Unchained - The Chopping Block: Why Are We Still Building Layer 1s? - Ep. 487
Episode Date: April 29, 2023Welcome to “The Chopping Block” – where crypto insiders Haseeb Qureshi, Tom Schmidt, and Tarun Chitra chop it up about the latest news in digital assets. In this live episode from Consensus 202...3, they are joined by Avery Ching, chief architect of Aptos, to discuss the latest SEC enforcement actions, an embarrasing admission by audit firm Certik, and crypto’s impact on the coming election. Listen to the episode on Apple Podcasts, Spotify, Overcast, Podcast Addict, Pocket Casts, Stitcher, Castbox, Google Podcasts, TuneIn, Amazon Music, or on your favorite podcast platform. Show highlights: everyone's impressions of the conference why Korea has become a hub for crypto adoption why there's no benchmarking infrastructure to compare data across blockchains how Sui decided not to airdrop a token and what the implications for future airdrops are whether CertiK bears responsibility in the Merlin DEX rugpull whether the US elections have an effect on how the SEC is playing the case with Coinbase what impact AI will have on the crypto industry Hosts Haseeb Qureshi, managing partner at Dragonfly Tarun Chitra, managing partner at Robot Ventures Tom Schmidt, general partner at Dragonfly Guest Avery Ching, cofounder and CTO of Aptos Disclosures Links Unchained: Coinbase Seeks to Compel SEC Response to Rulemaking Petition Exploit or Rug Pull? $1.8 Million Drained From zkSync DEX Merlin Despite Audit SEC Sues Bittrex, Names Dash, Algorand and Other Tokens ‘Crypto Asset Securities’ CoinDesk: Sui Network to Issue Token Following Exchange Sale; Airdrop Hunters Dismayed Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Not a dividend. It's a tale of two pawn.
Now, your losses are on someone else's balance.
Generally speaking, air drops are kind of pointless anyways.
Unnamed trading firms who are very involved.
D5 protocols are the antidote to this problem.
Hello, everybody.
Welcome to the shopping block.
Every couple weeks, the four of us get together and give the industry insight of
perspective on the crypto topics of the day.
So first up, we'll do some intros.
First you got Tom, the D5 Maven, a master of meeps.
Next, we've got Tarun, the Gigabrain, and Grant Puba at Gunlet.
And today we've got a special guest, Avery, who is the chief architect of Aptos.
And then finally, you've got myself, I'm a sieve the head hype man at Dragonfly.
So we are early stage investors in crypto, but I want to caveat that nothing we say here is an investment advice, legal advice, or even life advice.
Please see Chopping Block that X, Y, Z for more disclosures.
So this is the first time that we are doing the chopping block with a live audience here in Consensus in Austin.
How are you guys finding consensus?
You learn a good time.
Austin, I will say the weather here has been significantly better than at East Denver.
What do you guys impression so far from Austin?
I forgot that there are so many layer ones in the world.
You know, like, I feel like I live in Eastland and like I just like don't.
I'm like, whoa, holy shit, where did all these layer ones come from?
Like some that I just like didn't realize still had huge communities.
Are you, are you firing a shot around gas here?
No, no, no, no.
I'm talking about like, I'm talking about like, I'm talking about like,
Cardano and Tron and stuff.
Like I just like had not realized there were so many, you know, like it's like a part of the
world that's like excised from my brain.
I had like a Cardano lobotomy or something.
Yeah.
There's something around like inverse correlation with like sponsorship size for like a bear
market.
Like if you look at like the like the top sponsors, it's like yeah, it's literally like Tron,
Hidera, someone else.
It's like what?
Yeah, you did actually in the last show.
There was some offhand comment you made about Cardano that I believe set the Cardano army on
you.
Tarun, do you want to describe, you know, like,
from the trenches, what was it like going through that experience as a Cardano veteran?
I got to say the Cardana Army is quite mid compared to the Link Army. The Link Army,
I'm afraid of angering. Cardana Army, whatever. Like, they're kind of weak, weak sauce nowadays.
Wow. Okay. That's bold.
Well, I'm waiting to see what to reply to that because now I'm happy to get one.
They love you. They love you. I've noticed. They're big fans.
Avery, tell us about the Aptos Army. By the way, it's pronounced.
aptos, but I really want to say
aptos, why don't you just pronounce
it the way that everyone wants to pronounce it?
It's a good question.
The way we came with the name aptos,
not aptos, is because
the way the technology was built
was in the Bay Area back at
Meta Facebook days, and
we wanted to definitely pay homage to the fact that
that's where a lot of the people
came from, and that's where a lot of work came from.
The other reason, of course, is because Aptos
is a great town about
an hour south of the Bay Area.
It's wonderful for beach town as well as surfing and other fun things.
And it actually is from an indigenous word, which kind of refers to the people.
And we thought that that was the best way to think about who we're building for and why we're doing what we're doing.
There's something around Layer 1 and California beaches.
Yeah, yeah.
I was about to say like Thalana is a beach, right, in Celtic, SoCal.
There's a lot of names derived from California towns in this community for sure.
