sand

2K posts

sand banner
sand

sand

@sandmanarc

building something new | tried building @SmokeDotMoney | read my cross-chain thoughts on Substack

Future Katılım Ağustos 2022
1.1K Takip Edilen1K Takipçiler
Sabitlenmiş Tweet
sand
sand@sandmanarc·
Smoke is Shutting Down Yep. It’s been several months since I stopped working on Smoke. I thought I’d get back into it naturally if it pulled me back, but I don’t think I want to anymore. A few weeks ago the domain quietly expired, and that was proof enough. Time to take it behind the barn once and for all. What Happened?  I think this was the fate shared by many companies that were trying to solve the cross-chain problem. Many of them ran out of juice to continue solving this problem that became less pressing than other problems. The biggest lesson for me was that I got the timing wrong. I was late to the party and the pie didn’t get as big as we all predicted. I needed a lot of pieces to click into place for Smoke to work. Let me unpack this in a few sections. - Why did I start working on this problem? - What were the biggest hurdles? - And what made me finally pull the plug?  The Motivation to Start When I started working on this problem, innovative apps were still being built on the periphery. Although I wasn’t big on Blast, I thought it would succeed. I even took Fantasy Top as one of the main examples in my pitch. My belief was that we would see an explosion of chains with thousands of apps built on hundreds of chains. I believed that the scaling problem was the only bottleneck; since we had solved it via the modular architecture, we’d see all these apps being built on many different chains, and we needed something like @SmokeDotMoney to connect them in the best way possible. Smoke is still one of the best solutions to this problem, with a few caveats (Smoke required a change in user behaviour), but the problem isn’t the biggest one anymore. I thought we were right to build all these chains with custom execution, custom sequencing, custom consensus layers, etc. All of this was probably just marketing by the modular mafia. Maybe all the apps could fit into a single chain like Solana or Arbitrum because there aren't many apps anyway. Does that mean we’ll never see hundreds of chains? I don’t know. But right now it doesn’t seem like we have demand for hundreds of chains. Another reason I started working on this problem was probably that I was not brave enough to leave the cross-chain space I was an expert in. In hindsight, I shouldn’t have been so scared of switching fields, especially now that AI makes it so easy to learn so many new things in such a short period of time. It is a fast learner’s world right now. These were the reasons why I started working on the problem. But what are the challenges I faced? The Biggest Hurdles I’d say the biggest hurdle was the lack of conviction: should I really keep spending my valuable time on a problem that might become more relevant sometime in the future, something I’m not even certain about? It’s a good practice to work on problems that might become big, but I lacked the conviction that this one would. Other hurdles included the absence of a clear path to distribution. Smoke required a significant change in user behaviour, similar to how the resource-lock-based chain-abstraction solutions that were making noise last year. Account Abstraction companies struggled for similar reasons, adoption stalled because the product demanded too significant a change in user (and wallet) behaviour. Finally, there was a shortage of people willing to rally behind the idea. I continue to believe this design is the most effective way to solve the problem, but this isn’t a school competition where the academically perfect solution wins. It’s a market that only accepts the solution good enough to satisfy ease of use, timing, and incumbency advantages. The Nail in the Coffin What made everything so clear was Unichain reaching only $15 M in TVL months after launch. Enough to convince me that an MEV-focused rollup built by two highly reputable teams still couldn’t pull users or builders to a new chain. Uniswap was already there; people could deploy tokens and migrate existing apps from other EVM chains to take advantage of Rollup Boost, its advanced MEV-mitigation system. Yet no one seemed to care. Solana stole the spotlight. Most builders I could see, possibly just riding hype the way the modular mafia once hyped “hundreds of chains”, are now shipping on Solana. If Solana can scale to hundreds of apps, do we still need hundreds of chains? And do people still care about the decentralization and security Ethereum offers? It doesn’t look like it. The Ethereum Foundation now says it wants L1 to become a “gigagas” chain. What that means for L2s and other rollups is anyone’s guess. The one certainty is that nothing here is certain, should be expected from frontier tech like web3. That, perhaps, is where I was wrong too. We will still have a need for interop between major L1s like Ethereum, Solana, Hyperliquid, and a few L2s like Base, Arbitrum, etc. But I doubt we’ll see thousands of chains. That’s why I was building Smoke. To seamlessly connect hundreds of chains.  A lot of you found me when I was complaining about LayerZero and Hyperlane’s multisig setups for cross-chain security, maybe they were right. Maybe multisigs are enough. Nobody cares about security in the space. That’s not wrong, that’s just the reality.  What’s next for me?  I’m exploring another small project right now. Will keep you all updated. In the meantime, if you are working on something, I’d love to take look at it and learn more about why you’re solving that problem.  I really appreciate everyone who supported me during my Smoke arc. Thank you all for connecting me to people, giving me feedback, and keeping me motivated. You will be remembered and I owe all of you. Hit me up. Anytime.
English
11
2
47
4.4K
sand
sand@sandmanarc·
@andyyy Show me anything that you called out before the event. I’ll show mine:
sand@sandmanarc

