proofinprogress.com

Illuminating the Dark Forest

(Originially posted on /r/ethereum)

We've now been in the bull market for so long that I believe the reference frame for what many of us initially came to crypto for is starting to be forgotten.

Today, besides angry gas fee posts, what really seems to be popping is borderline-legal DAO meme projects that promise wildly seductive APY numbers ("7000% APY"), while the reality is that many of those projects are outright illegal and immoral Ponzi schemes with great web design though.

Seeing all those huge green numbers on a daily basis, it's easy to sometimes forget why we joined the space in the first place: to build better organizations and to update the internet!

As a case in point, OlympusDAO:

By visiting its website, it's almost hard to believe: but a project like the much-hyped OlympusDAO registered their domain just months ago, on 2021-03-27, and so I find it kind of difficult to understand if the project and its members have the required long-term commitment to make meaningful contributions to the space [5]. Especially because innovating in the space has historically only worked through grinding the bleeding edge for multiple years at a time. I don't doubt the integrity of the OlympusDAO's founders. But that's because I simply don't know them!

How do I know that meaningful contribution only comes through long-term commitment? I've been a founding member of ascribe.io and the Ocean Protocol, and they've been shipping for 6 years straight now to get to where they're today: on CMC #130 [2]! The classic ten years to an overnight success story.

But more simply put, the point I'm trying to make here is that the provenance mechanism we're so proud of in the NFT space has started to become broken in the web3 startup space!

Even for a seasoned developer, it's become harder and harder to understand what are good projects and who are those that are just in for the quick money or pulling the rug [3, 9].

The provenance of crypto startups has become unclear as, given regulatory pressure, many startup founders have chosen to launch anonymously. It's cool because it means that many traditionally discriminated people can now launch a project without facing unnecessary scrutiny or glass ceilings. It's bad because we have no reference point anymore for who's done good in the past and who's done bad. Today, how can we know? And as users, how can we protect ourselves and our investments?

At the same time, the security incidents plaguing smart contracts have become frequent pop-cultural events; We don't even take them seriously anymore. They've become entertainment as rekt.news existence proves [4]. It's as if we can't wait to hear about the latest hacked developers and the background story: But cloaked behind these seemingly unspectacular security incidents hides a much bigger crisis! It's that web3 has become a DARK and DANGEROUS place! In 2020, D. Robinson and G. Konstantopoulos write: "Ethereum is a dark forest." [1].

In the authors' own words, Ethereum's story has become "a horror story." It is about a dystopian, adversarial, and unlawful place where everyone just banks on the weakness of their peers for their personal profit. "An environment in which detection means certain death at the hands of advanced predators" [1].

Through those eyes that seem to see today's reality more clearly than our naive web2 goggles, all web3 products ought to be at first observed with caution. What are the true motivations that guide some DAO's masterminds? Are they here to change the world for the better? Or are they merely attempting an elaborate coup for their personal enrichment?

The problem in today's space is that WE CANNOT KNOW! The infrastructure for documenting and fighting scams simply isn't there. We're not capable of resolving disputes, but even worse: We're not even properly documenting what's happening. My biggest fear is that if the crypto space continues to fail to regulate itself: Inherently, we'll have to be regulated ... by you know whom!

The most we do t0day, is that we reside to document scams on, e.g., Reddit through "lists of rug pulls" [6]. I guess we're also trying to warn our peers in DMs, and for particularly bad cases, we sometimes speak up publicly.

But most attacks on all our hard-earned money aren't "security" incidents as it is, e.g., framed by rekt.news.

Sure, these events are disguised as broken contracts and flawed implementations: But the reality is that all those hackers causing them ended up taking the calculated risk of stealing money from users as coin mixing allows them to anonymously exit their profits, e.g., through tornado.cash [7].

So while it looks as though the situation is under control through ever-improving static analysis tools and more frequent security audits, the problem isn't directly about building flawless smart contracts but much more about the integrity of project founders! The web3 community has a safety crisis and flawed smart contract security is merely a side effect.

It's because the web3 space that prouds itself with its friendliness towards anonymous project founders has created a system so immune to proper provenance that it stops becoming humanly possible to do proper due diligence before committing funds. Even as a long-term member of the space, it's become tough knowing the wheat from the chaff!

A path out of the dark forest, or at least towards finding a guiding light that could illuminate it, lies, in my opinion, in improving the current provenance system through algorithmically-aided positive reinforcement and better documentation. We need to strengthen our capacity to do due diligence collectively.

To learn from our mistakes and the space's most flawed projects, I think it is up to all of us to make a change!

We have to start documenting shady behavior not only when it's too late. We should hold adversarial founders accountable not only after they've committed immoral action - but throughout their entire rise to fame.

Finally, we're now in a time where data can truly be available for extended periods of time and where we're capable of easily verifying its integrity. It's a chance for us to build better infrastructure for documenting what is happening, annotating documents, and exposing troublesome information.

Using on-chain data, we can now rate a project's health in real-time and potentially provide relative safety scores. Dispute resolution protocols like Kleros and others may potentially even allow us to resolve confliects within web3 - without ever having to surface into the world of atoms [8].

We have the tools to illuminate the dark forest and make it a safe place for everyone. But it's on us to work in making that change happen! To illuminate the dark forest.

References

  1. https://medium.com/(at)danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff/
  2. https://coinmarketcap.com/currencies/ocean-protocol/
  3. https://timdaub.github.io/2021/11/30/original-observations-about-todays-crypto-bull-market/
  4. https://rekt.news/
  5. https://who.is/whois/olympusdao.finance
  6. https://www.reddit.com/r/CryptoCurrency/comments/pztg86/an_extensive_list_of_rug_pulls_committed_by/
  7. https://tornado.cash/
  8. https://kleros.io/
  9. https://coinmarketcap.com/alexandria/glossary/rug-pull

published 2021-12-08 by timdaub