wolfehr.frax

@Konstoyouralas1 @Acyn Did you know that dumb has a b at the end? I only ask because apparently a lot of people don’t know that.

@Acyn Trump nails Dumocrat because blue cities prove their total stupidity every single day. This TinHat Bear laughs as the swamp media melts down over simple truth bombs.

Trump: Dumocrat. You take the E out and you don't use the B. A lot of people don't know dumb has a B in it actually. You don't need it.

@PerpetualGS @samkazemian The $FRAX token governs emissions, protocol upgrades, revenue allocation, and long-term strategic direction. It is the core asset where all value from the network accrues. You can read more about it in this proposal: snapshot.box/#/s:frax.eth/p…

@wolfehr @samkazemian and what's the use case for $FXS? except dumping on holders

Another narrative to hop on by the Frax team. Meanwhile their L2 did $0 revenue in last 24h, AI initiative is dead and their memecoin collective, ambitious L3 plans, legacy Convex vaults and FPI/FPIS experiment have all been phased out @samkazemian keeps buying boats though

Stablecoin Spotlight of the Week: frxUSD Most stablecoins are built to hold a peg and hope the market agrees. frxUSD by @fraxfinance has gone further than that. USP by @piku_dao, USG by @Tangent_fi, and USSD by @SonicLabs, to name a few all route through frxUSD as a peg keeper. Other stablecoins are building on top of it. frxUSD has become the infrastructure other stablecoins depend on. Here is what our data says: Overall Score: B (72/100) Peg Stability: A+ (99/100) Exit Liquidity: A- (80/100) Resilience: B+ (78/100) Decentralization: B+ (75/100) Dependency Risk: C (58/100) DEWS: 10/100 — Calm Market Cap: $138M 90D Net Flow: +$19M 450 days streak without a depeg event. No F grade across any sub-dimension. Among the 353 stablecoins Pharos tracks, that combination is rare. The exit liquidity picture is one of the strongest we have seen in this series. A 93-rated atomic redemption backstop through enshrined custodians gives frxUSD one of the most reliable exit routes among crypto-native stablecoins. On the DEX side, 60+ pools with a low 0.11 HHI across multiple chains show genuinely diversified liquidity rather than concentration in one or two venues. 60+ pools across multiple chains is what stablecoin infrastructure looks like at scale, and that is by design. @samkazemian built frxUSD to be used everywhere, not just held somewhere. The cross-chain architecture is where frxUSD separates itself in a way that has gone largely unnoticed. When the LayerZero incident hit and stablecoins using the OFT standard took collateral damage, frxUSD was unaffected. It uses OFT, but on its own terms. Frax runs its own DVN and its own libraries that no external entity can upgrade, operating on a 3/3 DVN consensus policy moving to 5/5. frxUSD offers various yield opportunities, including its recent Stake DAO vault currently running at 11.11% APY with $7.25M in deposits. Active AMO strategies across those 60+ DEX pools sustain that yield surface across rate environments rather than depending on any single source. $19M in net inflows over 90 days. The market is not just watching frxUSD. It is building on top of it.

@UPD_io Great post! One small correction: Legacy Frax counts on the balance sheet counts as both a a backing asset and liability, so they cancel out and don’t impact the CR.

I’ve never understood why bridges have to always be fast. I get it for impatient retail or cross-chain arbitrage. But many tasks aren’t very time sensitive. Which is why I always had a soft spot for the (now-defunct?) @fraxfinance bridge. They called it Frax Ferry and gave the roles a nautical theme. The captain had admin roles, and a second set of actors called crew members had the power to temporarily pause to enforce a “stop, look, listen” process. Normally I dislike meme-y themes (like food names), but in this case I think the ferry analogy helped communicate to users how it worked. The Frax Ferry would have scheduled departure times between specific chains, and would take 24 hours to arrive. This gave ample time to catch shenanigans. And also meant there was low risk of infinite mint, since any compromise would have to be sustained undetected for the entire journey. I’m not sure if 24 hours is the right time period, but it’s hard to think that the Frax Ferry would have allowed DPRK to rekt Kelp. To the extent a need for fast bridging still exists, it does seem appropriate for someone (bridge, issuer, swap-bridge counterparty) to levy a fee to account for the increased risks. The model converged upon has been the asset issuers doing this for free - you’ll notice even on L2s, the standard bridges aren’t growing their escrows much as fast options proliferate. I think we can agree there needs to be a rethinking about how this risk is shared. That could be a fee, lower claims priority, or some TBD clever solution.

