sam.frax

Ferry was fully built internally by us at Frax from the ground up to be uncompromisingly secure but extremely slow (by design). While some users loved the security, the 24H wait times made it uncompetitive to gain market share against CCTP & other faster solutions. It was the far end of the spectrum of fast+risky vs slow+secure. The current frxUSD mesh is the optimization of secure+very fast.

@samkazemian @0xLamps Yes, I’m just more interested in your case specifically because didn’t you have to maintain about the same effort with Ferry. So why move?

At Frax, we did all of these mitigations immediately & more at the very beginning before rolling out our frxUSD LZ mint-burn mesh. I'm surprised how many other projects didn't. We use our own libraries (no external entity can upgrade them, not even LZ), we run our own Frax DVN internally with veto privs but require external DVN unanimous consensus to transfer value, we've had 3/3 DVN policy since last year (increasing to 5/5 soon), & are currently working on even more advanced+secure hook logic compared to the simple rate limiter/circuit breakers projects are just starting to deploy. If you want to collaborate or need crosschain guidance, feel free to reach out to us to work on security together.

The modularity of it is its power but also its undoing if not set up properly. With this system you control: your own token contract, your own verification rules, your own fee/gas rates, your own libraries & node+RPC lookups. You can even decide to completely move away from LZ without migrating your token/holders by upgrading the token contract away from all LZ downstream dependencies without any technical blockers. Most other solutions lock a user in on at least 1 of the above areas to 'create a moat.' Of course if all these abilities overwhelm you so you just delegate them all to a single source & use 'standard config' then it's terrible. You should just lock yourself in with some other service that will think about those things for you, but in return not let you leave later should you want to.

@samkazemian @0xLamps Honest question: what’s the benefit of LZ when needing to maintain this lvl of infra?

@CurveCap @FirepanHQ Looking into it 👀

@samkazemian We haven’t seen Frax using @FirepanHQ

DeFi protocols really need private access to Mythos before Anthropic gets social engineered by North Korea posing as Microsoft or some US megacorp that needs access/"lost their access key."

Liquidity, integrations, monetary premium, lindy, brand, & legal agreements/exclusivity/licenses (where applicable such as RWAs) are the "AI resistant" components of onchain products. Those contribute the most to token/company valuation since they better predict the long term cash flows far out into the future compared to measuring present-day revenue.

you can’t vibe code usdc you can’t openclaw hyperliquid you can’t prompt engineer morpho network effects are the moat

@ImperiumPaper @fraxfinance We were far ahead of our time with the Frax Ferry. Fun fact: the reason we gave it a nautical theme was because we didn’t want to be just another “bridge.” We were a ferry, a new class of crosschain protocol. 🛥️

I’ve never understood why bridges have to always be fast. I get it for impatient retail or cross-chain arbitrage. But many tasks aren’t very time sensitive. Which is why I always had a soft spot for the (now-defunct?) @fraxfinance bridge. They called it Frax Ferry and gave the roles a nautical theme. The captain had admin roles, and a second set of actors called crew members had the power to temporarily pause to enforce a “stop, look, listen” process. Normally I dislike meme-y themes (like food names), but in this case I think the ferry analogy helped communicate to users how it worked. The Frax Ferry would have scheduled departure times between specific chains, and would take 24 hours to arrive. This gave ample time to catch shenanigans. And also meant there was low risk of infinite mint, since any compromise would have to be sustained undetected for the entire journey. I’m not sure if 24 hours is the right time period, but it’s hard to think that the Frax Ferry would have allowed DPRK to rekt Kelp. To the extent a need for fast bridging still exists, it does seem appropriate for someone (bridge, issuer, swap-bridge counterparty) to levy a fee to account for the increased risks. The model converged upon has been the asset issuers doing this for free - you’ll notice even on L2s, the standard bridges aren’t growing their escrows much as fast options proliferate. I think we can agree there needs to be a rethinking about how this risk is shared. That could be a fee, lower claims priority, or some TBD clever solution.

@cdixon World class big brain, philosopher, & OG of OGs! Congrats @eddylazzarin! 👏

@hosseeb People forget Satoshi was definitely a fan of new use cases of "block chain" (as he called it in those days) including DNS (what would later become Namecoin). There's ample evidence he would be liberal in various use cases & even advocate different chains: #msg28696" target="_blank" rel="nofollow noopener">bitcointalk.org/index.php?topi…

If Hal Finney were reanimated and someone told him how stablecoins worked, I don't think his reaction would be: "wait, you're telling me this non-KYC, instantly transferable, cryptographically custodied, P2P-accessible US dollar has... a freeze function? Oh. So we failed."