Why is Everyone Quiet about the Cross-Chain Honey Pots? $10B+ at risk? This post will cover: 1. DVNs on @LayerZero_Fndn 2. ISMs on @hyperlane 3. OFTs & Warp Assets 4. Non-dormant addresses on @ether_fi and @renzoai multisigs "Decentralised Verifier Network" aka DVNs by LayerZero LayerZero Labs DVN: 2/3 multisig Nethermind DVN: 1/1 multisig Stargate DVN: 1/1 Google Cloud DVN: 2/3 Horizen DVN: 2/2 Source: You gotta go to Etherscan and call the signerSize and quorum functions. Here are the contracts: Link [1] (in the reply) Note: There is no guarantee that these multisigs are actually distributed and not maintained by a single person like in the case of Multichain. The name "DVN" itself is misleading. It certainly mislead me into trusting them more. A DVN is a modular validator entity inside LayerZero. That means, if you choose a single DVN set-up, your cross chain messages will be solely validated by this DVN. You can choose multiple DVNs or m out n DVNs to secure your setup. Most protocols (clients using LZ) have 2 DVN setups at max. I had to create this Dune dashboard myself to look into what's happening on-chain. For instance, Stargate has 2 DVNs. Stargate DVN and Nethermind DVN. Both are 1/1 multisigs. Securing, checks notes, $442.84m. Dune is doing a terrible job here, here's how the distribution of various configurations looks like. Look at the numbers that start tapering off as we go down the list. Dashboard link [2]. So, most protocols (clients using LZ) simply trust this one entity, LayerZero Labs, a 2/3 multisig. It's baffling to me that we're all fine with this and nobody is talking about it. We gotta push these teams towards more secure systems, rather push protocols that are using LayerZero to demand for more security. Let's look at Hyperlane, LayerZero's biggest competitor at the moment. First of all, thank God they call their default setup "Multisig ISM", ISM = "Interchain Security Module". They are at least honest about it. It is a multisig. Period. Hyperlane has setup their default ISM to be a distributed set of validators with different quorums for different chains. Each of these validators in this multisig setups are different entities, like various DVNs on LayerZero. Here's how their default setup looks like: Arbitrum: 3/5 multisig Base: 2/5 Blast: 2/3 BNB: 2/4 Ethereum: 3/7 Optimism: 2/5 (source: Link [3], note: they said this post prompted them to up their numbers, so this may have been updated) It is not very far off from the LayerZero DVN setups. But atleast you can be sure that 3-7 of these entites are actively validating in the system. It also seems better than using a single LayerZero Labs DVN setup. By the way, in a m/n multisig setup, if n is >> m, you are compromised if ANY of the m keys are compromised. In their BNB setup, 2/4, if any of the 2 validators out of 4 are compromised, you are compromised. If you compare these with Wormhole's default 13/19 setup, Wormhole looks a lot better. But I've heard it is upgradable. Do they need 13/19 signers to upgrade? I don't know. There are two main arguments by the GMPs (General Messaging Protocols, LZ & HL in this case) defending the lack of security of individual setups at the moment. 1. You can make it as secure as you want by adding as many DVNs/ISMs as possible. This is a marketplace and the market isn't choosing their security right. 2. You can upgrade to a more secure setup when they are available. Choosing your own security In fact, I'm writing about this after I had to choose my own setup for my protocol built on LayerZero. I had no idea what to choose. LayerZero does not provide any information on the current usage distribution of DVNs, nor do they advice you on a secure setup as they want to be agnostic. Layerzeroscan only provides data on the distribution of messages by different protocols using LZ. But that is not useful to me at all. They don't even tell us what DVNs these protocols are using. That's why I built my own Dune dashboard. Here are the most used DVNs across major EVM chains: Outside of the top 6 DVNs I mentioned at the top of this post, none of the DVNs are getting any volume. Why would a protocol choose to even trust DVNs other than the active ones? What guarantee is there that they are active and will be active in the future? What if you brick your system by choosing a dying DVN? If a DVN is not getting any volume, they would rather turn off their nodes as it costs to run a DVN. It's the same with complex DVNs or ISMs. If there is an ISM that is not being used, that means, it is not battle tested. If it is not securing any value, why would you trust it to secure your protocol? So the argument that these GMPs are agnostic marketplaces does not hold true at all. Someone has to help the crypto protocols choose the right setups. It is as if Amazon offered a default product for all of your searches and gave you a list of other options without product availability, reviews or even a description. In my experience, Hyperlane is more eager to engage their clients with education than LayerZero. It should be easier for more DVNs to start competing in the GMP marketplaces. In reality, there is no way for them to market themselves to the protocols using Hyperlane/LayerZero outside of shouting into the void on Twitter. Apparently the teams(LZ said so) are currently working on dashboards to showcase more data about individual DVNs/ISMs. Maybe this post pushed them to do so. The second main argument is that, protocols should use this trusted setup now, so that they can upgrade to a ZK bridge or a restaked security setup later down the line. The Upgradability of Your Setup First of all, I want to highlight that this is so far from the crypto ethos that got me into this space. Mutability, smh. Let's compare an ERC20 with an omnichain token. An ERC20 1. Has a fixed supply that nobody can change (most of em) 2. Exists on a blockchain where nobody, including the team itself, can mint extra ERC20s An OFT or A Warp Asset 1. Has a fixed supply in theory, but an unlimited number of tokens can be minted if the interop setup is compromised, unless there is a rate limit. 2. Has its interop setup managed by a multisig controlled by the token issuer (protocol). This multisig can change the rate limit as well (lol?). 3. Exists on multiple blockchains where if one of the chains is malicious, they might be able to mint as many tokens as possible, unless there is a rate limit, which can be changed. Let's look at team multisigs for a second. At least they are dormant addresses locked up in a basement, right? Right? @ether_fi is a protocol with $5.5B+ in TVL. Here is the multisig (Link[4]) securing their weETH OFT. 5 out of these 6 wallets have been active in the last 2 months. That means a higher likelihood of getting their private keys stolen.. For context, Ronin ($600m) and Harmony Bridge ($100m) hacks were due to comprises of multisigs. @renzoai is a protocol with $1.5B in TVL. And their ezETH is an xERC20. It is also secured by a 3/5 (multisig Link [5]). All 5 of these addresses have been active recently. And they all seem to be kinda interlinked. But I am not an expert on-chain sleuth to comment on that though. Will Ethena's USDe ever depeg? Perhaps not due to their stablecoin design, but rather because of their interop setup (LayerZero Labs DVN + Horizen DVN, basically a 4/5). At least 7 of their 9 multisig addresses are dormant. So, can we say a total of around $10B+ is at risk here? I am not blaming these GMPs. They are simply selling a setup. I am pushing the community to demand enough security from the protocols that are using these setups. Did we all forget that the bridge hacks have accounted for >50% of all funds we have lost? Now we are offering billions more on a platter to the hackers around the world. Kim Jong-Un is probably rubbing his hands right now. Native Bridges, Ignored, And Left for Dead It is easy to point out problems than to offer solutions. What is the best security for cross-chain messaging/tokens right now then? I would suggest studying wstETH by Lido. It uses native bridges to bridge and also to control the upgradable token setups on L2s. The upgradability is controlled by the Lido DAO on L1. Except the upgradability aspect of this, I have no issues with this setup. There is no way an unlimited amount of wstETH can be minted in this case. There will be solutions based on restaking in the future, hopefully they will offer a much better security than what we have today. Closing Thoughts I used to think very highly of LayerZero as a protocol. A protocol that is marketed x.com/mark_murdock3/… as a peer next to Bitcoin and Ethereum. Bitcoin, Ethereum, LayerZero. But I do not feel strongly about it anymore. I don't think it's even close. Bitcoiners chose the smaller blocks chain, Ethereans still care about the solo stakers, but the protocols using LayerZero are fine with one or two DVN setups. This is not a post targeted towards any of the GMPs/protocols mentioned here. I wanted to voice out my concern because I hold a lot more ETH than I hold ZRO (I do hold some ZRO, sandmanarc.eth). I have also integrated LayerZero into the protocol I am currently building. Although I am having second thoughts about it now. Let's demand better standards from our industry. - A humble community member, Sand