Yes, these processes took place over billions of years (i.e., eons). Here’s one experiment exploring the next steps and how they could have happened. The Origin of Prebiotic Information System in the Peptide/RNA World: A Simulation Model of the Evolution of Translation and the Genetic Code (mdpi.com/2075-1729/9/1/…) > We suggest the coevolution of translation machines and the genetic code. The emergence of the translation machines was the beginning of the Darwinian evolution, an interplay between information and its supporting structure. Our hypothesis provides the logical and incremental steps for the origin of the programmed protein synthesis. In order to better understand the prebiotic information system, we converted letter codons into numerical codons in the Universal Genetic Code Table. We have developed a software, called CATI (Codon-Amino Acid-Translator-Imitator), to translate randomly chosen numerical codons into corresponding amino acids and vice versa. This conversion has granted us insight into how the genetic code might have evolved in the peptide/RNA world. There is great potential in the application of numerical codons to bioinformatics, such as barcoding, DNA mining, or DNA fingerprinting. We constructed the likely biochemical pathways for the origin of translation and the genetic code using the Model-View-Controller (MVC) software framework, and the translation machinery step-by-step. While using AnyLogic software, we were able to simulate and visualize the entire evolution of the translation machines, amino acids, and the genetic code.

@wolfehr @andreafare @Rainmaker1973 Still eons away from any viable single protein, let alone any viable living single cell. Thank you for proving my point by citing this shitty unsuccessful experiment.

Scientists have created one of the most detailed 3D reconstructions of a human cell (eukaryotic cell) ever produced. This groundbreaking model, often termed a "Cellular Landscape Cross-Section Through a Eukaryotic Cell," combines data from X-ray tomography, nuclear magnetic resonance (NMR), and cryo-electron microscopy to map molecular structures in extreme detail.

Here’s an alternative explanation that has been demonstrated in laboratory experiments. > The Miller–Urey experiment,[1] or Miller experiment,[2] was an experiment in chemical synthesis carried out in 1952 that simulated the conditions thought at the time to be present in the atmosphere of the early, prebiotic Earth. It is seen as one of the first successful experiments demonstrating the synthesis of organic compounds from inorganic constituents in an origin of life scenario. The experiment used methane (CH4), ammonia (NH3), hydrogen (H2), in ratio 2:2:1,[3] and water (H2O). Applying an electric arc (simulating lightning) resulted in the production of amino acids.

@andreafare @Rainmaker1973 😘 I’m doing great, man. Still waiting for your alternative explanation.

@sweepbaseHQ @LayerZero_Core @aave Plenty of blame to go around for the exploit: LayerZero for the RPC/DVN compromise, KelpDAO for a sub-par DVN configuration, and Aave for overlooking these risks during rsETH onboarding. When due diligence fails at every level, the ecosystem pays.

@LayerZero_Core @aave Bro u was hacked so u have to cover 100% not 5k eth 😂

LayerZero Labs is pledging more than 10,000 ETH to @Aave-led DeFi United efforts. We are: • Donating 5,000 ETH to DeFi United • Depositing an additional 5,000 ETH to strengthen Aave markets liquidity • Strategically deepening GHO liquidity

