar in the smart contract?
If I hear somebody
of the developer say, well, yeah, sure,
they could.
It's like that would never happen.
But yeah, obviously, like, that's all I need to hear.
Yeah.
I don't research if it's likely.
I research if it's possible.
And if it's possible, then everybody needs to know that it's possible.
Because what's possible is going to happen at some point.
You know, and again, it goes back to that Bitcoin point of view.
If it's, if it's possible today, even 0.1% possible that somebody could crack Bitcoin.
cryptocurrency and drain wallets, that would be a pretty big deal, right?
So it's just as big of a deal if there's a 0.1% that somebody could get their hands on a
defy admin key and drain the funds.
You know, that's how I look at it.
So that's typically how I research.
It's not super specific or in depth a lot of times because I don't think it needs to be.
I just want to inform users about what's possible.
And just that mere fact alone usually blows a lot of people's minds and causes them
the rethink the project that they're using.
So you seem to be moving more and more towards, you know, being pretty assertive here
and, you know, maybe laying the groundwork for a self-regulatory organization that will actually
help, you know, surface in a kind of structured way.
The risks here.
What's your pitch to, like, defy enthusiasts in terms of self-regulation as opposed to
you know, simply ignoring the problem, for instance.
I haven't really figured that out yet.
You know, it's, the biggest challenge here is, is getting projects on board.
You know, it's one thing to get users to understand the risks and to be concerned about them.
And over the past year, I think a lot more people have become aware and concerned as far as the users go.
And there are plenty of developers who message me and ask me for advice or how can we avoid these pitfalls.
That too.
But the biggest projects out there, once they're reaching a billion dollars locked in their project, by that point, they've got capital flooding in, they've got investors breathing down their neck.
They've got a token.
They've air dropped it.
They're now responsible for keeping a high valuation on.
and the concerns about centralization get lost because they don't care anymore.
They've already reached the point where they're now running a business,
and they've got to provide a return to their investors.
So that's the stage at which it's most important that projects care about this stuff,
but it's also the stage at which they're least likely to care about this stuff.
So the way I'm looking at it right now is I don't think there's,
any way to get like projects to agree to self-police in the way that we need to. I think that it
needs to come in the form of pressure from users and not just users of DeFi, but users of crypto in
general, you know, because there needs to be scrutiny applied. We need to get to a point where people
look at a project that has a multisig like Polygon, 5 of 8 multisig that secures the entire network
and just laughs and just laughs. Like this is absolutely
insane. Who would ever stand for this? We're not there shocking. It sounds like we should be there,
right? But we're not there. Mark Cuban just announced yesterday he's investing in Polygon.
Like there's a number of, you know, like big names that are coming in and like, you know,
they're supporting this kind of security. And a lot of them, you know, if we asked Mark Cuban today,
he would probably say, you know, they got to start somewhere. You know, they're going to
decentralize later. Blah, blah, blah. We've heard that before.
fast forward one year, two years, five years, they're still not decentralized.
They've been noticed by regulators.
Lots of things can happen in that time.
So again, we're not in the game of like what's likely.
We're in the game of what's possible that could happen and how could it jeopardize
crypto.
So conversely, you know, what would you say to a regulator that is, you know, smart and, you know,
trying to get smarter about defying these risks specifically?
I would say to focus in on the kind of points that I've been raising as far as what is the centralization risk look like.
You know, what is possible with these admin keys and multi-sigs?
Can theft occur?
Can exploits occur?
A lot of the smart contract exploits that we've seen, I believe, and there's no way to prove this, but I don't see how,
some of them could not have been done from the inside.
Yeah.
Because nobody knows the code of a smart contract better than the person that wrote it.
So one time out of 100 or 200 or 300, you have to think that there's been a sneaky developer.
It left a little bug in the code that later went back and said it was an outside.
So it's like there's all of these nuances that you have to look at.
From a regulation point of view, I honestly, I don't think that I don't see how regulation can
can from a government could work.
I just don't see it because you're going to drive everybody into anonymity very quickly.
And once they go anonymous, then how do you regulate anything at all?
You know, so it's the only way that we can help this space is by, like I just said,
like making projects that keep centralized points of risk and things like that,
completely laughable to educated users.
Users have to abandon them because they know they could lose money versus a project that doesn't have that centralized point of risk.
I see a huge challenge.
My biggest fear is that regulators try to do something, which has nasty side effects for crypto at large,
and is completely ineffectual for defy because you can launch these things anonymously and have all these different, you know, all over the world, people are doing that.
and it's not stopping users from participating with them.
So I would tell regulators, keep trying to get educated,
definitely understand the kinds of points I'm raising,
think about what those answers are that we're not getting from DFI projects,
and then think about how could we possibly fix them without educating users.
That's where I would start at least.
It's going to be challenging, though.
Well, Chris, you've undertaken on what appears to be a grueling
and largely thankless mission,
but I think an important one.
So this has been really fascinating.
Thanks for coming on.
Thanks, Dave.
Yeah, really enjoyed it.
Pleasure.
Pleasure.
Appreciate it.