English
2
0
8
505
Andy
Andy@andyyy·
@sandmanarc Never had a commercial relationship with any parties mentioned, have always been objective and friendly, and this is a very fair post assessing the faulty setup that led to this exploit
English
1
0
8
1.3K
Andy
Andy@andyyy·
The future of DeFi is not single nodes or single signer setups. What we’re experiencing now is a lack of better security practices, which doesn’t matter 364 of 365 days of the year, until it does matter. A lot. In this particular incident, you have basic security mismanagement that has been confirmed by sources close to the matter: 1.) It was an official LayerZero DVN that was attacked with very poor security practices. 2.) Applying these practices to a 1/1 DVN under centralized internal control which was exploited. There was centralization risk on the amount of nodes (in this case, just one) and likely the way the DVNs were accessing the chain (through one or two RPCs). Kelp relied solely on the LayerZero DVN. This is extremely irresponsible from a team with $1.5B in user funds under management. Unacceptable. There are dozens more single DVNs out there that are still running with the same setup. For the 2/2 or 2/3 DVNs, its unknown how many of these are controlled by LZ themselves Security researchers who have done diligence onchain close to this matter suggest that LayerZero runs a lot of these DVNs themselves. The official LZ DVN is setup as a 2/3 but all ran internally. So in the KelpDAO exploit, you had a single entity attack vector: LZ themselves. There is a pattern of behavior that creates risk across all of the entire DeFi system, not just the LZ system. It’s all the tokenholders, issuers, and lending protocols that are now suffering from the design choices. We've seen it time and time again. These risks are completely unacceptable in bigger financial markets onchain and really sets us back in terms of adoption. It also sets us back entirely as an industry built on the "don't trust, verify" mentality. Misrepresentation of what your infrastructure is thus creating a massive web of risk around single node, single signer architectures across all of DeFi is a massive blow to what everyone is trying to achieve here. We can do better. People need to be more informed about the risks they are taking. We need to be more rigorous about what we're calling decentralized. Risk frameworks are coming to DeFi. Something has to change.
English
25
15
187
90.9K
sand retweetledi
avious
avious@0xAvious·
@banteg maybe they should have had more of their head in the sand x.com/sandmanarc/sta…
sand@sandmanarc

Why is Everyone Quiet about the Cross-Chain Honey Pots? $10B+ at risk? This post will cover: 1. DVNs on @LayerZero_Fndn 2. ISMs on @hyperlane 3. OFTs & Warp Assets 4. Non-dormant addresses on @ether_fi and @renzoai multisigs "Decentralised Verifier Network" aka DVNs by LayerZero LayerZero Labs DVN: 2/3 multisig Nethermind DVN: 1/1 multisig Stargate DVN: 1/1 Google Cloud DVN: 2/3 Horizen DVN: 2/2 Source: You gotta go to Etherscan and call the signerSize and quorum functions. Here are the contracts: Link [1] (in the reply) Note: There is no guarantee that these multisigs are actually distributed and not maintained by a single person like in the case of Multichain. The name "DVN" itself is misleading. It certainly mislead me into trusting them more. A DVN is a modular validator entity inside LayerZero. That means, if you choose a single DVN set-up, your cross chain messages will be solely validated by this DVN. You can choose multiple DVNs or m out n DVNs to secure your setup. Most protocols (clients using LZ) have 2 DVN setups at max. I had to create this Dune dashboard myself to look into what's happening on-chain. For instance, Stargate has 2 DVNs. Stargate DVN and Nethermind DVN. Both are 1/1 multisigs. Securing, checks notes, $442.84m. Dune is doing a terrible job here, here's how the distribution of various configurations looks like. Look at the numbers that start tapering off as we go down the list. Dashboard link [2]. So, most protocols (clients using LZ) simply trust this one entity, LayerZero Labs, a 2/3 multisig. It's baffling to me that we're all fine with this and nobody is talking about it. We gotta push these teams towards more secure systems, rather push protocols that are using LayerZero to demand for more security. Let's look at Hyperlane, LayerZero's biggest competitor at the moment. First of all, thank God they call their default setup "Multisig ISM", ISM = "Interchain Security Module". They are at least honest about it. It is a multisig. Period. Hyperlane has setup their default ISM to be a distributed set of validators with different quorums for different chains. Each of these validators in this multisig setups are different entities, like various DVNs on LayerZero. Here's how their default setup looks like: Arbitrum: 3/5 multisig Base: 2/5 Blast: 2/3 BNB: 2/4 Ethereum: 3/7 Optimism: 2/5 (source: Link [3], note: they said this post prompted them to up their numbers, so this may have been updated) It is not very far off from the LayerZero DVN setups. But atleast you can be sure that 3-7 of these entites are actively validating in the system. It also seems better than using a single LayerZero Labs DVN setup. By the way, in a m/n multisig setup, if n is >> m, you are compromised if ANY of the m keys are compromised. In their BNB setup, 2/4, if any of the 2 validators out of 4 are compromised, you are compromised. If you compare these with Wormhole's default 13/19 setup, Wormhole looks a lot better. But I've heard it is upgradable. Do they need 13/19 signers to upgrade? I don't know. There are two main arguments by the GMPs (General Messaging Protocols, LZ & HL in this case) defending the lack of security of individual setups at the moment. 1. You can make it as secure as you want by adding as many DVNs/ISMs as possible. This is a marketplace and the market isn't choosing their security right. 