Amazon just got caught running a secret price manipulation operation with Levi's, Home Depot, Walmart, and many more. Every time you "comparison shopped" online, you were looking at prices that were already rigged. Here's what happened: Amazon would monitor prices on Walmart, Target, Best Buy, Home Depot, and Chewy in real time. The second a competitor listed a product cheaper than Amazon, they'd contact the brand directly and tell them to "fix it." And the exact emails are now PUBLIC. Amazon sent Levi's links to two Walmart listings with the subject line "styles of concern." They basically said the prices on Walmart are too low and we have a problem. The next day, Levi's responded: "I talked to Walmart and they have partnered with us to take Easy Khaki Classic fit back up to ladder SPP price, $29.99 immediately." Levi's literally called Walmart and told them to raise the price. Because Amazon told Levi's to make the call. Walmart complied. Then Amazon matched the HIGHER price. Both retailers ended up charging more. The customer paid extra. Nobody competed. Same playbook with Hanes: Amazon sent them links showing Target and Walmart prices were lower. Hanes confirmed they "reached out to Target and Walmart to have the prices increased." Target increased the prices. Walmart increased the prices. Amazon kept their margins. But it gets even worse... Amazon told Allergan (the company that makes eye drops) that their product was "suppressed" on Amazon because it was cheaper on another site. Allergan responded: "Walmart got their price back up to $16.99." Amazon then unsuppressed the listing. They did this with pet treats on Chewy. Furniture on Home Depot. Products across dozens of categories spanning YEARS. The mechanism is simple but terrifying: If you're a brand and you sell cheaper on Walmart than on Amazon, Amazon suppresses your product, removes you from the Buy Box, buries you in search results, and effectively makes you invisible to 300 million customers. Brands can't afford that. So they call Walmart and Target and say "raise your prices or we'll lose our Amazon listings." Walmart and Target comply because they need the brand's products. Amazon captures 40 cents of every dollar spent online in America. That gives them the leverage to set prices across THE ENTIRE internet. Not just their own platform. So turns out, you were never comparison shopping. You were looking at a coordinated price floor set by Amazon through backroom phone calls between brands and their competitors. "Amazon is working to make your life more unaffordable." 3 separate antitrust trials are now scheduled for 2027. The FTC has its own case. 18 states plus the DOJ are piling on. This is literally happening during the WORST affordability crisis in a generation. Groceries up 25% since 2020. Housing unaffordable. Wages flat. And the largest ecommerce company on Earth has been secretly coordinating with brands to make sure you can't find a cheaper price ANYWHERE. "Competition" in retail is just a fantasy.

🔴 After the KelpDAO hack, several protocols using LayerZero for their interoperability rushed to fix their structure to implement at 2 DVNs. It’s definitely a step in the right direction. But if you look at how Kelp was actually exploited, adding a second DVN might have not prevented this. Attackers could still have been compromised rsETH with little to no additional costs. ▫️ Here’s the explanation: LayerZero’s cross chain infrastructure functions with DVNs that act as guardians and are responsible for minting tokens on destination chains and burning them when redeemed on the source chain. However, DVNs don’t have a direct access to the blockchains. They rely on RPCs that rely the information to them. If the RPCs get compromised, the DVN becomes blind, and this is exactly what happened with Kelp. 2 RPCs got compromised and the third one got DDoS’ed, therefore unable to verify the information presented by the other ones. ▫️ So why isn’t a 2/2 DVN setup enough? The security gain of adding an additional DVN only works when both DVNs are genuinely independent: different infrastructure, different RPC providers, different hosting environments. If this is not the case, it is simple for a resourceful attacker to target the shared infrastructure for both DVNs to execute the same outcome. It is exactly the same logic that applies to a multisig where the signers use the same keys or the same custodians. Today the RPC providers are not directly visible, making it harder for protocols opting for a multi-DVN infrastructure to choose independent operators. ▫️What are the choices projects have? We decided to take a look at @ethena’s announcement of their recent switch from a 2/2 DVN structure to a 4/4 one. The 4 used DVNs are provided by @Nethermind, @HorizenLabs, @LayerZero_Core and @canary_proto. - Nethermind runs its own nodes on several networks, therefore reducing the reliance on external RPCs. - Horizen uses zk-proofs with an emphasis on privacy - Canary uses its own TEE-based DVN with their own client - LayerZero DVN is the native DVN of the OFT protocol This allows for a better diversification of clients, infrastructures, and verification methods. The lesson from the KelpDAO hack isn't "add a DVN." That number next to your config is meaningless if the infrastructure underneath shares single points of failure. Until RPC diversity becomes a standard part of DVN audits and protocol security reviews, the next exploit doesn't need to find a new attack vector. It just needs to find the protocols that added a DVN without checking for dependencies between them.