Yeah, I'm just waiting for the Baker's Beach, Layer 1 to come along.
interesting okay so so aptos it's got a hard to pronounce name uh well not hard to pronounce but
you know unintuitively to pronounce um but uh you say you're inspired by the people of aptos the town
but i assume that's not where your users are uh we've heard that a lot of your users are in korea and
that's where aptos is getting a lot of traction talk to us about like what's going on in korea right now
because there's a lot of talk about u.s. regulation a lot of talk about hong kong but we don't talk
on the show very often about korea of course it's a big market for crypto talk to us
about that. Yeah, I think, you know, one thing we talked about offstage a little bit was, you know, Korea's
has been a market that's been very excited about this technology space. They're excited about, you know,
things like Luna, about, um, Clayton, blockchain as well. And I think from those early days,
people have been, you know, building and building many different projects. And especially gaming
has been one of those areas that's picked up a lot of steam inside of Korea, um, where we've
partnered with a bunch of different Korean companies, including, you know, NPixel, which is a
AAA gaming studio to build on top of aptos, but many others that have not been announced yet.
We had our hackathon recently earlier this year,
where I think more than 450 developers came through
and built some incredible projects.
And so what we've seen from that experience is this,
that the area is just one of the few places
where there's kind of first-willed builders
with top-rate developers that are moving the industry forward,
whereas places like the U.S. are actually not going as quickly.
And that's really exciting to us.
Nice.
So one of the things that Aptos is known for is the story about building a more performant blockchain.
And we've heard that story before.
Obviously, Solana in the last cycle was the predominant purveyor of the story is that we're building a new blockchain and the ground up, totally different stack, totally different architecture, and we're going to make it really fast and really perform it.
Tell us how you guys, by the way, by the way, I should caveat.
I forgot to mention this that Dragonfly is an investor into Aptos.
how do you guys think about performance in a world that's full of layer ones talking about how
performance they are? That's a great question. I think this debate is something we really want to
talk more about. I mean, when people talk about transactions per second, let's start off what the
transaction is. The way we define transaction is we talk about user transactions, not system transactions.
I'll start with that. System transactions, like, you know, we, for instance, in our network,
we also have a transaction that goes off periodically so that we can update the clock. That's something
that we count as a user transaction. Like, that's not something that users are
interacting with. Also, some, you know, transactions can be composed of one or more operations
of some, you know, very small transactions might do be very fast and very large transactions
or be very slow. So it's not a really good way to think about, like, you know, how much
transactions can this system do versus that system do, especially when you take into account
a lot of these nuances. So our plan is to really put out, you know, transparency in the market.
How do we create a definition, which is, again, for our point of view, a user-signed set
actions that occur in the network and then thinking about where databases have been in the past,
where TPC has done a phenomenal job in terms of understanding different kinds of use cases and
access patterns specific to workloads that are common to industry. And then evaluating
these in a reproducible environments that are going to be used to kind of compare what's
appropriate for your workloads and for your application specifically.
So basically, if I can summarize, benchmarking and crypto kind of sucks. Like, there basically
is no real benchmarking. It's like, let's ask the audience. I mean, like, do you guys feel like
there's a great way out there to tell how blockchains are compared to each other?
No.
I mean, the status quo today is that a blockchain will basically say, I built a new fast thing,
and then they will put out their own stats that says, I have 200,000 transactions per second,
and Solana only does 20 transactions per second under my blah, blah, blah,
and they generally don't publish code.
They don't only don't publish how they do this.
They don't run any benchmarks repeatedly, which is what real benchmarking companies do,
why do you guys think that we don't have like a benchmarking company or any benchmarking
infrastructure in crypto yet?
I think like theoretically it's actually impossible in the sense of like if I'm say a virtual
machine that is something where I execute fully functionally, then a single transaction corresponds
to a long execution trace versus say something where it's procedural where like I actually have
you have child transactions that are generated.
and so the input the input output mapping is the same but one of them creates a bunch of extra
transactions like a written and that tradeoff will kind of inevitably always exist for instance in
GPUs nvd and amd would always like make kind of weird benchmarks to compare their throughput they would
never just be like we do this many flops on blast which is like the basic linear algebra system like
the the main sort of library for testing this type of stuff they would instead say
something like, oh, well, our warped bandwidth is really good, or are we read particular parts of RAM
really fast. And I think there is actually this inevitability in something technically complex that
you have like this good hard slaw type of thing where people start inventing metrics to optimize
because their thing is optimized for it. And so then you just, you kind of can't. It's purposely
adversarial in that sense. But that's why you need independent benchmarking, right? Like if you have the
benchmarks invented by the company that's offering the product,
they're going to find some obscure, tiny little thing.
Who's going to do that?
That's the question I'm asking.
I don't know.
We're going to do it.
But you're not independent.
I think what we can do is at least start to put out what repeatable benchmarks look like,
what workloads look like.
And we can get input from the community and get other L1s and other application designers
to give us feedback.
So it might be curious to know, like, how fast do you mint a million NFTs?
if these NFTs are of certain type of complexity, or how fast can I transfer value from one customer
to another, and how a bunch of parallelism can I get out of that and extract from it?
So even if the environments are very different, and you can still value it on a per workload basis,
what is your throughput of that workload? And it may not be defined in transactions per second,
maybe it's in operations per second, whatever, but those kind of apples-apples application benchmarks
are something that we really feel passionate about.
Yeah, I mean, one thing I would add, though, is that all of these different blockchains have different
memory models. So like, for instance, Uniswap works great on global state access virtual machines
like EAT, but it's very hard in kind of software transactional memory things like move, or like it has a
huge, you know, huge worst case behavior. And so you somehow have to make sure that you're benchmarking
workloads under worst case behaviors, average case behaviors, and stuff in the middle. And that
whole suite is where I think people's marketing comes in. It's like some people have really high
deviation between the worst case benchmarks and average case benchmarks, and they basically report
the better of the two of them. And it's just like, I'm not, I'm not so sure you can get around
this type of stuff so transparently. I think that's where like TBC has done a pretty decent job,
right? Like, they've actually come up with a series of different benchmarks or in use cases.
