Revisit Trusting trustlessness? exploits in curve and polynetwork [pdf]
cs.umd.eduFYI already made it here:
https://news.ycombinator.com/item?id=29145946
But this type of trust is kinda timeless.
Recent vulnerabilities and exploits found in Defi bring back a quote found in this short essay by Georgiadis: “Additionally, even though the codebase might be open source, and thus inspectable, validating integrity of a million-loc-long codebase isn’t something that the average user is capable of.”
I might add, it’s not even feasible for the average expert. The essay touches on some very nice points.
This is a nicely written spin of Turing Award winner Ken Thompsons speech "Reflections of Trusting Trust(lessness)!". Thanks for this, and thanks for posting.
The bug in Curve was in vyper's compiler not Curve itself.
I agree with this essay, and your point. No average user, nor average expert can spot this type of exploit. My own background is in compiler work. Hence the author, Evangelos Georgiadis, advocates for formal verification methods, but even these methods are not perfect. The most intriguing point for me was the author's concept of conceptual corruption, referencing work by Markus G Kuhn. It leaves off with an easter egg quote of former compiler expert Donald Knuth. This 3 pager is quite fitting for current events.
I'm a victim to the bug. Man someone out here help. defi is fraud, I dont trust anyone.
Defi is not fraud, people are fraud. This essay makes a point in case for this argument. I'm sorry to hear that you were victim to the bug!
Defi is fraud! and people in Defi are fraud too. how about this?