2. You can upgrade to a more secure setup when they are available. Choosing your own security In fact, I'm writing about this after I had to choose my own setup for my protocol built on LayerZero. I had no idea what to choose. LayerZero does not provide any information on the current usage distribution of DVNs, nor do they advice you on a secure setup as they want to be agnostic. Layerzeroscan only provides data on the distribution of messages by different protocols using LZ. But that is not useful to me at all. They don't even tell us what DVNs these protocols are using. That's why I built my own Dune dashboard. Here are the most used DVNs across major EVM chains: Outside of the top 6 DVNs I mentioned at the top of this post, none of the DVNs are getting any volume. Why would a protocol choose to even trust DVNs other than the active ones? What guarantee is there that they are active and will be active in the future? What if you brick your system by choosing a dying DVN? If a DVN is not getting any volume, they would rather turn off their nodes as it costs to run a DVN. It's the same with complex DVNs or ISMs. If there is an ISM that is not being used, that means, it is not battle tested. If it is not securing any value, why would you trust it to secure your protocol? So the argument that these GMPs are agnostic marketplaces does not hold true at all. Someone has to help the crypto protocols choose the right setups. It is as if Amazon offered a default product for all of your searches and gave you a list of other options without product availability, reviews or even a description. In my experience, Hyperlane is more eager to engage their clients with education than LayerZero. It should be easier for more DVNs to start competing in the GMP marketplaces. In reality, there is no way for them to market themselves to the protocols using Hyperlane/LayerZero outside of shouting into the void on Twitter. Apparently the teams(LZ said so) are currently working on dashboards to showcase more data about individual DVNs/ISMs. Maybe this post pushed them to do so. The second main argument is that, protocols should use this trusted setup now, so that they can upgrade to a ZK bridge or a restaked security setup later down the line. The Upgradability of Your Setup First of all, I want to highlight that this is so far from the crypto ethos that got me into this space. Mutability, smh. Let's compare an ERC20 with an omnichain token. An ERC20 1. Has a fixed supply that nobody can change (most of em) 2. Exists on a blockchain where nobody, including the team itself, can mint extra ERC20s An OFT or A Warp Asset 1. Has a fixed supply in theory, but an unlimited number of tokens can be minted if the interop setup is compromised, unless there is a rate limit. 2. Has its interop setup managed by a multisig controlled by the token issuer (protocol). This multisig can change the rate limit as well (lol?). 3. Exists on multiple blockchains where if one of the chains is malicious, they might be able to mint as many tokens as possible, unless there is a rate limit, which can be changed. Let's look at team multisigs for a second. At least they are dormant addresses locked up in a basement, right? Right? @ether_fi is a protocol with $5.5B+ in TVL. Here is the multisig (Link[4]) securing their weETH OFT. 5 out of these 6 wallets have been active in the last 2 months. That means a higher likelihood of getting their private keys stolen.. For context, Ronin ($600m) and Harmony Bridge ($100m) hacks were due to comprises of multisigs. @renzoai is a protocol with $1.5B in TVL. And their ezETH is an xERC20. It is also secured by a 3/5 (multisig Link [5]). All 5 of these addresses have been active recently. And they all seem to be kinda interlinked. But I am not an expert on-chain sleuth to comment on that though. Will Ethena's USDe ever depeg? Perhaps not due to their stablecoin design, but rather because of their interop setup (LayerZero Labs DVN + Horizen DVN, basically a 4/5). At least 7 of their 9 multisig addresses are dormant. So, can we say a total of around $10B+ is at risk here? I am not blaming these GMPs. They are simply selling a setup. I am pushing the community to demand enough security from the protocols that are using these setups. Did we all forget that the bridge hacks have accounted for >50% of all funds we have lost? Now we are offering billions more on a platter to the hackers around the world. Kim Jong-Un is probably rubbing his hands right now. Native Bridges, Ignored, And Left for Dead It is easy to point out problems than to offer solutions. What is the best security for cross-chain messaging/tokens right now then? I would suggest studying wstETH by Lido. It uses native bridges to bridge and also to control the upgradable token setups on L2s. The upgradability is controlled by the Lido DAO on L1. Except the upgradability aspect of this, I have no issues with this setup. There is no way an unlimited amount of wstETH can be minted in this case. There will be solutions based on restaking in the future, hopefully they will offer a much better security than what we have today. Closing Thoughts I used to think very highly of LayerZero as a protocol. A protocol that is marketed x.com/mark_murdock3/… as a peer next to Bitcoin and Ethereum. Bitcoin, Ethereum, LayerZero. But I do not feel strongly about it anymore. I don't think it's even close. Bitcoiners chose the smaller blocks chain, Ethereans still care about the solo stakers, but the protocols using LayerZero are fine with one or two DVN setups. This is not a post targeted towards any of the GMPs/protocols mentioned here. I wanted to voice out my concern because I hold a lot more ETH than I hold ZRO (I do hold some ZRO, sandmanarc.eth). I have also integrated LayerZero into the protocol I am currently building. Although I am having second thoughts about it now. Let's demand better standards from our industry. - A humble community member, Sand

