The damage is done. The contract is not immutable.
Squirting UDP packets until you see your tx pop up in a block turned out to be a risky design choice.
Hopefully, Solana can add p2p tx propagation like a normal public blockchain. I just wish they wouldn’t throttle by stake as that makes Solana more of a private hyperledger than an Ethereum replacement.
But we knew it explicitly wasn't even intended to be immutable: Solend had "governance", which has the explicit goal of allowing for decentralized decisions to upgrade the contract and change the rules of engagement. This is very much unlike when ecosystems like Ethereum or Solana decide to modify contracts that were intended to be immutable because the entire ecosystem kind of shifts with the decisions of the developers without really questioning it; this was an explicit vote taken by the people who own the governance token for Solend, a vote you yourself could have participated in... which is the real problem, as far as I'm concerned: there was a 1% quorum requirement on that vote, which they barely made, mostly due to one larger participant! This is a democracy -- which, to be clear, is very much "decentralized" -- but designed in a way where not only does it have the classic issue of how they "can only exist until the majority discovers it can vote itself largess out of the public treasury" but additionally has the problem that our real-world governments often do (and at least the one I am a part of here in the United States is well known for): that so few people vote that in practice decisions are made by minorities.
> Solend had "governance", which has the explicit goal of allowing for decentralized decisions to upgrade the contract and change the rules of engagement.
I’m not sure if this was true before 24 hours ago? If you click back on the link of this post you get to the DAO page: https://realms.today/dao/SLND
I’m not sure exactly when the Solend DAO was formed, but it doesn’t seem true that past users were involving themselves with a Solend that had governance. That seems to be an innovation specifically to solve this problem.
>I’m not sure exactly when the Solend DAO was formed, but it doesn’t seem true that past users were involving themselves with a Solend that had governance. That seems to be an innovation specifically to solve this problem.
A quick search for "site:solend.fi governance" kinda disproves this. There aren't any explict pages on how governance works, but there are pages[1][2] (last modified 2 months ago) that havementions to governance tokens.
> For now, there isn't a timelock program, but transitioning to governance in the future will cause upgrades to go through a governance vote as well.
So not really suggesting any currently functional governance, which makes sense given they never did a vote before. That said the important thing here is probably that they document an upgrade authority, and that they control its keys.
The second link mentions governance only in the context of types of attacks that are in scope for a bug bounty, which doesn’t really tell users anything about governance. I wouldn’t be surprised if they copied this from somewhere TBH, it doesn’t seem very tailored.
I think if QUIC (node to node handshake) was in place, Solend would have no excuse to do this vote as there would be very little risk of the network going down.
The DAO hack of 2016 and the decision to go back a few blocks and revert the hack by a few at the top already taught us about the nonsense of 'cOdE iS lAw' years ago and that decentralization being a total lie.
The move to proof-of-stake will only show that it will get worse.
> The DAO hack of 2016 and the decision to go back a few blocks and revert the hack by a few at the top already taught us about the nonsense of 'cOdE iS lAw' years ago and that decentralization being a total lie.
There's been zero rollback to block the attacker's seized ETH in the DAO hack. There was a "cooldown" period during which the attacker couldn't withdraw the fund and during that cooldown period Ethereum's code was modified and everybody had the choice to either run the old code or the new code on its node. People mostly decided to adopt the code preventing the attacker from accessing the stolen ETH while some decided to continue with the original code. So the chain forked into two blockchains: Ethereum and the one that was named "Ethereum Classic" (ETC).
Arguably after the fork ETC was the "original" blockchain (but with its token way less valued) but since then AFAICT the real development has been happening on Ethereum, not Ethereum Classic and so nobody is arguing anymore that Ethereum Classic is the "real Ethereum".
> The move to proof-of-stake will only show that it will get worse.
Why would that be? Instead of rich miners it's now rich HODLers mining blocks but mining is ultra centralized through a few big pools: I don't see how PoS, if it works, would make anything worse than it currently is?
> The damage is done. The contract is not immutable.
It never was immutable, and generally, that's fine - contract upgrades by DAO vote are pretty normal and hard to avoid for complex projects. On Ethereum, you need a proxy contract to implement it, on Solana, there's a native loader that can set an upgrade authority and which works similarly. Either way, working as advertised.
What appears to be utterly broken is Solend's DAO governance process, which apparently allows a single whale account to approve changes. There is nothing decentralized about that!
> Squirting UDP packets until you see your tx pop up in a block turned out to be a risky design choice.
Yes, but how is that related to Solend's (!= Solana) governance?
