An Alert Blitzkrieg: Cheap ETH Mining, MANA Land Estate Bug, EOS RAM Vulnerability, Stratis Node Vulnerability, Etherscan Vulnerability, Bitcoin Cash Vulnerability, and How Wall Streeters and Technologists Can Be More Lay-language Friendly
On this episode, we discuss the alerting platform we’re building for crypto investors and traders. We then cover how Ethereum miners are rolling in dough, and the gives and takes of Proof of Work. We talk about a few really interesting alerts that hit this week: a Land Estate Bug we found in Decentraland ($MANA), an $EOS Vulnerability that exploits RAM, a Stratis node vulnerability ($STRAT) that’s been around for almost all year, and a Bitcoin Cash ($BCH) vulnerability. We also talk about how the crypto space has really gotten a new wave of people interested in learning about how finance works, and what crypto teams will have to do to keep that interest going.
Here’s a transcript of QuantLayer Crypto Podcast #13.
The episode in its entirety can be listened to here:
QuantLayer is a software consultancy based in Brooklyn, New York. All opinions expressed by podcast guests are solely their own opinions and do not reflect the opinions of QuantLayer. The information presented should not be construed as investment advice. Guests may maintain positions and assets mentioned in the podcast.
Vikram: I thought it would be a good time to reflect a little bit of what we’re building and the kind of activity we’ve been seeing on our platform. For those of you listening for the first time, we’re QuantLayer. We’re building a cryptocurrency market intelligence platform for investors and traders. A major, major issue right now that we have with the crypto market is that there aren’t a lot of great research tools out there that can help market participants wade through the amount of information that flies around in this space. In particular especially the mature type of research tools like they are with the stock market where we have things like Bloomberg, StreetAccount, Foxit, Capital IQ. For example, because information flies around all over the place; in crypto, we have stuff like teams putting out news in their chat rooms. They put out what they call “press releases on medium.” They have days passed between important vulnerability fixes or bug fixes and their source code from when they talk about it in public. In that regard, it’s really not like the stock market where we have market moving information leave in just a handful of places. How do you deal with that? That’s basically where we come in. Our platform aggregates important market moving and market informing sources of information for traders and investors. It surfaces it all in a really nice UX.
The type of stuff we surface. We surface important information in a realtime feed so you can see updates to the Lightning network, see important GitHub commits for coins, see what news teams are putting out, what chat admins are saying before they put it out anywhere else. We also have this ability to search by coin or message so which I think is very cool because you can look up terms like bug or vulnerability which, Faizaan, I think you’ve pointed out recently.
Faizaan: Yeah. One of the things I would like to do, not just having the platform running in the background delivering these alerts live in doing research, is to use specific search terms. We’ll talk more about some things that we found today just looking through vulnerability. You know, if you’re looking for specific issues in the space, like if you’re looking for fraud or SEC actions or some news related to a given exchange, like the search is a really good way to just filter down through all of these news sources and actual chatter in GitHub and just get a really good view historically of what the conversation has been around of the given topic. It’s a great way to do research.
Vikram: Yeah. We’ll link to a few screenshots of the platform in the show notes so you guys an see what it looks like. A couple of things that can in today which were kind of interesting. Zcash put out some news about their Sapling update which is their network upgrade for Zcash. So we have this article summary mechanism wherein articles come in, we can programmatically summarize some of them. It allows users to very quickly scan a news article if they want to actually find out more about what’s in it, they can just click on the source and read the full article.
So we saw a little bit of Zcash Sapling news come in. We saw some Lightning Network updates. This is the second layer solution built on top of bitcoin and it looks like there’s a spike in the last. We basically track Lightning Network update in terms of nodes, channel count, and bitcoin capacity. All three are interesting. One I think is interesting in particular is the amount of capacity that’s tied up in the Lightning Network because in order to navigate that network, integrate into that network, you actually have to lock up your bitcoin to use it. Seeing that number go up, it’s always interesting, seeing it go down of course is interesting too, but it looks like in the last couple of hours as of today, it spiked from about 82 to 87 bitcoin capacity. So it’s not a ton in the grand scheme of things and eventually that number will be a lot higher but it will important to track that kind of thing, long term..
Just broadly, I just want to give you guys an idea of the kind of activity we’ve been seeing just in terms of the amount of lurks that come through the platform. Last week we had on a daily basis around 2,000 alerts. The lowest day was about a thousand. I think that was a Sunday so it was probably quite all around, about around 12,000 alerts came in in the last week or so. You should come check it out. QuantLayer.com, that’s Q-U-A-N-T-L-A-Y-E-R dot com. You can sign up for alpha, check out what we’re building or just email me directly at Vikram@quantlayer.com. That’s V-I-K-R-A-M as in Monero at QuantLayer.com. Tell us a kind of stuff that you want to be alerted on. We’re always adding new sources and a new points of alert.
