Das Bundeskabinett hat heute (Anm. 18.09.2019) die Blockchain-Strategie verabschiedet. Das Bundesministerium für Wirtschaft und Energie (BMWi) und das Bundesministerium der Finanzen (BMF) haben sie unter Einbeziehung der übrigen Ressorts erarbeitet.

Bundeswirtschaftsminister Peter Altmaier: „Die Potenziale der noch jungen Blockchain-Technologie sind hoch. Deutschland ist dabei weltweit unter den führenden Standorten. Mit der Blockchain-Strategie wollen wir dazu beitragen, diesen Vorsprung zu halten und auszubauen. Ein Fokus liegt dabei im Energiebereich. Hier können wir doppelt punkten, indem wir in Pilotprojekten die Chancen der Blockchain-Technologie nutzen und gleichzeitig die Digitalisierung der Energiewende vorantreiben.“ Weiterlesen

Ameen Soleimani – 8 min read

You’ve probably heard of Compound. They built compound.finance on Ethereum which allows you to lend and earn interest on your ETH, DAI, USDC, and several other ERC20s.

Today, the interest rate offered to DAI lenders is 10%, which is high enough to turn EthHeads’ heads (see cover photo).

As the CEO of SpankChain, it’s my job to manage the company reserves, which also includes nearly half a million DAI. At 10% annual interest, that’s ~$4,000 per month that we’re leaving on the table by not moving our DAI into Compound. That’s quite the opportunity cost. But the thing to remember when investing is that there is no free lunch. All investments have their risks and lending on Compound is no exception.

I spent some time over the last month evaluating several categories of risk when lending on Compound:

  1. Contract Security Risks
  2. Centralized Points of Failure
  3. Bank Run Risk

I break my investigation down by category below, but the most important things to know are:

  1. The smart contract security seems legit.
  2. Compound is a CUSTODIAL system, all lending pools can be trivially drained if their admin private key is compromised.
  3. When you lend on Compound, you are NOT guaranteed to be able to withdraw whenever you want. If you try to withdraw your funds and all the money is locked up in outstanding loans, your withdrawal transaction will fail.

I hope these lenders understand the risks… source: https://defipulse.com/compound

Contract Security

Compound has been audited by several reputable smart contract security firms.

  1. OpenZeppelin Audit Report
  2. Trail of Bits Audit Report
  3. Certora Audit Report

In addition, Compound was offering a private bug bounty of up to $250,000 for critical vulnerabilities (defined as 1% of funds stolen or 10% frozen), and to my knowledge no independent security researchers have been able to claim the bounty.

The contracts have also held $20M+ for over 6 months, $50M+ for over 2 months, and currently hold $100M+. For me personally, the most important metric of contract security is total funds held in contract * time held in contract, and Compound has been secure with quite a large public bounty thus far.

Based on the above factors, I presently believe that the Compound smart contracts are secure.

Centralized Points of Failure

I’m not a smart contract security expert myself, so I enlisted the assistance of the one and only samczsun who famously found a critical bug in the 0x contracts (despite multiple audits from top firms) and was paid $100,000 for it. He had the following to report about centralized points of failure in Compound (emphasis mine):


OpenLaw will be launching the first limited liability for-profit DAO, named the LAO. The LAO will enable members to invest in Ethereum new ventures and generate a profit. A new era of DAOs is beginning.

The LAO: A For-Profit, Limited Liability Autonomous Organization

Since first proposed in 2013, the notion of decentralized autonomous organizations (DAOs) has animated the dreams of blockchain developers. For many, these Internet-native organizations represent the next step in the evolution of social and economic coordination, with blockchain technology and smart contracts streamlining voting, decision making, and the allocation of digital assets.

The notion of a DAO did not emerge in a vacuum. Instead, these organizations build on a long lineage of technical and legal innovation. The Romans devised a variety of commercial entities, such as the societas peculium and societas publicanorum, that enabled parties to share in an enterprise’s profits and losses while also providing limited liability. During the Middle Ages, Italians pioneered early versions of a limited partnership to finance maritime trade. Joint-stock companies emerged in England and the Netherlands in the 1600s, providing organizations state-granted monopolies to engage in productive commercial enterprises. The modern corporation took root in the United States in 1811, when New York granted private parties the power to form their own corporate structures without an extensive approval process. Weiterlesen

by Koh Wei Jie · 8 min read

Railway semaphore signals. Source: WikiMedia Commons

This year, Ethereum has undergone a privacy renaissance of sorts. Encouraged by prominent members of the community, researchers, programmers, and DAO funders have collaborated to accelerate the ideation and implementation of privacy solutions, particularly those which employ zero-knowledge proofs. We are now at a stage where a key privacy building block is emerging from research and entering production: Semaphore, a means for anonymous signalling.

Semaphore is the basis of an ETH and ERC20 token mixer named MicroMix. In the near future, it can be used for other privacy-enhancing applications such as anonymous login, anonymous DAOs, anonymous voting, and journalism.

This technical blog post will explain how Semaphore and MicroMix work, and how Semaphore enables MicroMix to provide users with transaction privacy in a noncustodial manner. It will also describe its performance and tradeoffs, and finally outline how Semaphore can enable other zero-knowledge applications which would be otherwise impractical.

Readers should understand how Ethereum smart contracts work and some basic cryptography, but do not need to be familiar with zero-knowledge proofs. Weiterlesen