(Solana is fixing this by moving the transaction ingress stage to QUIC with proper flow control - it won't be throttling by stake, but have guaranteed minimum allocations for staked nodes)
The blockchain itself remained append only. No authority went in and rewrote history. A contract running on top of the blockchain was updated in accordance with its own predefined governance rules. This is an advertised feature of the blockchain. Those governance rules the contract chose were arguably too loose.
One of the justifications for the original proposal was that liquidators might take solana down by spamming TX. The solana transaction model relies if users to blast udp packet more/less, and so a spammer will just blast packets at line rate to validators since there’s no cost to do so.
Imo this event is comparable upside to many of the previously spammed events (idos, nft mints) so if solana still can’t handle this liquidation that’s really unfortunate.
What’s shocking about he vote is there are many in between a - they could have voted to give an otc desk special permissions to liquidate first for example (and maybe that’s what they meant)? It doesn’t liquidate the whale early and it doesn’t give their team ability to take over an account, and it solves the solana spam problem.
I think it's actually a good sign that they're running a governance vote in-response to backlash. The first proposal was seemingly executed with very very little time, and only 1% of the governance token was actually required [1][0]. This proposal is a great gesture, but seriously: as if voting to takeover funds wasn't a decisive enough thing, doing so with less than 24 hours of notice and only requiring 1% of the governance body to vote does not inspire any confidence that this is a democratically led effort. I know there are a lot of skeptics and a lot of believers in cryptocurrency. But this isn't even the currency part. This is just organization rules, logistics, and management. Maybe they should have a proposal or two about basic governance minimums and standards? Why are these the only two votes they've ever had?
This is why most legislative bodies have rules for how votes are conducted, how votes are counted, etc. Solend doesn't have any of this infrastructure, and literally their first vote was a major "we need emergency powers" vote. I understand that they consider this an existential risk to their platform, but having a second vote, to undo the first vote and implement countermeasures for the existential risk does, in my eyes, reduce the my belief that the threat is/was existential in the first place.
As a former Chief Risk Officer, that is exactly why policies and standard operating procedures exist and need to be written out and Board-approved BEFORE you launch.
I agree with this synopsis. This isn't a cryptocurrency problem or even a Solana problem, this is an issue with governance types (of which there are many)
Somebody had a very large amount of Solena. They took out some sort of loan (getting other cryptocurrencies) using their Solena as collateral. This would have been for less than the face value of the Solena. It was quite obvious that they then planned to default on this loan and they were using it to exit their position. This would mean that whoever lent the other cryptocurrencies would take control of that Solena and try and sell it. There was very low liquidity, soo much that if they tried to sell it, it would crash the price (which is based on recent-ish sales and isn't really accurate as a result) - hardly anybody was buying Solena, so the price as is didn't reflect what would happen if a large amount went up for sale.
Solend realised this, and took a vote on seizing this amount (effectively removing the tokens from the owner's ownership and preventing them from exiting their position) requiring only 1% of token holders to approve. The vote passed. Now they've backtracked.
> Solend realised this, and took a vote on seizing this amount (effectively removing the tokens from the owner's ownership and preventing them from exiting their position) requiring only 1% of token holders to approve. The vote passed.
Wouldn't it be in Solana's interest to continue being used as collateral? Why would anybody continue accepting Solana-based collaterals if funds can be seized at will?
Solana’s only involvement is being the blockchain. They can’t do much about it other than pressure the team to make decisions one way or the other, or try and convince validators to rollback and fork the network like with the eth hard fork
> Why would anybody continue accepting Solana-based collaterals if funds can be seized at will?
The creditors might get back less money than they lent to the whale if the whale defaults and the creditors have to sell Solana. So doing nothing is not great for them, either.
> Solend realised this, and took a vote on seizing this amount (effectively removing the tokens from the owner's ownership and preventing them from exiting their position) requiring only 1% of token holders to approve. The vote passed.
>So - the guy with the $170m position… his wallet has been recently active so it isn’t a case of lost keys… he’s running a short on Solana?
My understanding is he "owes" interest on loans he's received using Solana as collateral, so the account is at risk of being liquidated. Of course, no one wants that when many people are already underwater at current prices.
What's funny is literally one day after voting to take over this account, prices are rising and now they "have time" to find a better solution? Brilliant governance, all around.
He is getting bailed out by people who has interest in keeping SOL up.
There are a few individuals and firms invested in solana ecosystem bailing out companies in the background right now which is increasing the price for liquidation.
Even if he got liquidated, then he could just buy sol at cheap due to contagion from his relatively stable loan in stablecoins and many investors will still need to bail out to recoupe their sol investment. He also could have short positions.