And then if there are certain benchmarks, people are well on or poorly on, you can evaluate
it for yourself. And I think that would, that'll be wonderful if you had that kind of transparency
in this industry. I tend to agree with that. I think, look, if somebody does the heavy lifting of
making it easy for an unaffiliate organization to step in and say, aha, okay, here is a good
framework around independent benchmarking. Let's go in and do it. And then like once and for all
kill the concept of layer ones, like each inventing their own way of like, I'm the fastest
because I've been here's this super contorted reason why my blockchain can do more XYZ.
To be fair, though, like I said, in the history of computing and hardware, it's always that
XKCD comic of the meme of like, they're 15 standards. I'm going to make one standard that
unifies them all tomorrow. They're now 16 standards.
Right now there's zero standards for benchmark.
So I think, I think there's zero. I think there's like a hundred.
Like every person's not like it.
They're not like it.
Like he was nothing.
Right. Like people don't actually like care about flops anymore.
They care about like, you know, workbench scoring and like, you know,
workloads that are actually represented, people were using this for.
But for custom hardware people don't do that, right?
For GPUs in particular look more like blockchains in terms of the way people benchmark them.
And it's like, they've had this kind of like weird game where it's like you invent.
And you really do have this good hardslaw problem where like everyone just makes up a benchmark
that's easy to optimize for them.
Yeah, but when someone's reviewing a GPU, like it depends on the use case, obviously,
maybe for, you know, something like proof generation or whatever, it's a different story or machine
learning.
But like, you know, if using it for gaming and graphics, like it gets reported.
So one of the interesting caveats of this is that in sort of right around the time that people
started realizing that, oh, you could do fixed precision deep learning so you can use like
normal graphics cards and not get a ton of errors.
you know,
AMD was actually winning on all the, like,
gaming benchmarks, all the, like,
how, you know, video rendering benchmarks,
but they completely miss the fact that for some other applications,
like, Kuda and then sort of like the structure of the NVIDIA chip
was just, like, orders of magnitude better.
And, like, that's why AMD sort of lost the race in a lot of ways
was that they were, like, optimizing on the wrong benchmark for 10 years,
and then NVIDIA just, like, kick them in the face.
Well, it's very possible that we see that in Bluctions,
that like the blockchain that's best at uniswap,
which is, you know, sort of layer one or gen one blockchains is like,
okay, a lot of defy, a lot of these kinds of use cases.
Maybe in the next generation, it's gaming or it's some other thing
that has totally different access patterns.
And we'll have a different benchmark that replicates that.
So there's a full suite.
Let's have a full suite.
Hey, that's a great word, a full suite.
Okay, so moving away from Apptaz,
let's talk about your little brother suite.
So Apptaz's the suite, you guys have had some drama
over the years.
I know that you guys are,
you guys are not the best of friends.
Like siblings,
you know,
I feel like it's very normal
sibling rivalry.
So Sway has been under fire.
Sibling.
Step siblings?
No, the siblings.
Come on.
They're all their former coworkers.
You know,
we definitely talk quite a bit.
They love each other.
They love each other deep down.
So Sui,
they've been under fire lately
because they are not doing an air drop.
And that has caught,
they're doing like some weird sale thing
or I don't know what exactly they're doing.
They're doing like some,
some IEO type thing.
So that's what I, the best of my knowledge, I think.
Yeah, okay, whatever.
It's like pseudo-whitelist.
That's like the weird part.
It's like not anyone can enter the purchase.
Okay.
So that's where I'm confused.
That's where I got.
Sure.
Okay.
Let's not speculate about that because obviously we've, none of us on stage seem to know.
But the interesting thing is that Sway decided not to do anirdrop.
And this is kind of unique now.
This is kind of like, I feel like the story is actually not people are mad, like
whatever, people are always mad.
But the interesting thing is that Sway decided not to do an air drop.
And the current meta is that when you launch a layer one,
you always do anirdrop to the people who are playing around on your test net
or the people who are validating earlier,
or the people who are accomplishing certain tests.
So what do you guys think about this move from SWI?
First of all, why do you think they didn't do an air drop?
And second, what do you think it means about the way that we're going to think about
air drops for a little ones in the future?
Arbitrum's air drop seems like it could have been a liability
in the sense of all the drama we talked about a couple weeks ago.
I feel like that could scare people.
I could see that.
No, what does it have to do with an airdrop?
That's just like token distribution.
If you do it through an IEO, it's the same thing.
But the problem doesn't have to do some weird orchestration where the foundation gets paid somehow,
and you also do theirdrop.
And the ordering in which you do those, they're sort of like.
But if you sell it to retail on a foundation extractable value.
And like, unfortunately, that has to exist somewhere in the middle, right?
And that in of itself probably causes infinite legal problems.
Well, also, I mean, if you do it through an IEO, right, you can't wait a Coy see how
people who might be U.S. residents. And so you can sort of create some some liability buffer that
way, which is, I think, kind of the intent. But anything about like, what is the purpose of doing an
irdrop, right? One is like, maybe create some marketing and, you know, create some goodwill for the brand.
