Five years ago today, we started a fateful chapter in the history of cryptocurrencies. A hacker began a $55M heist from The DAO, and the ecosystem forever changed.
With so many new people in crypto since 2016, let’s dive back into the episode and what we learned.
A DAO, or Decentralized Autonomous Organization, is a way of coordinating ownership, decisions, and capital with coded governance, rather than a central authority. These organizations have enormous potential for changing how internet-native businesses function.
The DAO, an implementation of the concept, was engineered to support a decentralized venture capital fund. Users bought DAO governance tokens with $ETH, and would use the tokens to vote on potential investments with the pooled funds.
It raised over $150M – 16% of the total supply of $ETH then – in its 28-day funding window, as everyone aped into the DAO before apeing was really a thing.
Crypto was much, much smaller in those days, and it set records for crowdfunding.
By any measure, The DAO was proving to be a success:
Big raise? ✅
Validating the power of decentralization? ✅
Token listed on major exchanges? ✅
And then, the bug happened.
The smart contracts controlling The DAO’s wallet had multiple vulnerabilities. I co-authored a paper called “A Call for a Moratorium on The DAO,” to warn the community that these serious issues would interfere with manifesting of the token owners’ will.
Specifically, The DAO tokens controlled an investment vehicle, and it is crucial for the investments to be performed in line with the wishes of the token holders. We identified 9 distinct problems that would lead to outcomes that contradict the token holders’ opinions.
In addition, The DAO also suffered from a reentrancy problem, which allowed an attacker to make multiple withdrawals when only one should be allowed.
.@phildaian and I had come across this issue, but we had incorrectly dismissed it as being exercisable. The attacker exercised that very issue, and also used one of the nine vulnerabilities we had identified to pursue people who tried to retrieve their money from the parent DAO.
The DAO hack led to a lot of discussion around whether code is law, and under what conditions a mistake on a blockchain can be undone. After all, every chain has had episodes where unwanted events took place. Do you undo, or do you live with the consequences?
The vast majority of the Ethereum community decided to undo the DAO hack and return the funds to the original depositors. A minority disagreed and the network was forked into Ethereum and Ethereum Classic.
Along the way, there was an interesting discovery. A high school student pointed out that the proposed “soft fork” fix to The DAO was flawed, and in fact, censorship on the EVM is harder than censorship on coins that only implement asset transfers.
The soft fork had been reviewed and vetted by every technical person we knew, so this blog post by a high-schooler caught everyone by surprise. Our blog post led to a $100m drop in the market cap of ETH, which was $1B at the time.
To their credit, the Ethereum foundation thanked us for preserving $900m of value with a helpful blog post. Indeed, we averted a fix that would have become another attack vector. And I’m proud to say that the high-schooler is now a Cornell alumnus.
While there was reputational fallout for both Ethereum and smart contracts for everyone to clean up, what doesn’t kill you makes you stronger. Everyone learned the power of community, the need for thorough security audits, and challenges of coordinating updates in times of panic.
Those lessons have been passed along to every new generation of crypto users, and we cannot forget them as we begin to welcome the masses.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
So, the $AVAX community is growing quickly, and there are lots of exciting airdrops. Let’s talk a little bit about airdrop etiquette.
Last week, the @Baguette_avax team began airdropping its native token, $BAG, to validators and delegators securing the Avalanche network. They gave around $750 to each validator and delegator, and it cost only $800 to be eligible.
Someone put in a market sell order for 500,000 $AVAX this morning, $16mm worth, all at once. The open question is, was this a "bear raid," where someone opens a leveraged short position and then dumps to profit, or was it a "fat finger"?
Having spent 10 minutes looking around, the math behind a bear raid doesnt' actually work out. Running a trade of shorting on futures and dumping on spot would not have been profitable given $AVAX's liquidity on spot and futures.
So, the evidence points to a "fat finger," where someone put in an extra zero by mistake.
Two weeks ago, @PangolinDEX became the first Avalanche project to surpass $1B in trading volume. Let’s talk about Pangolin, AMMs, community-driven projects and their pros and cons.
Overall, Pangolin is unique because it offers:
- Fully decentralized, non-custodial trades
- Super cheap fees
- Real-time execution, near-instant finality
- No miners front-running orders
- A 100% community-driven project
FEI dropped down to $0.136. In the process, it should have taught everyone a few lessons about stablecoin design and, perhaps, crypto investing.
A thread.
FEI/TRIBE was a two-coin algorithmic stablecoin, with a twist. The twist was flawed from the start and it should have been possible to predict that this idea would not work.
In a typical two-coin algorithmic stablecoin, you have one coin, $FEI, trying to maintain the peg, while the other one is used absorb the volatility. We wrote about this structure in our stablecoin taxonomy paper.
Avalanche surpassed one million total transactions on its smart contract chain, with the vast majority in just the last 7 weeks.
In honor of this milestone, here some thoughts on why I’m bullish on Avalanche and how it is becoming the most advanced public-goods layer-1.
First and foremost, for all its flaws and quirks, the Ethereum Virtual Machine is the dominant engine in DeFi. If a project does not natively support the EVM, I do not see it as being a strong competitor in the layer-1 space.
From the moment Avalanche’s mainnet launched, the platform has supported the entirety of Ethereum’s smart contracting and tooling. No phases, years-away upgrades, or additional layers and complexity. Just feature completeness for what the market demands.
The Avalanche C-Chain is continuing to burn $AVAX at a fairly rapid clip, having crossed the $1m line recently. It's a good time to reflect on the underlying dynamic. (Thread)
A lot of the burn is attributable to DEXes, including @pangolindex, @SushiSwap and @Zer0Dex. These DEXes share a common feature: they constantly offer to buy and sell assets using the Uniswap equation. They are censorship free, and make a market for any asset.
By construction, these DEXes operate constantly provide arbitrage opportunities as prices move. Their bid/ask prices are modified continuously, by anyone, to reflect the market consensus on the price of the assets.