Faizaan: And it’s funny because the genesis of this podcast was partially just us going through all of these alerts and all of these news, and just discussing it for quite a long time in the office and I think we realized like we should probably record some of these discussions. That I think was one of the motivations behind us starting this, not just see what Elon Musk is up to.
Vikram: Right. There has been a bunch of interesting crypto-related alerts of course come through pretty recently. Faizaan, I think you pointed out a few of these from today and basically the last day, right?
Faizaan: Yeah. These are ones that are all, I would say, from the last couple of days. Most of these, very recent. One, the title is, miner says it costs just $152 to mine one ETH and with ETH prices being around the $300 mark, that’s a pretty big deal. That basically means that prices could drop quite a bit and it would still be profitable for these guys to continue mining. The article goes into basically some of the economics of mining at different price points of electricity so I’ll just quote here from the article. “Brian Venturo, co-founder of a mining farm with 3,000 GPU rigs called Atlantic Crypto, stated this Monday that at just $0.12 kilowatt per hour it costs only $152 to mine one ETH. If you assume an average electric cost off 12c/kWh.. and with the purchasing power of ETH currently equaling 1.27 MWh would equal to a value of USD 152 per ETH.” In some places like North Dakota, Washington, Idaho, have 8 cent electricity so that brings your money cost down closer to the $100 mark, and I think it can go even lower.
What’s not included in this article was the sort of capital costs that’s already been baked in from buying all the hardware but it’s still interesting that all of these miners are saying that they have a lot of margin even with prices being significantly down from where they were around this time last year.
Vikram: Yeah. I think that will be interesting with respect to… because I’m still not totally clear on what miners are thinking around if ethereum does move to proof of stake, like what are they going to do with all their capacity? Are they going to go to a different coin? I don’t know. What are the profitability metrics look like for some other coins right now because if the prices is around 300 and the cost is around 150, that’s a pretty solid margin compared to many other coins out there.
Faizaan: Yeah. That’s an interesting thought because if some of these hardware is forced to other coins, then the question becomes, what coins are those going to be and what are the effects going to be on them having suddenly more powerful money networks, like what’s the implication of that?
Vikram: Right. Because if we see a bunch of… my guess, I’m just totally guessing. The way this will work is that the miners will shift their hash power towards a couple other coins and they’ll look for high market cap, maybe ethereum classic, maybe some other coins. They’re going to have to move to other proof of work coins that have a high market cap so maybe they’ll move in that direction. That’s just my guess.
Faizaan: Another thing that becomes interesting is in relative equilibrium when it’s profitable for miners to mine the largest coin for a given algorithm, like their resources are going to be driven there, but when suddenly most of the mining capacity for the algorithm can no longer mine that coin. We’re talking about them going to some of the most popular coins, but I also wonder if it’s suddenly…because the dynamics shifted so suddenly, if there’s actually a lot of opportunity for them to perform 51% attacks on much smaller coins, that wasn’t economical before.
Vikram: Right. That’s interesting too.
Faizaan: That’s on the other end of the spectrum. We’ll see. I think there will be a lot of interesting follow up from that.
Vikram: I also wonder what will happen like the moments before the switch from Proof of Work to Proof of Stake. I don’t know what the plan is really, and I don’t actually think there’s a plan for it yet. But say the minutes to hours before the switch, is the hash power going to remain constant? I guess we’ll see because they’re going to have to turn it off. It’s still a decent amount of electricity, right?
Faizaan: Right.
Vikram: So they’re going to mine up to a certain point and then just stop.
Faizaan: Yeah. Actually, that’s interesting.
Vikram: I guess one thing this does bring up is just this general discussion around energy usage and Proof of Work. This is particularly around bitcoin. I don’t see the discussion much around other coins.
Faizaan: Like a million transatlantic flights were like a thousand trips around the solar system on a rocket ship to mine one bitcoin, a lot of those sorts of articles. Obviously looking at the electrical impact of mining is meaningful, but most of the analogies that you see out there are pretty shit. The reason is that when you’re mining, the mining electricity expended to mine one bitcoin is not just to mine that bitcoin. It’s essentially to secure this network that’s processing these transactions and also to maintain the validity of all previous transactions and all holdings of the people in the network. It’s not just that marginal bitcoin. You compare that to traditional banking, to me that would be the same as all of the Brink’s trucks that are driving around, ATMs, tellers, all of the physical infrastructure that’s utilized to accomplish some of the same tasks.
Vikram: Jamie Dimon salary.
Faizaan: Yeah. Yeah.
Vikram: Did we talk about that before? Like we should put up an infographic. We should have like an infographic of like bitcoin mining cost versus all the bank CEO salaries just to see how they compare.
Faizaan: If you just take Brink’s trucks driving around and we won’t necessarily call that Brink’s. All armoured trucks driving around. I’m pretty sure there’s probably a pretty decent amount of gas being burned just for that.