English
0
1
3
575
sand
sand@sandmanarc·
@Pybast @CatfishFishy @EtherFi @ethena @USDT0_to @LayerZero_Core Because nobody is asking questions. Everyone is just staying quiet because everyone is in on it 🥲
sand@sandmanarc

Why is Everyone Quiet about the Cross-Chain Honey Pots? $10B+ at risk? This post will cover: 1. DVNs on @LayerZero_Fndn 2. ISMs on @hyperlane 3. OFTs & Warp Assets 4. Non-dormant addresses on @ether_fi and @renzoai multisigs "Decentralised Verifier Network" aka DVNs by LayerZero LayerZero Labs DVN: 2/3 multisig Nethermind DVN: 1/1 multisig Stargate DVN: 1/1 Google Cloud DVN: 2/3 Horizen DVN: 2/2 Source: You gotta go to Etherscan and call the signerSize and quorum functions. Here are the contracts: Link [1] (in the reply) Note: There is no guarantee that these multisigs are actually distributed and not maintained by a single person like in the case of Multichain. The name "DVN" itself is misleading. It certainly mislead me into trusting them more. A DVN is a modular validator entity inside LayerZero. That means, if you choose a single DVN set-up, your cross chain messages will be solely validated by this DVN. You can choose multiple DVNs or m out n DVNs to secure your setup. Most protocols (clients using LZ) have 2 DVN setups at max. I had to create this Dune dashboard myself to look into what's happening on-chain. For instance, Stargate has 2 DVNs. Stargate DVN and Nethermind DVN. Both are 1/1 multisigs. Securing, checks notes, $442.84m. Dune is doing a terrible job here, here's how the distribution of various configurations looks like. Look at the numbers that start tapering off as we go down the list. Dashboard link [2]. So, most protocols (clients using LZ) simply trust this one entity, LayerZero Labs, a 2/3 multisig. It's baffling to me that we're all fine with this and nobody is talking about it. We gotta push these teams towards more secure systems, rather push protocols that are using LayerZero to demand for more security. Let's look at Hyperlane, LayerZero's biggest competitor at the moment. First of all, thank God they call their default setup "Multisig ISM", ISM = "Interchain Security Module". They are at least honest about it. It is a multisig. Period. Hyperlane has setup their default ISM to be a distributed set of validators with different quorums for different chains. Each of these validators in this multisig setups are different entities, like various DVNs on LayerZero. Here's how their default setup looks like: Arbitrum: 3/5 multisig Base: 2/5 Blast: 2/3 BNB: 2/4 Ethereum: 3/7 Optimism: 2/5 (source: Link [3], note: they said this post prompted them to up their numbers, so this may have been updated) It is not very far off from the LayerZero DVN setups. But atleast you can be sure that 3-7 of these entites are actively validating in the system. It also seems better than using a single LayerZero Labs DVN setup. By the way, in a m/n multisig setup, if n is >> m, you are compromised if ANY of the m keys are compromised. In their BNB setup, 2/4, if any of the 2 validators out of 4 are compromised, you are compromised. If you compare these with Wormhole's default 13/19 setup, Wormhole looks a lot better. But I've heard it is upgradable. Do they need 13/19 signers to upgrade? I don't know. There are two main arguments by the GMPs (General Messaging Protocols, LZ & HL in this case) defending the lack of security of individual setups at the moment. 1. You can make it as secure as you want by adding as many DVNs/ISMs as possible. This is a marketplace and the market isn't choosing their security right. 2. You can upgrade to a more secure setup when they are available. Choosing your own security In fact, I'm writing about this after I had to choose my own setup for my protocol built on LayerZero. I had no idea what to choose. LayerZero does not provide any information on the current usage distribution of DVNs, nor do they advice you on a secure setup as they want to be agnostic. Layerzeroscan only provides data on the distribution of messages by different protocols using LZ. But that is not useful to me at all. They don't even tell us what DVNs these protocols are using. That's why I built my own Dune dashboard. Here are the most used DVNs across major EVM chains: Outside of the top 6 DVNs I mentioned at the top of this post, none of the DVNs are getting any volume. Why would a protocol choose to even trust DVNs other than the active ones? What guarantee is there that they are active and will be active in the future? What if you brick your system by choosing a dying DVN? If a DVN is not getting any volume, they would rather turn off their nodes as it costs to run a DVN. It's the same with complex DVNs or ISMs. If there is an ISM that is not being used, that means, it is not battle tested. If it is not securing any value, why would you trust it to secure your protocol? So the argument that these GMPs are agnostic marketplaces does not hold true at all. Someone has to help the crypto protocols choose the right setups. It is as if Amazon offered a default product for all of your searches and gave you a list of other options without product availability, reviews or even a description. In my experience, Hyperlane is more eager to engage their clients with education than LayerZero. It should be easier for more DVNs to start competing in the GMP marketplaces. In reality, there is no way for them to market themselves to the protocols using Hyperlane/LayerZero outside of shouting into the void on Twitter. Apparently the teams(LZ said so) are currently working on dashboards to showcase more data about individual DVNs/ISMs. Maybe this post pushed them to do so. The second main argument is that, protocols should use this trusted setup now, so that they can upgrade to a ZK bridge or a restaked security setup later down the line. The Upgradability of Your Setup First of all, I want to highlight that this is so far from the crypto ethos that got me into this space. Mutability, smh. Let's compare an ERC20 with an omnichain token. An ERC20 1. Has a fixed supply that nobody can change (most of em) 2. Exists on a blockchain where nobody, including the team itself, can mint extra ERC20s An OFT or A Warp Asset 1. Has a fixed supply in theory, but an unlimited number of tokens can be minted if the interop setup is compromised, unless there is a rate limit. 2. Has its interop setup managed by a multisig controlled by the token issuer (protocol). This multisig can change the rate limit as well (lol?). 3. Exists on multiple blockchains where if one of the chains is malicious, they might be able to mint as many tokens as possible, unless there is a rate limit, which can be changed. Let's look at team multisigs for a second. At least they are dormant addresses locked up in a basement, right? Right? @ether_fi is a protocol with $5.5B+ in TVL. Here is the multisig (Link[4]) securing their weETH OFT. 5 out of these 6 wallets have been active in the last 2 months. That means a higher likelihood of getting their private keys stolen.. For context, Ronin ($600m) and Harmony Bridge ($100m) hacks were due to comprises of multisigs. @renzoai is a protocol with $1.5B in TVL. And their ezETH is an xERC20. It is also secured by a 3/5 (multisig Link [5]). All 5 of these addresses have been active recently. And they all seem to be kinda interlinked. But I am not an expert on-chain sleuth to comment on that though. Will Ethena's USDe ever depeg? Perhaps not due to their stablecoin design, but rather because of their interop setup (LayerZero Labs DVN + Horizen DVN, basically a 4/5). At least 7 of their 9 multisig addresses are dormant. So, can we say a total of around $10B+ is at risk here? I am not blaming these GMPs. They are simply selling a setup. I am pushing the community to demand enough security from the protocols that are using these setups. Did we all forget that the bridge hacks have accounted for >50% of all funds we have lost? Now we are offering billions more on a platter to the hackers around the world. Kim Jong-Un is probably rubbing his hands right now. Native Bridges, Ignored, And Left for Dead It is easy to point out problems than to offer solutions. What is the best security for cross-chain messaging/tokens right now then? I would suggest studying wstETH by Lido. It uses native bridges to bridge and also to control the upgradable token setups on L2s. The upgradability is controlled by the Lido DAO on L1. Except the upgradability aspect of this, I have no issues with this setup. There is no way an unlimited amount of wstETH can be minted in this case. There will be solutions based on restaking in the future, hopefully they will offer a much better security than what we have today. Closing Thoughts I used to think very highly of LayerZero as a protocol. A protocol that is marketed x.com/mark_murdock3/… as a peer next to Bitcoin and Ethereum. Bitcoin, Ethereum, LayerZero. But I do not feel strongly about it anymore. I don't think it's even close. Bitcoiners chose the smaller blocks chain, Ethereans still care about the solo stakers, but the protocols using LayerZero are fine with one or two DVN setups. This is not a post targeted towards any of the GMPs/protocols mentioned here. I wanted to voice out my concern because I hold a lot more ETH than I hold ZRO (I do hold some ZRO, sandmanarc.eth). I have also integrated LayerZero into the protocol I am currently building. Although I am having second thoughts about it now. Let's demand better standards from our industry. - A humble community member, Sand