It's the most optimal move for someone with that big stake.
Either I don’t see how this is or was a problem, or I don’t get it in full detail (not a crypto guy, I only follow the news). A crypto subproject - that explicitly states what can be done with its contracts carte blanche style on minimal consensus - does it. So what? It’s on a high risk side by design, and unless they tried to hide this fact, it’s okay. Read the damn contract as you usually do, then proceed with your high risk based business. It is not even a “crypto” issue, and no, not every piece of “crypto” has to be fooish, barish and bazzing just like not every piece of open source has to be GPLv3. This is an excellent example that people may vote on a blockchain to have liquid agreements rather than having “code is right even if everyone’s screwed” attitude. The situation may be bad or surprising for someone, but the system worked as planned.
I’m not sure whether this is true, because the governance vote to control the whale account seems to have been their first ever governance vote with a brand new DAO set up seemingly to take that vote.
It is true that their contract will have had some upgrade authority, so people would know that the contract could be changed. But I’m not sure people could previously have been expected to predict that they might create a DAO and have governance votes with a few hours notice.
One thing I'm fascinated by is understanding the voting system. So as far as I can see the proposal needed to pass a 1% threshold to have quorum. There is a single person with that many votes, in fact there's reason to believe there are probably quite a few people that have that many votes. So they can reach quorum on their own if they want to push something through unilaterally.
Then you go and look at the history, and it's totally opaque who actually has the governance tokens- Apparently it was split 60% for community, 15% for investors, 25% for the engineering team. But you look at Realm (I have no idea how Realm works) and it seems there's only ever been two votes - steal the coins, unsteal the coins (https://realms.today/dao/SLND).
Oh, and it seems totally unclear who the whale is that managed to carry this vote. It seems likely that it's one of the SLND team, since we know they have as many as 25% of the governance tokens and they're the ones who initiated the vote. But why then, did they only vote with 1% not 15%? Well doesn't it seem likely they voted with the exact minimum number of votes they needed to pass the threshold for it to be effective?
Honestly, I just find this wild, it's basically a DAO where 1 user controls the whole thing. If you put a penny in SLND you're basically saying "I totally trust the guys running this, because they can just unilaterally take everything at a moment's notice". It seems perfectly designed for a rug pull.
I think the quorum is set so low because there is a suspicion that a large number of people will buy into these schemes and lose the keys somewhere. They certainly won't be looking at day to day operations of it.
If that were to happen, and the quorum were higher, then no changes could be made.
But that's just an admission that the whole thing is going to be ran by a small unaccountable group that gets to decide everything. Direct Democratic governance can't function without high voter turn-out. If the system is set up assuming low voter turnout, it means the notion of there being democratic governance is a sham to begin with.
A system where the people who don't want to be involved in the day-to-day operations elect representatives to protect their interests would be a more appropriate fit here.
Perhaps think of it more like voting in a public company, where the small shareholders votes basically doesn't matter.
Of course, the large shareholders are all people who created the company, early employees, and early investors in the first place.
So yeah, there's the illusion that votes from all shareholders matter, but if a company required even 30% of shareholders to vote to make changes, nothing will ever get done unless a few holders comprise that 30%
What matters isn't percent of shareholders it's percent of shares voted. I'd find it very unusual if a company only required 1% of shares to be voted to reach quorum.
With DAOs governance tokens are basically shares, so why does 1% make sense there?
Companies work fine asking for more than 30% of shares getting counted. You said shareholders. Which is unimportant and not a thing for companies. The point stands then these sorts of DAOs are beyond silly
If you ever been in a DAO, you would know vast majority of people including whales don't bother to vote at all even if you personally spam them to vote on matters that impact them.
Which is how many DAOs don't require many votes to pass as the limit gets lower until they are able to reach a conclusion at all.
It gets even more wild when you reakize that most governance isnt actually protected by on-chain verification. Most projects are just running referendums with a small multi-sig that claims they will respect the DAO ruling.
No what I’m saying is that there’s some whale using the service and he looks likely to get liquidated, so the guys running the service have unilaterally stepped in and changed the rules to prevent that whale from doing what they’re doing. So it turns out that the guys running the service had veto power all along, which begs the question what the DAO is even doing other than providing a veil of legitimacy.
Also interestingly, in both votes for and against, the deciding 1.01% came from the same account: 6HFxH...sf6g4
I admit, that I'm very ignorant how all this stuff works, but the voting seems a tad farcical. Is it just to see if some other DAO whale is for/against it? Because normal users weight is pretty much negligible.