And then two is like, you know, distribute the token more broadly versus like just having it
with the team of the foundation or early investors. I don't know how, like, effective they are,
like doing either of those things. And I think what we've seen is just, okay, it's like this,
it's this arms race, right? Where people expect an air drop and the team has to go do civil,
you know, pruning to make sure that it's not going to,
and then people develop more sophisticated ways to do like simple attacks.
And so it's just like, what are we really doing here?
Is this actually effective at sort of the, either of the goals?
And so I don't know.
And maybe this will be sort of in the same way, you know,
doing air drops or doing liquidity mind and became the meta.
Maybe this will be a new meta.
There'll be a new way to sort of do distribution going forward.
It's clearly true that this is probably a reaction to the regulatory situation in the U.S.
recently the SEC filed a lawsuit against BitTrex I think it was where they said they claimed that
Al-Gurand was a security and I don't know that Al-Girang did anirdrop but I'm sure that they're
somehow drawing the line of like oh shit their ones are now more exposed than we thought they were
and so let's like be super careful about having any U.S. people own this thing by doing an IEO
and not doing an air drop I assume that's where it's coming from because nobody likes getting
trashed on Twitter, especially like the day that you're about to go to, you know, go to Maynett.
Avery, any take on the drama, your siblings?
I'll just say that, you know, we, I think when Aptus launch, the foundation wanted to do an
air job to really, you know, I agree their tradeoffs here in terms of doing civil defense
and things like that, but rewarding a lot of the community members who took the time to really
help understand what Aptus was, built, built projects, helped to run lots of nodes.
I think more than like 15,000 nodes were running.
not to have aptos, making one of the largest networks even before launched.
And just show that sign of appreciation and goodwill towards them,
retroactively, of course.
Okay.
So not going to say anything negative best week.
This is your chance.
Everybody's ready for you to say something.
I think one thing I just point on is that, you know,
when you talk about Al-Grand specifically,
I think one thing's called out in that particular document was the fact they did in an ICO.
And it's one of the factors that led to that decision.
And so generally I think that's a risk.
Yeah.
The only thing I want to say is all of the Gensler Al-Gurand
2018 video memes from the last two weeks were pretty hilarious.
The ones of him like praising Al-Gurand for not being secure.
Yeah, the moment that Gensler...
That was pretty hilarious.
He's gone on the offensive.
All of Twitter has basically trudged up everything he has ever said in a lecture
and has tried to use it against him.
To be honest, there's not that much stuff that's not bad.
He's like, Al-Gorand is very innovative.
you know, whatever. That doesn't mean it's not a security. And then there was something that
Brian Armstrong posted where Gensler said 70% of everything in crypto is a commodity, not a security.
And Brian Armstrong pays like, what? WTF? Like, what is this? Oh, my God. Like, he's,
equivocating. In reality, I read that actually if you read the context, he's talking about by
market cap because Bitcoin and ether is 70% of the market. So actually he didn't really say
what Brian O'Sachn I thought he was saying.
So anyway, people are mad at Gensler.
What's interesting about the Bitrex case
where they named Al-Gurand as a L-1
is that basically, you know,
if you look at the record of what the SEC has gone after
in terms of enforcement actions,
you know, in terms of big L-1s,
they've gone after EOS,
they've gone after Telegram,
and then, you know, they haven't actually gone after Al-Garand,
but they named Eos Telegram Rebel,
basically being like the Big L-1s,
that they've gone after. And then most everything else they go after is like some random weird
defy money market thing or some like basically borderline scam is most of the stuff that they end up
being enforcement actions do, which seems to imply, at least if you look at the pattern of behavior,
L-1s that are run by like reputable people seem to be mostly left alone, right? He has not gone after
the algorithms, the polka dots, the, you know, blah, blah, blah. It's like the kind of shady ones
that are not going to play well in court.
I think that's like mostly the action,
the strategy that he's taken.
So naming Algarand as a security
seems like very out of character.
I think it would surprise a lot of people.
Not because Algarand doesn't share a lot of features
with other things that he's named as securities,
if they did do an ICO and obviously, you know,
there's a team and blah, blah, blah.
But it is surprising that's something
that's like a Turing Award winner, MIT professor,
that's like not what the SEC goes after.
Did you guys have any thoughts on that?
Or Avery, what was your guys' reflections seeing them
after Alboran?
I think we were just very, again, pleased that we decided to do an air drop and no ICOs.
I think that was a big, important part for us when we thought about the way we distribute
tokens to the community.
I mean, ICOs are dead at this point anyway, so I don't think there was a real decision.
I mean, argue, like, again, token sales of any science is something that's risky.
Oh, I see, I see.
That's something we did not do.
So even like a coin list type sale, you guys wouldn't.
Okay, that makes sense.
Cool.
Okay.
Let's switch gears a little bit.
So one of the interesting pieces of news this week was a hack, which is, you know, every week there's obviously some hack that goes on.
But the interesting thing about this hack, so there was a protocol called Merlin Dex.
And it was hacked for $2 million.
It was some kind of rugpole, apparently.
People are now speculating it's a rubble, which happens, you know, there's always rugpoles.
But people started blaming Sertic.
So Sertic is this auditor, auditing firm.
They are kind of, the criticism against Sertic, they're a very big auditing firm.
They criticize as being kind of a, like a sweatshop for audits and that they like just spit out lots and lots of audits.
Very, very, they're like, they're very cheap and they do tons of them.
And there's a, there are a couple websites that have rankings of hacks by auditor and they're number one by an order of magnitude.
Are they adjusting for total number of audits though?
That's the, that's the question.
No, this is just like TVL.
Okay.