English
0
0
0
45
Pybast
Pybast@Pybast·
@CatfishFishy @EtherFi @ethena @USDT0_to @LayerZero_Core Not sure what "and anything goes for security" mean here? A security floor != recommendation. For 2, My question: how did aave and DeFi in general allow interoperating rsETH at such a scale given this poor configuration? Your answer: LZ's own DVN was exploited.
English
2
1
7
571
Pybast
Pybast@Pybast·
Checked some other popular OFTs (LayerZero based crosschain tokens) @EtherFi requires 2 DVNs confirmation @ethena requires 3 DVNs confirmation @USDT0_to requires 2 DVNs confirmation Even ZRO from @LayerZero_Core themselves requires 2 DVNs before executing a transfer. Two questions will need answers: (1) how and why did Kelp oversee this critical configuration? (2) how did @aave and DeFi in general allow interoperating rsETH at such a scale given this poor configuration?
Pybast tweet media
English
45
49
613
64.5K
sand
sand@sandmanarc·
@Pybast @EtherFi @ethena @USDT0_to @LayerZero_Core Called this out long ago. Time flies.
sand@sandmanarc

Why is Everyone Quiet about the Cross-Chain Honey Pots? $10B+ at risk? This post will cover: 1. DVNs on @LayerZero_Fndn 2. ISMs on @hyperlane 3. OFTs & Warp Assets 4. Non-dormant addresses on @ether_fi and @renzoai multisigs "Decentralised Verifier Network" aka DVNs by LayerZero LayerZero Labs DVN: 2/3 multisig Nethermind DVN: 1/1 multisig Stargate DVN: 1/1 Google Cloud DVN: 2/3 Horizen DVN: 2/2 Source: You gotta go to Etherscan and call the signerSize and quorum functions. Here are the contracts: Link [1] (in the reply) Note: There is no guarantee that these multisigs are actually distributed and not maintained by a single person like in the case of Multichain. The name "DVN" itself is misleading. It certainly mislead me into trusting them more. A DVN is a modular validator entity inside LayerZero. That means, if you choose a single DVN set-up, your cross chain messages will be solely validated by this DVN. You can choose multiple DVNs or m out n DVNs to secure your setup. Most protocols (clients using LZ) have 2 DVN setups at max. I had to create this Dune dashboard myself to look into what's happening on-chain. For instance, Stargate has 2 DVNs. Stargate DVN and Nethermind DVN. Both are 1/1 multisigs. Securing, checks notes, $442.84m. Dune is doing a terrible job here, here's how the distribution of various configurations looks like. Look at the numbers that start tapering off as we go down the list. Dashboard link [2]. So, most protocols (clients using LZ) simply trust this one entity, LayerZero Labs, a 2/3 multisig. It's baffling to me that we're all fine with this and nobody is talking about it. We gotta push these teams towards more secure systems, rather push protocols that are using LayerZero to demand for more security. Let's look at Hyperlane, LayerZero's biggest competitor at the moment. First of all, thank God they call their default setup "Multisig ISM", ISM = "Interchain Security Module". They are at least honest about it. It is a multisig. Period. Hyperlane has setup their default ISM to be a distributed set of validators with different quorums for different chains. Each of these validators in this multisig setups are different entities, like various DVNs on LayerZero. Here's how their default setup looks like: Arbitrum: 3/5 multisig Base: 2/5 Blast: 2/3 BNB: 2/4 Ethereum: 3/7 Optimism: 2/5 (source: Link [3], note: they said this post prompted them to up their numbers, so this may have been updated) It is not very far off from the LayerZero DVN setups. But atleast you can be sure that 3-7 of these entites are actively validating in the system. It also seems better than using a single LayerZero Labs DVN setup. By the way, in a m/n multisig setup, if n is >> m, you are compromised if ANY of the m keys are compromised. In their BNB setup, 2/4, if any of the 2 validators out of 4 are compromised, you are compromised. If you compare these with Wormhole's default 13/19 setup, Wormhole looks a lot better. But I've heard it is upgradable. Do they need 13/19 signers to upgrade? I don't know. There are two main arguments by the GMPs (General Messaging Protocols, LZ & HL in this case) defending the lack of security of individual setups at the moment. 1. You can make it as secure as you want by adding as many DVNs/ISMs as possible. This is a marketplace and the market isn't choosing their security right. 2. You can upgrade to a more secure setup when they are available. Choosing your own security In fact, I'm writing about this after I had to choose my own setup for my protocol built on LayerZero. I had no idea what to choose. LayerZero does not provide any information on the current usage distribution of DVNs, nor do they advice you on a secure setup as they want to be agnostic. Layerzeroscan only provides data on the distribution of messages by different protocols using LZ. But that is not useful to me at all. They don't even tell us what DVNs these protocols are using. That's why I built my own Dune dashboard. Here are the most used DVNs across major EVM chains: Outside of the top 6 DVNs I mentioned at the top of this post, none of the DVNs are getting any volume. Why would a protocol choose to even trust DVNs other than the active ones? What guarantee is there that they are active and will be active in the future? What if you brick your system by choosing a dying DVN? If a DVN is not getting any volume, they would rather turn off their nodes as it costs to run a DVN. It's the same with complex DVNs or ISMs. If there is an ISM that is not being used, that means, it is not battle tested. If it is not securing any value, why would you trust it to secure your protocol? So the argument that these GMPs are agnostic marketplaces does not hold true at all. Someone has to help the crypto protocols choose the right setups. It is as if Amazon offered a default product for all of your searches and gave you a list of other options without product availability, reviews or even a description. In my experience, Hyperlane is more eager to engage their clients with education than LayerZero. It should be easier for more DVNs to start competing in the GMP marketplaces. In reality, there is no way for them to market themselves to the protocols using Hyperlane/LayerZero outside of shouting into the void on Twitter. Apparently the teams(LZ said so) are currently working on dashboards to showcase more data about individual DVNs/ISMs. Maybe this post pushed them to do so. The second main argument is that, protocols should use this trusted setup now, so that they can upgrade to a ZK bridge or a restaked security setup later down the line. The Upgradability of Your Setup First of all, I want to highlight that this is so far from the crypto ethos that got me into this space. Mutability, smh. Let's compare an ERC20 with an omnichain token. An ERC20 1. Has a fixed supply that nobody can change (most of em) 2. Exists on a blockchain where nobody, including the team itself, can mint extra ERC20s An OFT or A Warp Asset 1. Has a fixed supply in theory, but an unlimited number of tokens can be minted if the interop setup is compromised, unless there is a rate limit. 2. Has its interop setup managed by a multisig controlled by the token issuer (protocol). This multisig can change the rate limit as well (lol?). 3. Exists on multiple blockchains where if one of the chains is malicious, they might be able to mint as many tokens as possible, unless there is a rate limit, which can be changed. Let's look at team multisigs for a second. At least they are dormant addresses locked up in a basement, right? Right? @ether_fi is a protocol with $5.5B+ in TVL. Here is the multisig (Link[4]) securing their weETH OFT. 5 out of these 6 wallets have been active in the last 2 months. That means a higher likelihood of getting their private keys stolen.. For context, Ronin ($600m) and Harmony Bridge ($100m) hacks were due to comprises of multisigs. @renzoai is a protocol with $1.5B in TVL. And their ezETH is an xERC20. It is also secured by a 3/5 (multisig Link [5]). All 5 of these addresses have been active recently. And they all seem to be kinda interlinked. But I am not an expert on-chain sleuth to comment on that though. Will Ethena's USDe ever depeg? Perhaps not due to their stablecoin design, but rather because of their interop setup (LayerZero Labs DVN + Horizen DVN, basically a 4/5). At least 7 of their 9 multisig addresses are dormant. So, can we say a total of around $10B+ is at risk here? I am not blaming these GMPs. They are simply selling a setup. I am pushing the community to demand enough security from the protocols that are using these setups. Did we all forget that the bridge hacks have accounted for >50% of all funds we have lost? Now we are offering billions more on a platter to the hackers around the world. Kim Jong-Un is probably rubbing his hands right now. Native Bridges, Ignored, And Left for Dead It is easy to point out problems than to offer solutions. What is the best security for cross-chain messaging/tokens right now then? I would suggest studying wstETH by Lido. It uses native bridges to bridge and also to control the upgradable token setups on L2s. The upgradability is controlled by the Lido DAO on L1. Except the upgradability aspect of this, I have no issues with this setup. There is no way an unlimited amount of wstETH can be minted in this case. There will be solutions based on restaking in the future, hopefully they will offer a much better security than what we have today. Closing Thoughts I used to think very highly of LayerZero as a protocol. A protocol that is marketed x.com/mark_murdock3/… as a peer next to Bitcoin and Ethereum. Bitcoin, Ethereum, LayerZero. But I do not feel strongly about it anymore. I don't think it's even close. Bitcoiners chose the smaller blocks chain, Ethereans still care about the solo stakers, but the protocols using LayerZero are fine with one or two DVN setups. This is not a post targeted towards any of the GMPs/protocols mentioned here. I wanted to voice out my concern because I hold a lot more ETH than I hold ZRO (I do hold some ZRO, sandmanarc.eth). I have also integrated LayerZero into the protocol I am currently building. Although I am having second thoughts about it now. Let's demand better standards from our industry. - A humble community member, Sand

English
0
0
7
162
sand
sand@sandmanarc·
Why are people still following crypto VCs? They’re the epitome of bad investment of time and resources in the last 7 years lol. Block imbeciles like these 👇and start solving real problems to live a fulfilling life.
Jason Choi@mrjasonchoi

If I was a fresh grad again my first priority would be to amass a fortress of solitude portfolio and get to a point where passive returns fund my lifestyle with acceptable principal decay into death before AGI permanukes the job market in 5 years The two ways I would do this in such a short time is either hyper-gamble in crypto/stocks or FOMO VCs into giving me money to vibe code an AI consumer-facing app and aim to get acquihired by a pre-IPO hyperscaler pronto Would not bother wasting time applying to mckinsey et al. or the cliche wharton -> IB -> PE route. Both dead ends