Vikram: Right. But it’s not to say that it isn’t a concern. I understand the concern. It makes sense. One group of people that actually is pretty upset about GPUs being mined are actually gamers because a lot of the craze around GPU mining for example for ethereum, ZCash, and a bunch of other GPU mineable coins having driven the price up so hardcore gamers end up spending a lot more to play games that require higher GPU power so that affects them directly. I think if you go into gaming boards, you can see a lot of animosity towards crypto people.
Faizaan: Yeah. That’s fair.
Vikram: I think GameStop had something like limit or their asking people, are you going to actually be using this for gaming or are you going to use this for crypto mining?
Faizaan: I think a lot of places put caps on like you can only buy 2 GPUs or basically on bulk purchases as a way to fight back against people who are buying for mining.
Vikram: But it also brings up like an interesting philosophical question because a lot of people who bring up this waste of energy wasted argument. They’re presupposing it’s a waste because bitcoin is worthless, right? But energy is used for all kinds of things like entertainment. We just talked about GPU mining in gamers, right? And I’m not saying what gamers are doing are useless at all. It’s a form of entertainment. E-sports and stuff, it’s actually a form of economy now. It’s just interesting to see how that will play out in long term, but I can certainly see a state where like bitcoin gets big enough where it’s taking up enough energy, it might affect the energy usage of particular areas, maybe driving up cost for residents and whatnot.
Faizaan: We’re seen that in few isolated circumstances. I think at like municipal and regional level. The specific town where this happened escapes me but if I remember correctly, we can you know look this up and follow up on it, like there’s town somewhere that residents have relatively inexpensive electricity up to a certain cap and then it becomes more expensive. A few companies start mining there and so they’re hitting the cap very quickly and so essentially electricity becomes more expensive for everyone a lot sooner because the miners are running through the cap. You are seeing some things like that starting to occur.
Vikram: There are projects that are trying to find other ways of securing these networks and we should have some of the dev teams of these coins on because it is pretty interesting just to hear what they’re doing.
There’s projects like Burstcoin, ticker is B-U-R-S-T, there’s Chiacoin which is not out yet but they are trying to use this concept of proof of capacity which has to do hard drive space in order to secure the network. We’ll see where those projects go. It will be interesting.
Faizaan: Yeah.
Vikram: Another alert that came up, and I literally just went to go look it up right before we started recording, so how did I find this? I just went to the app and in the search bar I put in bug, and then I toggle the search, search for content instead of coin symbol, and viola! This was the second link of today. Decentraland, the ticker is MANA, M-A-N-A. It kind of reminds me of what second life was Second Life was. Were you messing around with that?
Faizaan: No.
Vikram: Okay. It was basically this virtual platform where you had an avatar and you would interact with other people and their own avatars.
Faizaan: Wait. Was this around 1999 / 2000 / 2001 era?
Vikram: No. It was like 2005 /2006. Around that.
Faizaan: Okay.
Vikram: It gained a lot of popularity for a little while. There were plots of land that you can buy and second life. I think some companies were even advertising on there and they’re going for pretty ridiculous sums of money. They had their own currency called Linden dollars. Linden Lab was the name of the company that made Second Life . This reminds me a little bit of that without the graphical interface. They’re trying to set up a virtual world and they’re auctioning off pieces of land. It gained a ton of popularity back in October / November / December back when crypto was taking off. It was Barry Silbert of digital currency group we’ve talked about before with respect to ethereum classic I think he has been a big investor in Decentraland. We just saw a bug coming and the title of the bug is Fix Land Estate bug and if you invest in the project, like I’m just putting my shoes. I don’t have any of this. I don’t own any Decentraland, but I put myself in the shoes of someone who does and I’m a bit concerned of this Fix Land Estate Bug.
What does that mean? If you actually go to the alert, we have a link to the commit. The commit message is basically like what was the last change between before and now with respect to a piece of source code. When commit messages are written, well you can kind of figure out what’s going on. We’ll just walk through this real quick together and we’ll just read through it. It says Fix Land Estate bug. There’s four bullets basically, (1) Fix Land Estate bug, (2) feature enhanced create estate test and add update land owned by estate metadata test. Not totally clear what that means, but okay. Then there’s refactor removed bad account. And then a chore, specify someone tries to steal land. Okay, that one sounded a little concerning, so I thought it was kind of interesting to look at.
Faizaan: Yeah. From reading through it, a lot of this update is adding test coverage. Generally, that’s a good way to figure out what changed because it’s harder sometimes just by looking at the code. The impression that I get was that essentially, it was possible for someone to steal land and also for the old owner of land to update that land as well, like those were the two possible, let’s call them attack factors. Essentially, they’re fixing the ability for that to happen and also potentially removing an account that was already corrupted or causing trouble.
Vikram: Right.
Faizaan: So that’s a pretty big deal.
Vikram: Just out of curiosity, I wonder what their deployment processes here because they put up this commit. This is all open source. You can just read this. Has this been deployed to their mainnet yet? Because I can imagine their scenarios where bug fixes have gone into GitHub that are not deployed live just yet.