Yeah, yeah, yeah.
So, I mean, certainly, also they do a lot more audit.
So you have to adjust for that.
But anyway.
So Sertick,
people,
so, you know,
Merlin,
I think their audit was completed
the day before the rugpole happened.
And so people were like,
oh my God,
Sertic,
how could you sign off on this audit?
Which is a very interesting thing
to point the finger at,
right?
Because nobody was like,
Merlin, how dare you steal our money?
It was CERDIC,
how dare you certify
that this guy's passed your audit?
And so because it was a rugpole,
so like it was some admin key
that just like pulled down.
Yeah,
I think there was the egregiousness
of the full.
fly. At time of deployment, it already had like an infinite approval for the assets set on some
like random EOA. So it was like, like anybody reading this could easily see that was going to be
a rogue pole. It's like, did they just rubber stamp it or like it wasn't some esoteric bug?
Maybe they're using GPT4 to do something on it. Interesting. Okay, well, so what happened was that
people got really mad at Sertic. And then Sertig, very out of character, for some of have ever seen
this, Sertic announced that they were going to pull together a compensation plan.
to basically pay everybody back
who lost money in this $2 million hack.
So to be clear,
audits don't cost $2 million.
Audits cost a lot less,
especially from Sertick,
they cost a lot less than $2 million.
So this is a crazy precedent
for an auditing firm
to offer to pay people back
who use a protocol.
What do you guys think about this?
I mean, we do that, so.
Wait, you guys,
they buy insurance?
Yeah, yeah, but we cover,
we cut, like, you know,
if there is.
But that's an explicit thing,
That's not the case with an audit.
An audit doesn't give you insurance.
Yeah, but I'm pointing out that there are people who do actually.
Yes.
So if you agree to do that, then you should definitely pay it out.
He's, Sergei never agreed to do anything.
They're just responding to people getting mad at.
Well, to be fair, this is like the 50th hack from them in the year.
Like, at some point, the PR damage does force you into being an insurer.
This is also in the realm of like being feasible to repay, right?
It's like $2 million.
It's not $25 million.
Think of it as the cost.
of PR for them. Yeah, it's sort of like stores at breakage, you know, baked in. And this is, this is
breakage for an auditor, basically. I think it's fantastic. I mean, as though there's someone who
deals with auditing firms and it also helps to find help, helps pair auditing firms with our
ecosystem project specifically, it is amazing if they could guarantee any kind of payback for,
for damages done, and it gives them a lot of summer security. Because our goal is really,
how do you get applications from ideation into production as fast as possible? And audits are
such a big part of that. That would just, I think, increase confidence and have to go after
one, two, three, four auditors just to get that confidence in there.
I mean, so I understand like it's a nice to have, right?
If your auditor is actually also secretly ensuring your protocol, that's obviously
awesome.
But the reality is that if that becomes, so first of all, now we, everything we know about
crypto tells us that once it happens once, the next time everyone is going to be yelling
at them to do it again, right?
The next time that's going to get hacked by certic, it'll be like, you paid out this
one, why not that one?
Now I'm going to sue you because blah, blah, blah, whatever.
and so you have this
basically this like a bundling now
that it's going to be expected
that if the hack is small
that the auditor auditing firm is going to
so this is not yeah this is not actually the first
time this has happened so there was this
so in the oiler hack I forget the name of this
auditing firm but it's like it's a protocol
where people stake in order to perform the audit
do you I'm talking about
anyway they're the ones who audited the oiler hack
code and then basically they paid out
partially and they're actually I think fully drained right now the amount that they
put up for insurance but they but they they were on insurance yeah yeah yeah this
explicitly insurance but my point I'm saying it's I think it's very different I
think it's very different because look if you're if you're charging for insurance
premiums are gonna change right like because now I say look we had to pay out
turns out they again sometimes we have to pay this shit so they the insurance
premiums go up and they compensate for that if now when you get an audit they're
also basically underwriting the cost
of insurance, that means the price of audits goes up. Because now I have to look at the risk
of like, not only, okay, I give you this audit and then you go and like do stuff with it and fix
your damn code. It's also like, well, I'm taking on the risk of giving you this audit that your
community will get mad at me and demand that I pay you back for a hack. It just like breaks a lot of
stuff. Like audits are already really expensive, right? Bundling this stuff. I mean, I don't know,
Avery, when you guys pay for audits, right, just because I think a lot of people in the audience
don't really understand. They know that audits are important. How much do audits actually cost?
I mean, they can cost anywhere between, you know, depends on the complexity of the code.
I mean, the way auditors typically charge is, you know, they have a certain, you know, manna hours or people hours they put into the project, and then they're going to say, like, how much code do I remember viewing, you know, what am I looking for specifically?
So it really depends on the scope of your project. I mean, if you've got a simple twin line project, probably almost nothing.
If you've got, you know, tens of thousands of lines of code and it's very complex, it could be hundreds of thousands of dollars.
easily or more than that.
Can you give us ranges for like what you guys have paid and what you've seen
companies in the app testings?
Definitely out of our, you know, respect to our auditors, we will keep those confidential.
But like I said, anywhere between, you know, five to $100,000 could be very common for
audit.
Yeah.
I mean, I think, um, is Sherlock going you were thinking of?
Yeah.
Sherlock, that's a, I think there's room for like, in better incentive compatibility, right?