FTX is consolidating in the crypto-space. I think they are going to come out of this downturn incredibly strong. They appear to be able to backstop just about anything they want. They are remaking this space.
Shouldn’t a lending pool have safeguards against a single borrower taking out too much? Maybe lending pools will need to start adding such safeguards now.
>>my gut says come tomorrow more or less every single #DeFi platform of any size will find out it has been "overcollateralized" with shitcoins and completely drained of fiat backed #stablecoins like $USDC.
Just to ask the most naive question possible... is this $170M of real money? Like someone put an amount thousands of times bigger than the average person's total savings into this, when they could have put it elsewhere?
82 comments
[ 0.20 ms ] story [ 136 ms ] threadEdit: Thanks! This submission was incomprehensible on its own.
Squirting UDP packets until you see your tx pop up in a block turned out to be a risky design choice.
Hopefully, Solana can add p2p tx propagation like a normal public blockchain. I just wish they wouldn’t throttle by stake as that makes Solana more of a private hyperledger than an Ethereum replacement.
I’m not sure if this was true before 24 hours ago? If you click back on the link of this post you get to the DAO page: https://realms.today/dao/SLND
It seems that the vote to take control of the whale account was the first ever vote of this DAO. The Solend twitter account also refers to it as the first governance vote: https://twitter.com/solendprotocol/status/153844135044142284...
I’m not sure exactly when the Solend DAO was formed, but it doesn’t seem true that past users were involving themselves with a Solend that had governance. That seems to be an innovation specifically to solve this problem.
A quick search for "site:solend.fi governance" kinda disproves this. There aren't any explict pages on how governance works, but there are pages[1][2] (last modified 2 months ago) that havementions to governance tokens.
[1] https://docs.solend.fi/Architecture/access-controls
[2] https://docs.solend.fi/protocol/bug-bounty
> For now, there isn't a timelock program, but transitioning to governance in the future will cause upgrades to go through a governance vote as well.
So not really suggesting any currently functional governance, which makes sense given they never did a vote before. That said the important thing here is probably that they document an upgrade authority, and that they control its keys.
The second link mentions governance only in the context of types of attacks that are in scope for a bug bounty, which doesn’t really tell users anything about governance. I wouldn’t be surprised if they copied this from somewhere TBH, it doesn’t seem very tailored.
I think if QUIC (node to node handshake) was in place, Solend would have no excuse to do this vote as there would be very little risk of the network going down.
The move to proof-of-stake will only show that it will get worse.
Doesn’t affect your point tho.
There's been zero rollback to block the attacker's seized ETH in the DAO hack. There was a "cooldown" period during which the attacker couldn't withdraw the fund and during that cooldown period Ethereum's code was modified and everybody had the choice to either run the old code or the new code on its node. People mostly decided to adopt the code preventing the attacker from accessing the stolen ETH while some decided to continue with the original code. So the chain forked into two blockchains: Ethereum and the one that was named "Ethereum Classic" (ETC).
Arguably after the fork ETC was the "original" blockchain (but with its token way less valued) but since then AFAICT the real development has been happening on Ethereum, not Ethereum Classic and so nobody is arguing anymore that Ethereum Classic is the "real Ethereum".
> The move to proof-of-stake will only show that it will get worse.
Why would that be? Instead of rich miners it's now rich HODLers mining blocks but mining is ultra centralized through a few big pools: I don't see how PoS, if it works, would make anything worse than it currently is?
why? seems like an unrelated statement to your first line.
It never was immutable, and generally, that's fine - contract upgrades by DAO vote are pretty normal and hard to avoid for complex projects. On Ethereum, you need a proxy contract to implement it, on Solana, there's a native loader that can set an upgrade authority and which works similarly. Either way, working as advertised.
What appears to be utterly broken is Solend's DAO governance process, which apparently allows a single whale account to approve changes. There is nothing decentralized about that!
> Squirting UDP packets until you see your tx pop up in a block turned out to be a risky design choice.
Yes, but how is that related to Solend's (!= Solana) governance?
(Solana is fixing this by moving the transaction ingress stage to QUIC with proper flow control - it won't be throttling by stake, but have guaranteed minimum allocations for staked nodes)
Are you saying that “working as advertised” means that a crypto blockchain is adjustable by a centralized authority?
Solend is an individual application running on Solana.
It's changeable by anyone/group that has 1% of the votes. Calling that "centralized" seems like a reach.
Imo this event is comparable upside to many of the previously spammed events (idos, nft mints) so if solana still can’t handle this liquidation that’s really unfortunate.