Faizaan: Yeah. The answer is I don’t know. What’s going to be the protocol for something like this? Let’s say I’m an investor or I hold a lot of this coin. Who do I talk to to get this question answered on their end? I think we’re going to need to see a more formal process for interacting with this sort of information.
Vikram: Right. It’s sensitive too because you don’t necessarily want to have the whole world know that you found this, right? Say you are an investor and this is a very large bug, not that this one is but say it was, you don’t want to like put up a GitHub issue and say, “hey is this being deployed to mainnet yet” or you don’t want to tweet at them and say, “hey, has this been deployed to mainnet yet?” because any malicious actor would see that.
Faizaan: In this security world, there is a protocol for responsible disclosure. Essentially, a lot of these GitHubs being public, how do the two match together? Do you know what I mean?
Vikram: Right.
Faizaan: How do you fix? Because with the responsible disclosure, I think people may have heard of these bug bounties. I found an exploit in Facebook. I let them know about it. I give them a certain amount of time to fix it, and then I also let them know like in 90 days I’m going to publish this exploit. That gives them time to fix it before anyone is affected but also motivates them to fix it because it’s going to go public. That doesn’t necessarily work here if your code is open source.
Vikram: Right. Another interesting thing, if you actually go to the pull request, you can see the time… I mean this is common. There’s nothing like secret about this. It’s all open source. You can see this. So, you go to the pull request where the bug was merged in, you see what time it was opened. You see the time of the different comments. So this thing was opened 14 hours ago. The first set of comments looks like it was about either 13 or 8 hours ago. Looks like it was 13 hours ago. So there’s an hour difference there. Then there’s another set of comments 8 hours ago, right? That’s like a whole day.
Faizaan: Yeah.
Vikram: So, to your point about responsible disclosure and whatnot, it’s going to be important here.
Faizaan: Yeah. I think there’s a tendency to think like radical transparency is good where everything is out in public but you have the risk of assets being tempered with or stolen, I think that complicates the issue a little bit. That’s what we’re seeing.
Vikram: Yes. And there is this EOS vulnerability that you found too.
Faizaan: Yeah. I did the hard work of reading an article. I unfortunately didn’t find the vulnerability. I’ll sometimes pick a theme when I’m just going through and doing research. This time I was just looking for like, let’s see what’s going on in terms of vulnerabilities. EOS basically has one where you can create a transaction that you will use up all of a users RAM, so the way that that works and I’ll quote from the article, “a malicious user can install a code on their account which will allow them to insert rows in the name of another account sending them tokens, this lock-up RAM by inserting large amounts of garbage into rows when DeApps / users send them tokens. This is something that they were able to push a workaround so users must use a proxy which is an account with no RAM to make transactions, but basically this is something that needs an emergency update and they’re trying to figure that out.
Vikram: Interesting.
Faizaan: Yeah. And what’s neat is just when you see a vulnerability, you see EOS and if you search EOS vulnerability, you can see historically that it has been something that they have been struggling with.
Vikram: I’m just laughing because this is a quite controversial coin. It’s raised like block 1 is the parent company that raised $4 billion for EOS that it did a year-long ICO but its tokens were trading on exchanges before the ICO was complete. So it’s just a bunch of weird stuff going on with this one so anytime something else comes up, it’s just kind of funny.
Faizaan: Yeah. So that’s the issue there. Another one that I found was for Stratus and this one was GitHub so the word vulnerability actually showed up in the GitHub commit. Basically there’s a pull request and then the pull request references an issue and the issue is called nodes that are catching up are vulnerable.
Vikram: Hey Faizaan, before we dive into this, do you mind just explaining to the listeners who might not understand what the difference between like a pull request and what an issue is and how they’re related?
Faizaan: Sure. On GitHub, for a given codebase, you will have a repository and the way to contribute a code is essentially, let’s say I have this big chunk of code that represents my Quant coin wallet and I want to make a change to the wallet code because I just found that what I did created has a vulnerability. So I would create a branch and essentially have an alternate version of the code like the version that I want the code to be. Then what I do is I propose those changes. What a pull request is is essentially a way to look at what was there before, what I am proposing, and what are the differences between the two and it lets you easily scan. It’s the sort of like the before and after. It’s an easy way to like review it, make comments on it, have a conversation around the specific implementation.
An issue is just a way on the repository to have a discussion around, let’s say I discovered a vulnerability. I could just open an issue and say, “hey, I discovered a vulnerability.” We can have a conversation about it, what we see the fix might be, and then we can create a pull request that would resolve that. If that makes sense.
Vikram: Yeah. I guess the pull request part, this is a crude analogy but it’s kind of like track changes. You might have a document you’re sharing with a few people, you track some changes and then you can see what was different. Especially in the legal world, I think this is super important. You can see what changed and what’s current, also known as a diff. Even if you don’t code, just take a look at some of the stuff because it’s always pretty interesting.