Like auditors are basically one of the few professions or goods or services, but there's basically
with no warranty, right? Like, if you hire a plumber and your pipes break the next day,
they'll come back and fix it. There's an implicit warranty or an explicit warranty. There's
nothing like that for auditors, but also, you know, for them, it could be an interesting new revenue
stream. If you're basically reselling somebody else's insurance and you're sort of offloading
the risk to like a reinsure, that seems very attractive, but you're right that they should
be like warehousing that risk to themselves. That's just like way too dangerous. Yeah, also like,
that also means that if somebody's underwriting a protocol, like let's say, let's say you pay me
$30,000 for this audit, which, okay, fine. You pay me $30,000.
I do $30,000 worth of work.
I now also have to know
how big is your protocol going to be?
Because if you're like a dinky little thing
that's never going to get a product
where I get fit, then like, okay, sure,
I'm fine underwriting that.
But if you're going to get like $100 million in TVL,
like shit, I can't pay that back.
Yeah.
So one thing I have seen in industry
is that what authors might do
without, again, under contract
is that they'll pay for the bug bounty
that could have been associated
with that particular bug that was found.
That seems way more reasonable to me, right?
Because that's like, again,
proportional to the fee
that you're paying them
well. Exactly. So I think like if, look, if there's like actually a warranty, there's
that if my, if my, um, uh, my audit doesn't catch something egregious, then I'll give you
the money back that you paid me for the audit, but like two million dollars for like a $20,000
audit. Obviously, I mean, again, this is an extraordinary circumstance. I don't know any
the details. But if this becomes a norm, it is going to make auditing insanely expensive.
But it also belies the fact that like what, what are audits really in?
crypto. They're kind of overloaded, right? We think of audits as like, okay, well, an audit is a way to
check whether you have, like, fundamental errors in your code, but it's also a, like, you know,
sort of S&P or, like, Moody's, like, stamp of this is a AAA contract, and you can trust this
contract. It's like investment-grade contract, right? And we kind of rely on auditors to do both.
We sort of don't acknowledge openly that that's what audits are for, but that is really what
they're for. Like, when people say, like, oh, it's an audited contract, they generally don't even
read the fucking audit.
They just say, oh, it's audited by trail of bits, right?
Like, great.
Nobody opens up the audit and actually reads through it.
There's like, oh, trail of bits, like, signed off on the thing.
Some people.
I read the audits.
Okay, all right, yeah, I read the clear.
I'm doing it's clear.
I'm saying the vast majority of users don't read the audits, right?
That all they do is they take that single bit of information.
I think after the last year, I definitely think people have started reading a lot more audits.
Like, professional people who are like, do you trading?
used to not read audits like professional trading firms in 2021,
Yolode only.
And after a lot of them got rug pulled,
they have started deciding to bother reading things or asking,
you know,
people who are paying attention.
I agree with that.
Although I think a lot of that has a function of velocity rather than them learning.
It's just that there's less,
there's less stuff to do these days,
so you have more time to read the audit.
Maybe.
Okay.
Well, all right.
Let's move on to our favorite topic,
which is regulation.
So you all know us as your favorite regulatory show.
So there was a lawsuit that was filed from Coinbase against the SEC.
So if you guys remember how the saga started, the SEC issued Coinbase a Wells notice,
basically saying that, hey, you're doing some illegal stuff.
I can tell you exactly what, but we think you're in violation of securities laws.
Point Base has very vigorously in the press and to the public argued that the SEC is being unfair,
they're not giving them clear guidance, and they intend to fight to the death.
so then Coinbase has sued now the SEC
preemptively to basically
enjoin the SEC to affirmatively make a rule
which the SEC has never made rules
like they basically, Gensar has argued repeatedly
that we don't need any rules we already have all the rules we need
the laws already cover crypto
he has basically said like look you guys need to
essentially make a rule about crypto
or decline to make a rule explicitly
and either way from what I've read
not being a lawyer and not knowing what the hell I'm talking about.
They've basically, the strategy is that they're going to compel the SEC to say no,
because obviously the SC is not going to make a rule on crypto.
They already said they don't want to.
They're going to compel the SEC to say no.
And then when the SEC says no, they're going to use that in court, say, look, the SEC is not making rules.
They're being jerks.
And hopefully they'll play well in front of a judge.
So I don't know if that is correct, but that is what I read.
Somebody else speculated who knows more about the legal than I do.
What do you guys think about the tussle right now between Coinbase and the
C.
Elections coming up, right?
I think there's going to be...
I think it's just going to get dragged out
like until like right
after the election.
Are you saying that it's politically unpopular for them to fight
this fight in public right now?
Yeah, it's sort of. It seems like that.
That's just my, you know,
not being in D.C.
D.C. take.
Okay, what do you speculate that the election is going to do
to all the actions that are against crypto?
Well, I think the thing is like
a lot of people are banking on the anti-crypto movement in their campaigns, right,
like between Elizabeth Warren and others.
There are other others?
I thought it was really just Elizabeth Warren.
I mean, I feel like there's a lot.
She has convinced people to nod politely when she talks about it, right?
Which before they're like, you know, we don't care.
Right.
So that's a step up, I guess.
But I guess my point is more like, I feel like Gendler's either going to try to like shove as
many homework assignments under the teacher's door right before the election or basically try to
like lay low until after depending on the outcome. So I don't know which strategy you take.
The super aggressive like just keep pummeling as many of these actions as possible.
And then be like, look, have such a good track record. Congress give me $2.5 billion or whatever he
requested and keep going or whether it's like do enough a high high.
profile things, but then, you know, like wait till the election and if there's more support
post-election, because right now it feels like it's like 50-50 on crypto stuff, as we saw in the
hearing of him, then kind of like pull out the bazooka if the election goes right.