What’s shocking about he vote is there are many in between a - they could have voted to give an otc desk special permissions to liquidate first for example (and maybe that’s what they meant)? It doesn’t liquidate the whale early and it doesn’t give their team ability to take over an account, and it solves the solana spam problem.
"We might break Solana" sounds like a bad excuse, plenty of options to mitigate that. Might not even be a concern anymore.
This is why most legislative bodies have rules for how votes are conducted, how votes are counted, etc. Solend doesn't have any of this infrastructure, and literally their first vote was a major "we need emergency powers" vote. I understand that they consider this an existential risk to their platform, but having a second vote, to undo the first vote and implement countermeasures for the existential risk does, in my eyes, reduce the my belief that the threat is/was existential in the first place.
[0]: https://realms.today/dao/SLND/proposal/HuaL6cDtuNtfnJgvwMnYi...
[1]: https://realms.today/dao/SLND/proposal/HuaL6cDtuNtfnJgvwMnYi...
Solend realised this, and took a vote on seizing this amount (effectively removing the tokens from the owner's ownership and preventing them from exiting their position) requiring only 1% of token holders to approve. The vote passed. Now they've backtracked.
Wouldn't it be in Solana's interest to continue being used as collateral? Why would anybody continue accepting Solana-based collaterals if funds can be seized at will?
The creditors might get back less money than they lent to the whale if the whale defaults and the creditors have to sell Solana. So doing nothing is not great for them, either.
> Solend realised this, and took a vote on seizing this amount (effectively removing the tokens from the owner's ownership and preventing them from exiting their position) requiring only 1% of token holders to approve. The vote passed.
* big fucking asterisk
My understanding is he "owes" interest on loans he's received using Solana as collateral, so the account is at risk of being liquidated. Of course, no one wants that when many people are already underwater at current prices.
What's funny is literally one day after voting to take over this account, prices are rising and now they "have time" to find a better solution? Brilliant governance, all around.
There are a few individuals and firms invested in solana ecosystem bailing out companies in the background right now which is increasing the price for liquidation.
Even if he got liquidated, then he could just buy sol at cheap due to contagion from his relatively stable loan in stablecoins and many investors will still need to bail out to recoupe their sol investment. He also could have short positions.
It's the most optimal move for someone with that big stake.
Hilarious.
It is true that their contract will have had some upgrade authority, so people would know that the contract could be changed. But I’m not sure people could previously have been expected to predict that they might create a DAO and have governance votes with a few hours notice.
please take a look at the first proposal [0].
[0]: https://realms.today/dao/SLND/proposal/HuaL6cDtuNtfnJgvwMnYi...
Then you go and look at the history, and it's totally opaque who actually has the governance tokens- Apparently it was split 60% for community, 15% for investors, 25% for the engineering team. But you look at Realm (I have no idea how Realm works) and it seems there's only ever been two votes - steal the coins, unsteal the coins (https://realms.today/dao/SLND).
Oh, and it seems totally unclear who the whale is that managed to carry this vote. It seems likely that it's one of the SLND team, since we know they have as many as 25% of the governance tokens and they're the ones who initiated the vote. But why then, did they only vote with 1% not 15%? Well doesn't it seem likely they voted with the exact minimum number of votes they needed to pass the threshold for it to be effective?
Honestly, I just find this wild, it's basically a DAO where 1 user controls the whole thing. If you put a penny in SLND you're basically saying "I totally trust the guys running this, because they can just unilaterally take everything at a moment's notice". It seems perfectly designed for a rug pull.
If that were to happen, and the quorum were higher, then no changes could be made.
A system where the people who don't want to be involved in the day-to-day operations elect representatives to protect their interests would be a more appropriate fit here.
Of course, the large shareholders are all people who created the company, early employees, and early investors in the first place.
So yeah, there's the illusion that votes from all shareholders matter, but if a company required even 30% of shareholders to vote to make changes, nothing will ever get done unless a few holders comprise that 30%
With DAOs governance tokens are basically shares, so why does 1% make sense there?
Which is how many DAOs don't require many votes to pass as the limit gets lower until they are able to reach a conclusion at all.
I admit, that I'm very ignorant how all this stuff works, but the voting seems a tad farcical. Is it just to see if some other DAO whale is for/against it? Because normal users weight is pretty much negligible.
Recent tweet about this:
https://twitter.com/cryptadamist/status/1538725895158091781
Sounds like his gut turned out to be wrong.
Really?
> The price of SOL has been steadily increasing...
In other words, we changed our mind because the circumstances have shifted, and it's a chance for us to look virtuous/remorseful.