So let me start. DeFi is the future of the World Financial System. That's my belief, and this is why we are here. This amount of absolutely preventable hacks we see in DeFi (with root causes attributable to CENTRALIZED points of failure) is enormous recently. This damages out industry, and I build for this industry. So I cannot remain silent. Imagine an average grandma (mass adoption is here?) putting her life savings on Aave. And then BOOM, she cannot withdraw her funds on Monday. Aave (the biggest DeFi protocol btw) said it's operating as intended - just rsETH got exploited. rsETH said that all code is safu - just LayerZero bridge got hacked. LayerZero (the biggest bridge securing quarter of a trillion $) said that everything operating as intended. Yet, she cannot withdraw here funds. WTF? Are we industry of clowns? But here's the thing. All issues like this should be prevented BEFORE they happen, not AFTER. Number of single points of failure should be reduced, not increased. When these points of failure are unavoidable - trust should be split. If there's a reliance on infrastructure - we should share best practices how to configure it. Not to mention that code should be very well checked - everyone gets that already. We should probably come together and develop safety standards for DeFi. How to build safely, and how to verify safety. Probably everyone should bring their best practices, and the projects, auditors and risk assessment groups should know them. Maybe we need @ethereumfndn and @SolanaFndn bringing all the ecosystem projects to participate and come up with principles, rules and recommendations of safe building. And, perhaps, we can even learn something about protecting the few remaining centralized points of failure from traditional finance who have many more of those. DeFi will win

Hard to shift the blame away from KelpDAO here. Templates are starting points, not production code. Relying on insecure defaults is an amateur move. If a company leaves an edge unprotected because they didn't update the firewall's default settings, that's on the company, not the provider. While LayerZero definitely needs to address their OpSec based on the RPC attack, it’s a moot point for KelpDAO. Had Kelp configured their LZ implementation correctly, the RPC vulnerability wouldn’t have mattered.

@wolfehr @DefiIgnas @CatfishFishy that flexibility is important. Some onus is on the developer using the tools, but imo this was negligence on LZ's part and nothing else. Bad definitions and inadequate minimums

Boggles my mind that L0 blames Kelp for this hack when their own LayerZero Labs DVN, RPC infra, etc. was spoofed into forging a fake message. Dune reports that 47% of LayerZero OApps’ DVNs run a 1-of-1 DVN security floor. The other 45% run 2-of-2. So Kelp isn't an outlier here but most apps used 1 DVN. Maybe I'm missing something here?

@web3law_tech @Dune It doesn’t actually, since not all OApps have the same value flowing through LZ.

@Dune 47% of OApps running 1-of-1 DVN means nearly half of cross-chain value relies on a single point of trust. that's not decentralization, that's concentration risk with no disclosure requirement.

Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days. Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher. As we know, KelpDAO's rsETH sat in the first bucket. Open query, public methodology, feedback welcome: dune.com/dune/layerzero…

@linkies4life @DefiIgnas @CatfishFishy Agree. Not all DVNs are equal. LZ doesn’t force you to use good ones or make good design decisions.

@wolfehr @DefiIgnas @CatfishFishy The L0 definition of a DVN is laughable. Basically CCIP = 1 DVN. This actually makes sense and is true to the name "DVN" but 1 DVN can also mean a single node run by Jim...that is quite the network 🤣

Likely to streamline testing and development without juggling multiple DVNs. LayerZero includes their own by default since it’s theirs, but avoids "recommending" specific third-party DVNs in the default config. It’s a defendable position, but they could definitely improve the UX and make it harder to make bad choices.

@DefiIgnas @CatfishFishy It's ridiculous, yes Kelp didn't sign up for "more security" but it raises the question as to why a single DVN can even be selected lmao This data is even more shocking, almost like it's the default 🤔

@octalmage @gribbly_fire @DefiIgnas Example code isn’t meant to be copy/pasted into production. LZ can do better to make setups secure by default and call out the risks, but I put most of the responsibility on Kelp for their insecure configuration.

@gribbly_fire @DefiIgnas I've been tearing through the docs, I'm seeing a lot of example code with only one DVN like the example here. Can you point me to the recommendations around DVN in the docs?

Aave should pay up for ignoring the 1/1 DVN risks and previous rsETH issues, but Kelp needs to lead the recovery if they want to stay relevant. It’s their token and their bridge configuration. Hard to call it an accident when they’ve made the same type of amateur mistakes before (governance.aave.com/t/rseth-precau…).

@wolfehr @UrfishW @KelpDAO @LayerZero_Core @aave Not the whole loss but for sure aave is forced to come to the negotiating table and cough up part of the debt. This is my take and i think it's very likely to play out.

What if @KelpDAO says fuck u aave and refuses to take any loss for their rsETH holders? This is a hot potato @LayerZero_Core @KelpDAO @aave are passing each other but at the end of the day the missing money is on aave.