It does seem like crypto, I don't know that like going anti-crypto is a great election strategy.
So I agree with you on that front is that, but the reality is people who don't like crypto,
like people who lost money in the last cycle especially.
They already sold all their crypto.
They don't own crypto anymore.
So like a year from now, they're not really going to care that much about crypto.
They care about inflation.
They care about, you know, crime or whatever.
Immigration, like these are the hot topic things that are going to be mainline issues
in the election.
If you're talking about crypto, the only people who care about crypto are people who own it.
And people own it, they want you to leave it alone.
So I think like if you're appealing in a general election, you know, independence like, you know,
what, 10, 15% of independence own crypto.
And so you're mostly going to want to, like, not mess with crypto because you're just
going to lose people.
And nobody's going to vote for you because you're anti-crypto.
It's just such a low, you know, valence issue for most people.
I think on the flip side, like, you know, Coinbase now is, or they have been.
And they came out with this like NFT support crypto thing this week.
They've really been trying to whip up like a grassroots movement around getting people to
support crypto.
And I think trying to sort of copy like the Uber or Airbnb play.
book from like the early 2010s, which was extremely actually effective in terms of like,
um, convincing local regulators and the markets that they operated in, you know,
they get Uber drivers, Uber users to, uh, apply political pressure.
We haven't really seen that be effective in crypto, right?
Like, despite the fact that arguably the user base is much, much larger than either
those apps, like there isn't really a grassroots pro, you know, very loud pro crypto movement.
And I don't really know why that is.
I mean, they're, they're trying, but it doesn't really seem like they're getting, um,
A very effective outcome.
These are people who are the biggest crypto users are people who are perpetually on the internet.
I don't think they're exactly like the graph roots.
I'm going to go like rally at like my local city hall type of people.
Even like, you know, even like a, you know, just say, send letters, call, call your representative.
Like call your representative.
A lot of liberty.
How many people who own crypto and bought in last year have made a phone call?
That's a good point.
maybe a telegram call or something like that.
That's what I think.
I think the generational gap piece is actually quite important in assessing.
Do you remember when, what was it?
It was like Nopa and SOPA, like the laws about like they were going to basically
even cause a lot more internet censorship.
And there was this big coordinated blackout by all the internet companies like Google and
Reddit and all the stuff.
And they like blacked out the homepage.
I was going to say like they should just like turn off all the blockchains one day as like
a protest.
Sorry.
Sorry, CEO of Ethereum.
Can you turn off the blockchain?
Just ask Battag.
Find Satoshi, you know?
Like, we can, I mean, App does, we can turn off, right?
So, yeah, Solana as well.
It's a lot of as well.
Sorry, I'm talking shit.
But yeah, I do agree with you that, like, it's as much as it's good to see Coinbase
trying to take this grassroots approach and get people energized by, hey, let's protect
crypto.
Let's fight for this.
It is hard because crypto, like, they are also.
like very individualistic self-agin.
I think the thing that will work the most is, is A, obviously, inflation, but then
B, um, the end of the petro dollar hegemony.
Like, it really does feel like, I think Chinese yuan transfers recently were like higher than
U.S.D transfers for like a week, which was like crazy.
You know, China for Chinese trades.
Yeah, yeah.
But it includes domestic, it included exports would because like, for instance, like France is
paying in yuan for natural gas.
They're not paying in dollars anymore.
Brazil, the same thing.
So, like, this, there's kind of this interesting thing going on also where the petro dollar
heteronomy does seem to be its weakest point ever.
Like, everyone in the Middle East doesn't seem to give a shit about the dollar anymore.
And I kind of think the anti-crypto equals anti-dollar movement is the one that will actually
win through the next election.
You heard it here first.
That seems a little, like, 200 IQ.
I don't know if that's going to, I don't know if that's going to quite.
penetrate the mainstream.
But I like where your mind's at.
That's interesting.
I think, you know, we're definitely excited for more clarity.
That's something we've, you know, I think the whole industry is looking for.
We, Aftos really recently joined the Blockchain Association.
And so we're actually hoping that the similar legal efforts and clarity will help us to,
again, build things the way that, you know, Biggler just want to see them being built.
Fair enough.
So looking forward into this next year, obviously it's been,
You guys, for Aptos, you guys have come into Maynad, you're seeing the light of day.
You get to be a grown-up L1 now with everyone yelling at you and being mad all the time.
What are you looking forward to over the next year, whether within the Aptos world or just like we're more broadly within crypto?
For Aptos, I think, well, I would say these are more broad of crypto themes, which is, I think we're all waiting to see like how we leverage, like, Web3 in crypto to be the best utility for customers.
we haven't seen those mainstream applications yet hidden to market.
When I ask people like, what are you excited about crypto?
It's like, oh, I liquid stake and I go to OpenC.
That's great.
I mean, those are all wonderful things, but they're not like, you know,
the way that internet applications have taken off with Netflix and with Amazon
and with Google and all those fun things that are out there.
And so, you know, we need a way to demonstrate that utility at scale.
And so solving those problems of user experience, system infrastructure,
and then working together and partnering and maybe even building some of those
applications that actually can reach scale kind of from our experience but building a meta,
I think is something that's really paramount, not just for us, but really for all of the industry
going forward. Actually speaking of meta, we were talking about this while we were outside.