English
0
0
3
416
dom williams.icp ∞
dom williams.icp ∞@dominic_w·
Urm, this is very misleading: "Zero... provides a credible alternative to centralized cloud providers like AWS" At a high-level, all you need to know is that Zero works by proving hosted computation is correct. The proving overhead makes computation 100,000X more expensive. Zero uses the Jolt zkVM to run computations, and generate proofs that computation has been performed correctly. The 100,000X cost multiplier number comes from the Jolt project itself, as per this linked content from the fall of 2025: a16zcrypto.com/posts/article/… Factually-detached as marketing in our industry typically is, I feel duty bound to share the truth because harmful market confusion has now been caused by a succession of networks marketing themselves as "world computers" capable of providing onchain cloud, when they can't remotely do anything of the sort. Hosting computation and apps fully onchain on the Internet Computer network, by comparison, doesn't involve an insane overhead, which is why the network is actually being used for sovereign cloud, and as a self-writing cloud backend by Caffeine. We don't want people to get confused. LayerZero naturally fails to mention the 100,000X expense overhead and instead bamboozles readers with descriptions of its "QMDB" verifiable database, and lofty claims that Zero could potentially process 2 million TPS (transactions per second). Team posts generally also include some idealist blockchain polemic for good measure, to emphasize they are the real deal. But just focus on the 100,000X cost multipler. The claim that Zero can provide onchain cloud that rivals AWS doesn't pass the smell test! That does mean the Jolt zkVM ("zero knowledge virtual machine") developed by a16z Research, is anything less than very impressive. It delivers major advances in the field and can be accurately described as an incredible piece of work. I can even imagine the Internet Computer network using it for much more specific purposes in the future. But, "The Network is The Cloud" paradigm cannot remotely be delivered by Zero so long as it relies on Jolt to prove the correctness of compute, which adds this insane overhead (Jolt runs the compute at near native speed, and it's the generation of the proof that creates the massive overhead)... Example 1: If a database command takes 1 second to run on some machine, then if that machines runs the computation using Jolt, it will take longer than a whole day for the computation to complete! Example 2: If a single server machine is running at full utilization, then to run that workload on Jolt, we must offload its proving work to other server machines. Since dividing proving work amongst different servers introduces additional overhead, around an additional 125,000X server machines will be required to prove the computation taking place. You read that correctly! LayerZero claims the Zero L1 can process 2 million TPS of general-purpose cloud logic. If we assume a standard server/node handles 2,000 TPS of complex SQLite logic (for example, SQLite can be embedded inside a Wasm canister smart contract on the Internet Computer), LayerZero would need 1,000 servers just for execution. But to provide the Jolt proofs they promise, they would need an additional 125,000,000 servers (125 million servers) running at full capacity just to keep up. This would require an unimaginably large data center to be available for proving (one orders of magnitude larger than has ever been created before) and somehow the network would have to pay for that. LayerZero is aware of these issues, and so let's look at how they hope to get around them, and the sacrifices Zero makes, which sheds light on the validity of its deccentralization claims. LayerZero hopes to leverage two technical angles to make this scheme practical. Firstly, zkVMs like Jolt allow computation and proving to be separated. Essentially, the computation runs on Jolt first at near native speed, producing an "execution trace" as a side effect, then that trace is used to generate the proof in a separate process that can run afterwards (which proof creation adds the 100,000X computational cost overhead). Secondly, the job of creating the proof from the trace can be divided amongst different machines ("sharded"), to speed up proof generation. For example, dividing the work of proof generation among 10 machines might produce a 9X speedup (rather than a 10X speedup owing to the overhead of sharding). Note that although a speedup is achieved, the overall cost multiplier increases beyond 100,000X owing to the overhead involved with sharding/parallelization. Zero is composed of multiple "atomicity zones," which scale Zero's capacity horizontally. An atomicity zone is roughly analogous to an Internet Computer subnet. Each atomicity zone reaches "soft finality" first, which occurs when the computation completes. Then "hard finality" is achieved later when the proving/generation of the proof of correctness is complete. Let's assume that proving is offloaded to some other capacity within the network, so computation can proceed at near native speed, delivering soft finality fast, while the proving catches up in the background, providing hard finality later. Firstly, we can see that while computation can proceed ahead of proving in bursts, proving must generally keep pace with computation, otherwise it will fall further and further behind. Ultimately, that means that computation is like a high-speed car that can only drive as fast as a person in the back can draw a map of where it's going. Secondly, we see that Zero is probably relying on the idea that people will be happy with soft finality. This is why their SVID (Scalable Verifiable Information Dispersal) module essentially shares *claims* about the state of atomicity zones across the network, rather than proven state created by hard finality. Thirdly, we can see that Zero's idea about the network relying on sharing data for which only soft finality has been achieved is flawed. Why? Because different atomicity zones will wish to rely on the state/data of others in their own computations. This results in easy-to-understand phenomenon called "fan out." Let's say Zone A shares soft finality data with Zone B, which performs some actions, updating its own data, which is shared with Zone C. If Zone A cannot later produce a proof to show that its data was correct at the time it was shared with B, and it reached hard finality, then Zone A must rollback to the previous valid hard finality state—which in turn means that Zone B must rollback, and Zone C must rollback. In a global onchain cloud environment, one app can call another app, that can call another app, ad infinitum. This "fan out" makes reverting state near impossible, especially if proving falls well behind computation. According to the "Zero: Technical Positioning Paper," if a proof fails, the system will use on-chain governance (directed by voting by ZRO holders/validators) to manually "adjust protocol parameters" or "upgrade validator software" to fix the problem. Obviously, if this ever became necessary, implementing the fix will not be so easy, and will take the network down for a very long time indeed. So what is LayerZero thinking? My guess is that they assume by partnering with trusted centralized parties like Google and Citidael, and getting them to run atomicity zones, their soft finality will be reliable enough that state reversions won't ever be necessary. We saw something similar in Optimism, the so-called Ethereum L2, which was run on a tightly-controlled network of machines. It was possible to submit a fraud proof to the network showing that something had gone wrong, but there was no way to revert to the state in such a case. It really was truly optimistic! If this understanding is correct, it means Zero is really a network depending on trust in institutions, rather than the math of zkVM proving per se. Since the network will be relying on soft finality and trust in institutions, rather than the hard finality provided by proving, it's not clear what the benefit of using Jolt exactly is—if the real purpose is to attach Zero to the buzz around zero knowledge proofs, then potentially this will become one of the most expensive marketing exercises in history. But, you say, this SURELY cannot be true! Well, this is where I landed looking at how they claim Zero works—although my time is limited, and I could have made mistakes. I hope they let me know if I have. My guess is that LayerZero justifies the current design of Zero on the basis that hardware cavalry is coming to make their architecture work better in the future. Specialized zk hardware, such as ZK-ASIC or FPGA devices that can be installed into servers, much like the Bitcoin mining cards that do hashing, are in development by companies like Ingonyama, and might reduce the proving overhead to 1,000x - 5,000x if their claims are accurate. Obviously, that kind of overhead will still be far too high for Zero to provide onchain cloud that can rival AWS, but, if it enables them to ditch soft finality, removing the impossible-to-satisfy requirement that the network can run global state reversions across atomicity zones, Zero will be interesting as a solution for hosting DeFi. I wish them well.
LayerZero@LayerZero_Core