Faizaan: So, yeah, coming back to the specific issue, nodes that are catching up are vulnerable. I will just quote the entire issue, “Nodes that are catching up with the longest chain are vulnerable to malicious peers that can, during the catch up, serve a fake longer chain.” and then proposed by @Aporgiena, that’s another user. “…to not sync from inbound connections during that phase.” So then there’s a discussion about what the solution is. Some say don’t pull from inbound connections and then I think they decide to allow whitelisted nodes as inbound connections. Basically it sounds like if you spin up a node and you need to catch up to the latest block, malicious peers can send you incorrect longest block which is a problem. The thing that actually came through on our alert was the pull request where there is the fix for that. That’s in the Stratus code now.
Vikram: Just to go back to the Time thing we talked about earlier, the initial vulnerability was brought up in January 31st and there was not much discussion and then the issue was closed and then it was reopened again on May 21st. Maybe that was by accident or just closed and then reopened the same day. I don’t know. People do that sometimes. It’s hard to tell. So, Jan 31. What’s this August 28? Okay. This was opened Jan 21. There were some discussion in May, and then nothing happened. Then someone commented 9 days ago, and then finally it was closed more recently. There’s going to be some vulnerabilities like if you’re a malicious actor like we talked about with the last one, you can definitely pay attention to these. If they don’t get closed out soon, that’s an area of risk for your network.
Faizaan: Yeah. Continuing on the topic of vulnerabilities. We’ve talked about a bunch that we found in GitHub where it’s something fundamental to the network or the node, but another factor that’s also a big problem is just falsified information by trusted sources. What I mean by that is like, a lot of people use a handful of the same sources to get their information be it coin market cap or Etherscan, and incorrect or if there were hackers that somehow managed to manipulate information on there that can definitely have some consequences on prices and that sort of thing.
So recently, some hackers were able to get into Etherscan and they just left we’ll call it a friendly message, 1337 you’ve been hacked. That’s in their pop up and they didn’t do anything else. But you can imagine if they were interested in doing some sort of price manipulation or something more insidious, that could be a problem. That creates a question of how do you vet your sources. Number one is like if you can run a node and get that information from a number of peers so you know that you are connected to the consensus, that’s the best thing. But there are certain types of information where that’s not the case and I guess it’s still a source of risk.
Vikram: Yeah. So I’m reading through the article summary. Although hackers might have pulled out the stunt just to draw Etherscan’s team attention, it remains to be seen how efficiently such hacks can be prevented in the future. There’s not a whole lot of information around this one.
There was this last alert that came through. It’s quite dramatic titled, bitcoin core developer could have wiped bitcoin cash from existence.
Faizaan: Oh wow. That’s a very extreme headline.
Vikram: I’ll read through this one real quick. This is from our article summary in the platform. “According to reports out last week, a lone bitcoin core developer found a huge vulnerability on the bitcoin cash network back in April 1 that could have been used to cause some serious damage to bitcoin cash.” Then it goes on and talks about like how there’s a lot of conflict and tension between bitcoin and bitcoin cash.
Faizaan: We were talking about responsible disclosure earlier and I think this is an example where that was handled well.
Vikram: Yep.
Faizaan: I think Cory Fields found the issue, who found the issue, let them know about it and gave them time to fix it before going public even though given the….
Vikram: The vitriol between the two.
Faizaan: Yeah. He could have easily not done so,
Vikram: Yeah. I’ll just quote what he says because it’s interesting. This is Cory speaking, “The bitcoin cash vulnerability that I discovered was successfully disclosed and mitigated and ultimately had no noticeable impact on the cryptocurrency. It will be a shame though if the ecosystem did not benefit from an analysis of such a substantial near miss. As cryptocurrency developers, it’s necessary to take a step back now and then to reevaluate the tools at our disposal as well as the policies and procedures that we put in place. We may not be able to eliminate the threat of bugs like these but we can learn from them and be better prepared to handle them in the future.” A pretty reasonable response.
One other thing I wanted to talk about outside of alerts but just generally speaking was how broadly crypto has really opened up people’s eyes to how markets work. I mean I come historically from finance and I think that there’s a lot of smoke and mirrors in traditional finance. People use all kinds of jargon and words. I think average investors don’t have the kind of insight that they should. I think crypto has really opened up people’s eyes in terms of how markets work, what bid-ask spreads mean, what exchanges are, and things like that. In traditional finance, I think we took a lot of these things for granted so you trade off of like Scottrade or Ameritrade or Etrade. You might not know the underpinnings of those things because they’ve been kind of around so long. But if you’re a crypto trader and you trade off of finance or Bittrex, not everyone but I think a lot of people do, know what the issues are there, like what it means for your wallet to be down and things like that. I think a lot of this has to do with how public this stuff is, so either through Twitter, YouTube, or Telegram, you can take a look into a pretty fledgling industry and see how it’s progressing in real time. I mean, bitcoin is 10 years old but these alts are pretty young compared to bitcoin so it is definitely a fledgling industry and it’s interesting to see how it just progresses.