Yield or no yield. Pass CLARITY. Our Founder and CEO @samkazemian on why this is the capstone act that connects stablecoins and crypto to the broader financial system. The sooner it passes, the sooner crypto moves forward 👇

.@Strategy $STRC is already a $8.5B product. The next unlock is CLARITY. CLARITY can bring financial products like this onchain, connect them to stablecoins, and unlock global liquidity. @milesjennings of a16z and @samkazemian of Frax at @TheBitcoinConf 👇

This was one of the top panels at @TheBitcoinConf yesterday. Great to see two BA members, @milesjennings of @a16zcrypto and @samkazemian of @fraxfinance, join our good friends @SenLummis, @berniemoreno, and @patrickjwitt for a conversation on CLARITY, the Strategic #BTC Reserve, and building in America.

Are we getting more CLARITY? Don’t miss our founder & CEO @samkazemian on a pivotal panel at @TheBitcoinConf joined by Senators @berniemoreno and @SenLummis, and @patrickjwitt, moderated by @milesjennings, at a defining moment for digital asset legislation.

Major props to EF & @VitalikButerin for this. First time I've seen EF intervene in something that's objectively right but would have gone against their 'credible neutrality' ideology. More of this. Makes me proud to build @Frax in the Ethereum ecosystem & will continue to do so.

Sam Kazemian, Founder & CEO, @fraxfinance, returns to Stable Summit IV: NYC. One of the few remaining OGs, @samkazemian has built on the full spectrum of stablecoins, from 2020's FRAX to today's GENIUS-compliant frxUSD. Join us June 4, NYC · stablesummit.xyz

@bkiepuszewski @hasufl The issuer of an asset decides what’s their native liability, not outside observers. The issuer makes this social claim by publishing balance sheets, clearly labeling what their native asset is etc. It also shouldn’t matter what tech/code they use such as lockbox vs mint-burn.

So you think that, for example, USDS (DAI) holders should be suddenly exposed to LZ-related risks just because someone, few years later, decided to create USDS-OFT wrapper to bridge USDS to Solana ? (as seems to be the case as I have just learned). Should I exit all my USDS position now ? What is this USDS-OFT, btw, @hexonaut ? #writeContract" target="_blank" rel="nofollow noopener">etherscan.io/address/0x1e1d…

Few remarks and lessons after rsETH drama, from my personal PoV Users should know that there is a difference between rsETH on Ethereum and rsETH on L2s. Abstracting this info is nice for UI, but it leads to unacceptable risk management practices. Why should the rsETH holder on L1 be suddenly exposed to a bad DVN setup created because @KelpDAO decided to add the fifteenth chain and DVN, there is just an RPC call to your grandfather's server ? So, put it simply - issue assets on L1. By all means, bring them to L2s, but do not hide additional risks from users ! On the other hand, holding rsETH on Arbitrum suddenly feels different than holding rsETH on Ethereum. Arbitrum is a Stage1 Rollup, everybody should know what it means, in particular everybody should be aware that there is a Security Council there that may intervene Similarly, on Stage 0 Rollup without Security Council the team can intervene (for good and for bad - it is up to you whether you see it as an advantage or unacceptable risk factor). This info should be known to any user of such Rollup and it should be reflected in the risk assessment. We are open at @l2beat to work with any wallet provider, swap service etc... so that asset risks are uniformly communicated to users Finally, to those of you who think that a well-formed Security Council of a Stage 1 Rollup is just a MultiSig of people "possibly in one location" - you are idiots

The reason I said it’s a blurry line is because the issuer gets to say what their liability is. Not an outside observer. If an issuer makes a legal/economic claim that “this bridge is my bridge” it shouldn’t matter if the issuer outsources the verification to a service provider or literally verifies themselves in their own server. It’s still their liability & they’re on the hook for it uniformly. That’s the economic reality. For example, who knows what code CCTP runs inside Circle’s system, they could be using various service providers in a black box. But it doesn’t matter, it’s Circle’s liability no matter what.

@samkazemian @aave yes imo that’s ok because it doesn’t introduce any third party risk. this is exactly what WBTC does through layerzero, with BitGo being the 1/1 DVN, which is equivalent to what USDC does with CCTP

@donnoh_eth @aave Ok so if an issuer uses their own LZ DVN that runs on their servers as the final LZ message confirmation, that’s good right? That can be a simple rule Aave risk team adds to their canonical bridge definition.

@samkazemian @aave there’s no third party in USDC bridged via CCTP because USDC is issued by Circle and CCTP is validated by Circle. this is a *first* party validated bridge. no confusion. the line is not blurry at all.

@donnoh_eth @aave What’s the difference between “natively minted USDC with issuer managed CCTP bridge” vs “natively minted other asset also with its own issuer managed bridge?” The line is blurry & listing the former but not any of the latter isn’t really a serious option.