x.com/i/article/2020…

English
112
195
827
92K
sand retweetledi
Tevm
Tevm@tevmtools·
Introducing the best way to build robust TypeScript apps on Ethereum Voltaire Effect Here is why you should be using Voltaire instead of Viem in future 🧵 1/25 (links in 3/25)
Tevm tweet media
English
8
16
58
6.7K
zak.eth
zak.eth@0xzak·
Introducing apps.fun A Launchpad for App Coins We built @appsfunsol to answer a simple question: what if every app had its own token and launching one was as easy as deploying code? How it works You create an app on apps.fun and mint a token for it. No upfront liquidity required. The token launches on a bonding curve that handles price discovery automatically. Early buyers get lower prices, and as demand grows, so does the price. When the bonding curve reaches its threshold, the token graduates to Meteora,a Solana DEX, with real liquidity. Your token is now trading on the open market. For developers: You can fund your project without VCs, grants, or presales. Your community buys in directly. The bonding curve means you don't need to bootstrap liquidity yourself. For users: You get in early on projects you believe in. No whitelists, no allocations, no insider rounds. Same curve for everyone. Fee sharing Every trade on the bonding curve generates fees. A portion goes back to token holders as dividends. The more activity, the more holders earn. Build with the SDK Integrate trading directly into your app. Let users buy and sell without leaving your product. `npm install @apps.fun/sdk @solana/web3.js` Docs: apps.fun/developers Links Website: apps.fun GitHub: github.com/apps-fun Telegram: t.me/appsfuncommuni…
English
91
28
214
54.7K
sand
sand@sandmanarc·
I left. The people i trusted and followed, the KOLs and “modular mafia”, all shilled 100s and 1000s of chains. So I tried building a bridge to connect them all. None of that panned out. They were just pumping their modular bags.
lethe@0xl3th3

> leave Ethereum space because they keep telling me not to build on the L1 and I really don't trust Optimism > "ok if you say so" > build a chain on Celestia because they seem to actually want people building on their chain > "its a good chain maam we love games here" > "the vision is data availability, powering every app in this ecosystem through huge blocks" > work for 2 years, end up with one of the only apps in the industry that generates any form of revenue > finally, i have achieved something resembling product market fit after years of suffering and toil > time to see what Celestia are up to, I bet we can do some big partnerships with the other apps > oh dear wait > all my TIA contacts got fired in some kind of internal political purge > TIA goes silent > suddenly pivots to support a focus on powering 'HFT exchanges' with no warning > literally just repeating Solana marketing copy like a robot > suddenly every Cosmos retard is shilling it > what the fuck are they doing oh my god its over > well I wonder how Ethereum's thriving L2 ecosystem is doing now everyone moved off the L1 > look at Vitaliks account > "You can just build on the L1" What the fuck was the point of listening to any of you people? I swear to god, every single person trying to coordinate some sort of monolithic blockchain strategy is clinically retarded. My business is somehow fine despite all of this, but you are all fucking jokes. This is why nobody takes this industry seriously. This is why there are no real builders left. I should have ditched this piece of shit the second they mentioned Cosmos.

English
0
0
6
338
sand retweetledi
lethe
lethe@0xl3th3·
> leave Ethereum space because they keep telling me not to build on the L1 and I really don't trust Optimism > "ok if you say so" > build a chain on Celestia because they seem to actually want people building on their chain > "its a good chain maam we love games here" > "the vision is data availability, powering every app in this ecosystem through huge blocks" > work for 2 years, end up with one of the only apps in the industry that generates any form of revenue > finally, i have achieved something resembling product market fit after years of suffering and toil > time to see what Celestia are up to, I bet we can do some big partnerships with the other apps > oh dear wait > all my TIA contacts got fired in some kind of internal political purge > TIA goes silent > suddenly pivots to support a focus on powering 'HFT exchanges' with no warning > literally just repeating Solana marketing copy like a robot > suddenly every Cosmos retard is shilling it > what the fuck are they doing oh my god its over > well I wonder how Ethereum's thriving L2 ecosystem is doing now everyone moved off the L1 > look at Vitaliks account > "You can just build on the L1" What the fuck was the point of listening to any of you people? I swear to god, every single person trying to coordinate some sort of monolithic blockchain strategy is clinically retarded. My business is somehow fine despite all of this, but you are all fucking jokes. This is why nobody takes this industry seriously. This is why there are no real builders left. I should have ditched this piece of shit the second they mentioned Cosmos.
zmanian@zmanian

Celestia exists to allow anyone to build an exchange with novel market microstructure and HFT throughput. The missing piece is a single plane of glass to move into and out of markets.

English
53
23
376
64.9K
sand
sand@sandmanarc·
@buntyverse @hosseeb @UncleRewards So Solana will also reach Ethereum level decentralisation you mean? If yes, why haven’t they done it already? It’s been 6 years…
English
0
0
2
88
Kunal
Kunal@buntyverse·
@sandmanarc @hosseeb @UncleRewards There is nothing stopping solana from doing that, yes. Thesis for monad has always been decentralised AND high througput EVM. SVM is a different story.
English
2
0
0
139
Uncle ↑
Uncle ↑@UncleRewards·
This is why people don't like VC's Casually saying Monad has "Ethereum-level decentralization" is such a boldfaced lie. Monad has 300 validators with token weighted consensus. And guess who has ALL THE TOKENS: VCs, team, insiders
Uncle ↑ tweet media
English
55
23
662
66.2K
sand
sand@sandmanarc·
@hosseeb @UncleRewards There’s an obvious flaw in this argument. You’re promoting it as the best of both worlds. Decentralised AND high throughput. What’s stopping Solana from reaching Ethereum level decentralisation? Answer this simple question and you’re vindicated.
English
1
0
5
2.1K
Haseeb >|<
Haseeb >|<@hosseeb·
Bitch, tag me if you're gonna quote me. The chain launched literally yesterday morning. Obviously it's not decentralized 24 hours after launch. What kind of stupid dunk is this? Ethereum was not decentralized on day one. Takes time. But someone asked me what's the thesis, that was my response. Many high performance chains are built with much higher hardware requirements to validate, or with steep tradeoffs in consensus that make it difficult to decentralize. This is core to Ethereum's philosophy, and it's core to Monad's too. And VC investors like us cannot stake locked tokens. Obviously this is what I mean when I'm talking about a day 1 chain. Be even slightly charitable in how you interpret what I'm saying and I'll do you the same.
English
51
0
275
114.6K
kain.inx
kain.inx@kaiynne·
Imagine you’ve been in crypto for five years, secretly from the UK but larping as Nigerian only to be geodoxxed on the weekend and your career is over.
English
42
1
130
13.7K
sand
sand@sandmanarc·
@pet3rpan_ Doxxed but camera off founder or anon founder? Big difference.
English
0
0
0
486
Peter / 1k(x)
Peter / 1k(x)@pet3rpan_·
Never investing into camera off founder. Weak.
English
42
14
321
63K
sand
sand@sandmanarc·
@tyneslol What are the value propositions of Ethereum?
English
0
0
0
39
Mark Tyneway
Mark Tyneway@tyneslol·
Everything would be better if we stopped talking about the values of Ethereum and instead started talking about the value propositions
English
34
10
126
23.4K
sand
sand@sandmanarc·
@FrancescoRenziA @ameensol It's not exactly the same idea, but it's an implementation of it. You shoudl look into it. I guess if 7503 actually goes live on mainnet all the ETH burners who minted WORM can mint ETH on mainnet again, isn't it? @EIP7503 @Sage_Tega?
English
0
0
0
32

Keşfet

@0x_Osprey @EulerLagrange @andyyy @banteg @Pybast @CatfishFishy @EtherFi @ethena