For a lot of people, I think stocks might have been boring or unattainable but crypto has changed some of that. Yes, of course, it has generated a ton of moon boys we’ve talked about before, but it has also brought a lot of fundamental questions to the table like what money is, what inflation is, how inflation is a hidden tax on us, why are dollars going to be worth less in a decade or two from now, what scarcity is, and that sort of thing. So, no matter what happens to the space even if it all just completely explodes, I don’t think this stuff should get discounted.
One example I will give is, a lightbulb that goes off in everyone’s head when they start looking at crypto is when they realize what inflation does to your savings. You pay a tax to the government every year in April but you’re also at the whim of central banks and what they plan to do with interest rates. That’s what the hidden tax is. It’s not like a secret conspiracy by central banks of anything like that. It’s literally when they keep interest rates close to zero, guess what, your dollars that are sitting in the bank don’t earn anything over time and are worth a lot less in the future. I mean that’s a problem because that means you can’t buy as much as you expect you could or would later on.
I think that’s really interested. I think crypto has also brought a ton of fraud in market manipulation into the limelight. If you didn’t read the Wall Street Journal, you probably weren’t super dialed into traditional markets being manipulated the way they are. Even as recently as the credit crisis in 2008, I don’t think people knew very well what was going on and I don’t think it was understood broadly until, even a movie like The Big Short came out.
Faizaan: Yeah. That’s definitely true. I think most people’s understanding of a lot of Wall Street is probably closer to the movie or presentation than the reality.
Vikram: Right. So stuff like The Big Short, Wolf of Wall Street, exposing some manipulation but outside of that, like you just said, what do most people know about that kind of manipulation, not much
Another issue is traditional finance is that people interested on finance can often gloss over things by using language that is completely unnecessary so if you read The Economist or the Wall Street Journal, you’ll see tons of jargon and the problem with this jargon, it makes it inaccessible to a lot of people. Of course, in theory we should expect people, if they see a jargon, go find a dictionary and see what that means and then understand it, but people aren’t going to do that. I think what is better is if you just keep the jargon at a minimum and you can have more people involved in the discussion. I just think a lot of the jargons are just totally unnecessary. I will just give a quick example of this. A nominal versus real interest rates. I can already hear people’s eyes glazing over, but what are these? These are unnecessary terms for very simple ideas.
So a nominal interest rate is an interest rate that doesn’t include inflation. This is like an interest rate of 3% on a $100,000 loan, means that you pay $3,000 in interest without considering any inflation. A real interest rate is an interest rate that does include inflation. Before, we were talking about 3% interest rate on a $100,000. Now, if inflation was 1%, you’d have a 2% real interest rate. I mean all these stuff is really straight forward but once you use terms like nominal interest rate and real interest rate, it just starts mudding the conversation for onboarding new people to understand the space. It’s fundamentally not complicated.
In this instance, why not just call it interest rate without inflation and interest rate with inflation, I think that’s just a simple example and then once you get into weird derivatives, all the bets are off and underwriters of those things barely even understand what they are.
But in crypto, coming back to crypto, you ask people what’s going on and they start talking about bid-ask spreads, why Gemini is better than coinbase for certain trades, how arbitrage works across exchanges, and they talk about them in terms that are pretty easy to follow. On the market manipulation side, I think people understand it better too so it’s all really obvious invisible like pump and dump schemes, exchanges, wash trading, that’s when a single exchange in order to boost their volume matrix, they will just kind of trade with itself. ICO teams lying to the public. Large groups of people trying to corner the market. Things like that. People just get it because we can talk about all these stuff in plain english. There’s still a lot of weird stuff going on and it’s not perfect but I think it’s the right step in heading towards a place where we’re explaining things better.
Along those lines, I think one area that there’s a lot of work to do is improving discussions and explanations on the technical aspects of things. By that I mean not the 200-day moving average or the Ichimoku Cloud and things like that but technical as in software technical, so that’s an area I think will need help. It doesn’t help at all when you see lead devs of difference cryptocurrencies gloss over things with unintelligible jargon. The problem is that you see people who are not technical say something like, “I don’t know what you just said but I trust you.” right? In response, I don’t think that’s good. I think basic things should be explainable. There’s probably some complexity of course in implementation but I don’t think it needs to be insanely technical full of jargon. I don’t know. What do you think, Faizaan?
Faizaan: I agree with you in some points and I disagree with you in others. I think definitely unnecessary jargon serves no one. I think there’s context in which it is useful to be able to pack a concept into a word so that you can have a conversation at a higher level with a group of people that are like on the same page. I guess I would break this out into, like let’s say you’re dev for one of these coins and you’re explaining some proposal let’s say switch from Proof of Work to Proof of Stake, there’s the summary aspect like the motivation for why you’re doing it, the implementation, and the impacts. I think a lot more of the summary motivation and impact needs to be delivered in layman’s english. But conversations around implementation, I think the expectation is you are speaking to someone that is more of a peer in terms of understanding of all of the like minutiae that are hidden behind the jargon. Especially on technical topics, easier to have an effective conversation where you don’t lose detail if all of that is preserved. I think for me it’s like case-by-case basis. I think there’s a lot of value to jargon, and not like useless jargon but words that are loaded with a lot of underlying explanation in being able to have more like concise and effective conversation around technical topics.