So I was just on a panel talking about AI, like the intersection of AI and crypto. And I know
meta actually has been in the news recently for like their Metaverse stuff plus their AI stuff,
like get behind in a couple ways. But what do you guys think about? So we had a show recently with
Ilya from NIR talking about the intersection of crypto and AI. I came to
out of that conversation feeling quite skeptical that there are that many interesting applications
in the short term. When I say applications, I mean like investable crypto slash AI networks or tokens or
whatever. But you guys disagree with me. Give me your bull case. Give me the bull case for the
intersection of crypto and AI. Why there's going to be a ton of interesting stuff that happens there.
Oh, yeah. I think, you know, at first when I looked at, you know, I think people haven't talked about
crypto and AI for a long time, by the way, it's not something new. I think back then I did believe a lot of it was
more hype than the real. But more recently, I think, you know, with the rise of large language models
and other things, there many things that are possible. So first of all, building smart contracts,
we just talked about auditing, for example, that is a big process of getting from ideation into
production. The way that something like chat GPT can help you to guide you like, hey, chat chabed,
can you write me a simple contract for doing an exchange, like a simple swap or escrow service?
Those kind of things will help onboard tons of new developers in aerospace when we have
tens of thousands of developers in Web3, there are millions of delopers who work across all
like software stacks around the world. And so I think those kind of tools are going to be amazing
in terms of helping to onboard users, even sort of do things like, again, like with move, you have
this kind of cool thing around a move prover and formal verification. Help me write the formal verification
specs to ensure that, you know, resources are conserved even after these operations are held.
Like those kind of complicated operations that now improve our audibility of our code and
actually run every single time. I try to launch a new feature on the blockchain.
is going to help us to move faster in this space.
And so those are kind of a couple of examples
where AI and large language models
can help us to develop more quickly.
And actually assist in smart contract platforms
and help educate users how to build in this space more effectively.
And then I've had more time.
I know we're running out time.
So I'll just kind of jump in real quickly.
The other thing is blockchain has the ability
to kind of do some kind of decentralized learning,
which is really interesting.
So federate learning, for example,
where you kind of maintain privacy of user data,
being able to share the data in a way that can be accessible
for machine learning and for large-scale training
can be done using the blockchain.
And I think that's another interesting area
that we're particularly excited about,
given our background and kind of my background,
just to be clear, I've worked in data infrastructure
for a long time, worked on things like,
you know, Hadoop, MapReduce,
I've distributed scheduling, all those fun things.
And so I see that kind of intersection
being very interesting in terms of, you know,
to process data at a very, very large scale
in a way that kind of rewards the creators of that,
of that content as well.
I guess I have two main things.
Certainly, I think the decentralized training aspect,
you know, every cycle of crypto has had someone say that.
So 2015, it was like Golem, 2018, it was like DFINITY,
all the L-1s right now kind of sort of saying that.
But there are actually some quite interesting improvements in decentralized training
that aren't just strictly, you know, hey, whatever,
you post some state proof that like I did a single single.
the operation correct correctly. There's actually sort of like some mechanisms people have made for
fraud proofs where I can be running a GPU training part of a model. You can be running a GPU training
part of a model. And the person who's requesting it can send us particular tests of whether,
hey, are you just giving me random numbers? Are you actually like running the algorithm,
putting the data on? And those fraud proofs are actually super, super useful because there's actually
been a ton of fraud in terms of like training stuff where people just give you random numbers.
back instead of actually, you know, running stuff on your data. So there's that that part is,
is actually gotten way better. And that's all because of ZK people. That's not because of the
consensus stuff. The other side of the ZK coin is, uh, is algorithmic provenance. So how do you know
that something came from an algorithm or a human or an algorithm that has access to particular data?
And so the slight show is, I guess I've written some blog posts about this this week. So it's quite,
it's like on my mind. But there's a there's a natural question of like can you generate a
form of proof where a language model can prove to you that was trained on a particular data set.
Like oh, this language model was trained on the corpora of coin desk consensus transcripts.
And this other language model is just the default GPT4. Can can they interact with each other to
generate a proof to you that one knows that it was trained on this other particular type of data
and then generate something that looks like a ZKP that's posted publicly.
So the idea of having algorithmic prominence, I think, is actually one of the most important
things that people are really realizing is important because everyone here has read something
where like, oh, well, yeah, that's definitely from chat GPT.
But you've also probably read things where like, that sounds like it's almost human.
And being able to actually have a distinct line for that, that's verifiable, is going to be
very important in the next five years.
To be clear, I don't disagree with any of your points, but nothing that you said,
there. What you basically described is
advancements in cryptography
that have been
subsidized by a lot of stuff
happening in blockchains are going to have broader
use cases, especially with the intersection of machine learning.
Totally agreed.
I don't know that in principle any of that requires
you to post that on a blockchain. So the provenance
piece, I think, does need to be posted.
So publicly being able to verify
that a particular model gives a particular
output and that it was made by a model
not a human or it's made by a particular
registry is actually.
going to be quite important because especially as you talk about things where people have
fine-tuned datasets for, you know, my custom model does X better than yours. Being able to prove
that you own that is going to be very important because that's the IP of the future, right? The
IP is that. That's fair. That's fair. That's the argument of knowledge. Okay, that is a fair argument.
That is a fair argument. Okay, we're running up on time. So unfortunately, we have to wrap. Sorry for my rant.
No, no, no. That was a great. It was a great rant. That's a natural way to end a talk like this.
Thank you all for listening.
See you all next time.
Thank you, everyone.