Vikram: I think I agree with respect to what you’re saying. I think that the points that you made earlier about how the kind of like the benefits, the risks, the non-implementation parts of the explanation, that’s kind of what I’m going for with respect to like the non-technical crowd because we’re going to get into a space where like, these are really technical topics. There are some areas where we’re not going to be able to explain them to the non-technical crowd but the areas where we can, let’s try to do our best. I guess that’s where I’m coming from.
Faizaan: Yeah. Agreed. Also, a big piece in the crypto space is just like the medium where this is delivered. It don’t mean like medium the site. If you are having to construct over 70 tweets to expalin a topic, maybe that’s the wrong place.
Vikram: I wonder who you’re talking about, Faizaan.
Faizaan: With stuff like that, I think if you’re fleshing out an idea especially around technical implementation or something, and you’re trying to think about what are the implications of this, what are the impacts of this? Sure, throw it out in Twitter. People will chime in. You can have a conversation with a lot of like jargon or like assumed context, I would say is maybe a better jargon that has the implication or connotation of uselessness but I think words that have some assumed context might be better. I think one word where I can get that point across. What’s the jargon for that?
You know, you see this in Twitter with devs where they’ll be having a back and forth and a lot of it is very opaque if you don’t know the manouche of what they’re talking about already. I think that’s okay unnecessary. In a technical space, you need to be able to have those conversations at that level while you’re fleshing out an idea. But that shouldn’t be the end of it like if you have this large multi billion dollar coin or token of what have you. Behind any technical implementation, there’s some sort of a motivation and some understanding of the impacts of those technical choices. I think what you’re saying is those need to be communicated much more clearly to the lay people.
Vikram: Yeah. Just like because I went into the thesaurus and I just checked so there’s parlance, that’s a pretty good one. There’s also a patois.
Faizaan: I don’t know. But like trying to think of a good example of what I mean. Like with your nominal versus real interest rate example, it’s interesting because if you care about which interest rate someone is talking about, like if the number actually matters to you, it’s probably very important whether someone is talking about nominal or real. If you already have the level of context, then it’s probably easier to just use one word than to explain interest rate with inflation or interest rate without inflation.
Vikram: Right. The example that I had in mind with respect to nominal and real is you’ll see it in USA today, things that aren’t the Wall Street Journal that are supposed to be more geared towards the public. I’m not going to say nobody because there’s people who know what nominal and real means but there’s a lot of people who are just getting on board and into basic finance for the first time and they see it, and it’s just like, “Oh, I don’t know what this means,” and it’s just too bad because it’s actually a really easy concept.
Faizaan: Yeah, and I think that there’s some amount of you can overload some of that information. If what you have is coherent to someone that is a lay person and there are also some words that they don’t know that they can either infer or if they didn’t quite understand, they’d still get the meaning of the article. I think that’s not a bad scenario either because that’s essentially how you learn stuff. If you got the concept and then you picked up a few words along the way or you start seeing it in 4 or 5 places and like… If you only ever see stuff you already know, you’ll never learn anything. I think a little bit of overload is a good thing but there’s definitely a balance there.
Vikram: Yeah.
Faizaan: One good concrete example of something that does this very well is we do a lot of our frontend work in MRJS, it’s Javascript framework, and it’s a relatively an opinionated framework and that there’s a way to do most things. It’s not left up to you as much and whether it’s how you should implement something or how the framework itself is going to implement an upcoming feature is generally left up to the community to decide. Sure, you have Twitter conversations and stuff being fleshed out all over the place, but they have a really good RFC process. RFC stands for Request for something.
Vikram: Comment maybe.
Faizaan: Request for comments. Yeah. I actually think that they pulled their RFC process from RS but I’ll speak to the Ember one. Essentially let’s say that Ember that we want to switch from Proof of Work to Proof of Stake, that’s an example, so what would happen is someone would throw an open RFC that would look similar to… it would be this GitHub issues that we had discussed earlier, they might create an issue that outlines the problem, outlines the solution, and maybe at a high level outlines the implementation and is now soliciting feedback. If it’s something critical, you may have tons and tons of conversation that happens underneath it addressing all three of those categories and it can get as technical and detailed as necessary but then essentially there’s a feedback loop where as things get fleshed out, it feeds back into that original summary and that should essentially be understandable at any level, that someone that doesn’t understand all of the technical implementation can still go and see how it might impact them. I think something like the RFC process is probably something that a lot of these teams should be looking at adopting.
Vikram: Yeah. Is that similar to like bits in EIP like the bitcoin improvement protocol, ethereum improvement protocol, it’s pretty similar, right? Like you put up your thoughts and then you start getting feedback.
Faizaan: Yeah. Exactly.
Vikram: Yeah. So Amber of course and then bitcoin, ethereum, maybe Zcash has some kind of something similar, but certainly not all the teams have it. I think that’s a good place for non-technical people to just go and read about what’s going on as well.
Faizaan: Yeah.
Vikram: I don’t know. After we’ve looked at a lot of these bugs and vulnerabilities, we’re talking about this before but, you say some of these projects feel like they’re 10+ years away. What do you mean by that?
Faizaan: You know, the last couple of weeks, a lot of what I had been looking into was like stuff related to bugs, vulnerabilities, and you know essentially things that are not fraud but structural issues at the implementation level. For a lot of these projects, when you start seeing how frequent relatively major vulnerabilities still are, sometimes I feel like there’s still a long way to go. Looking back, the closest sort of parallel that I have for tech industry in terms of web stuff, if you look back like 1999, 2000, 2001, all those huge surge of startups that ultimately failed, there were a couple of things. One, like fundamentally the use of a much, much, much smaller addressable market like people that had internet and then especially not having mobile or anything like that. Much smaller addressable market, from a cost perspective like trying to build anything was orders of magnitudes higher for the same amount of functionality, as like something today where we just talked about spinning up a [inaudible 0:49:40] . And then third, just in terms of capabilities, your orders of magnitudes like internet connections were slower, computers were slower, graphics were less capable. Just orders of magnitude, less capability at a fundamental level. I think a lot of those things combined meant that a lot of projects that seemed like a good idea in 2005 won’t maybe in 2010 or 2015. So you see what might be parallel to that in the cryptocurrency space like the scale thing definitely it’s still relatively niche especially compared to something like the web. You look at the same idea with technical maturity like all these scaling problems we’re seeing is that similar like do we need way more capacity on some of these on the main networks for this to be viable? The thing that doesn’t seem the same is, because a lot of what we’re doing is creating decentralized trust and scarcity and virtual assets, having these bugs and vulnerabilities not sorted out at a fundamental level across a lot of these networks seems like a more alarming problem. I think there’s a lot of parallels in this accessory issues I discussed but when it comes to this fourth item, I don’t know where we are in terms of like, “Oh, most of these projects are just six months to a year live” and it will soar through all these critical things or are there like fundamental issues for most of these that have to be worked out before any real capital or activity will start occuring on these networks.
Vikram: Right. I mean, I’ve heard descriptions of some of these networks as basically whatever their market cap is and called that a bug bounty, they’ll always face the threat of an attack, right? Because a lot of the code is open source, and because the networks themselves are pretty open, there will always be room for people to analyse them from an attack perspective. That’s a different kind of risk as you’re pointing out.
Faizaan: Yeah. That’s a completely uncharted territory and I think it remains to be seen how far away we are from like viability of the scale that we consider like you know, this is a successful global network.
Show Notes:
Topics
- Major issue they have with the crypto market
- ZEC Sapling news
- Lightning Network update
- Cheap ETH mining
- MANA land estate bug
- New EOS vulnerability allows to steal RAM resources directly from users
- Stratis node vulnerabilty
- Etherscan security vulnerability exposed by hackers
- Bitcoin core developer could have wiped bitcoin cash from existence
- How crypto has opened up people’s eyes to how markets work
Links:
- Screenshot of ZEC Sapling and Lightning Network — https://twitter.com/QuantLayer/status/1034552289099431936
- ZEC Sapling news — https://i.imgur.com/E68RZKS.png
- Lightning Network updates — https://i.imgur.com/sgVtJ3E.png
- Miner Says It Costs Just $152 to Mine One ETH — https://app-alpha.quantlayer.com/dashboard/alert/56037469-5e3d-47a7-9c89-ea53ed3c7436
- MANA Land Estate Bug — https://app-alpha.quantlayer.com/dashboard/alert/4902172b-0459-4f2b-ad17-d1e42727b89c?search=bug&searchType=default
- EOS Vulnerability Allows to Steal RAM Resources Directly From Users — https://app-alpha.quantlayer.com/dashboard/alert/8e9f4a86-5d9d-4212-9001-043c32709c55
- Stratis Node Vulnerability — https://app-alpha.quantlayer.com/dashboard/alert/59f1f909-3f26-486d-9cfa-a722109c1b6f
- Etherscan Security Vulnerability exposed by hackers — https://app-alpha.quantlayer.com/dashboard/alert/27a06479-b37b-439c-9f22-b06b459fc387
- Bitcoin Core Developer Could Have Wiped Bitcoin Cash From Existence — https://app-alpha.quantlayer.com/dashboard/alert/cf36d184-2833-42ae-aec0-60f4fee37493
Hey everyone, this is Vikram again. Thanks for listening to us. If you’re
an exchange, a trader or working on a crypto project get in touch with us.
You can reach us on twitter at https://twitter.com/quantlayer or email us
at podcast@quantlayer.com.
