,

What You Should Know Before Putting Half a Million DAI in Compound

Ameen Soleimani – 8 min read

You’ve probably heard of Compound. They built compound.finance on Ethereum which allows you to lend and earn interest on your ETH, DAI, USDC, and several other ERC20s.

Today, the interest rate offered to DAI lenders is 10%, which is high enough to turn EthHeads’ heads (see cover photo).

As the CEO of SpankChain, it’s my job to manage the company reserves, which also includes nearly half a million DAI. At 10% annual interest, that’s ~$4,000 per month that we’re leaving on the table by not moving our DAI into Compound. That’s quite the opportunity cost. But the thing to remember when investing is that there is no free lunch. All investments have their risks and lending on Compound is no exception.

I spent some time over the last month evaluating several categories of risk when lending on Compound:

  1. Contract Security Risks
  2. Centralized Points of Failure
  3. Bank Run Risk

I break my investigation down by category below, but the most important things to know are:

  1. The smart contract security seems legit.
  2. Compound is a CUSTODIAL system, all lending pools can be trivially drained if their admin private key is compromised.
  3. When you lend on Compound, you are NOT guaranteed to be able to withdraw whenever you want. If you try to withdraw your funds and all the money is locked up in outstanding loans, your withdrawal transaction will fail.

I hope these lenders understand the risks… source: https://defipulse.com/compound

Contract Security

Compound has been audited by several reputable smart contract security firms.

  1. OpenZeppelin Audit Report
  2. Trail of Bits Audit Report
  3. Certora Audit Report

In addition, Compound was offering a private bug bounty of up to $250,000 for critical vulnerabilities (defined as 1% of funds stolen or 10% frozen), and to my knowledge no independent security researchers have been able to claim the bounty.

The contracts have also held $20M+ for over 6 months, $50M+ for over 2 months, and currently hold $100M+. For me personally, the most important metric of contract security is total funds held in contract * time held in contract, and Compound has been secure with quite a large public bounty thus far.

Based on the above factors, I presently believe that the Compound smart contracts are secure.

Centralized Points of Failure

I’m not a smart contract security expert myself, so I enlisted the assistance of the one and only samczsun who famously found a critical bug in the 0x contracts (despite multiple audits from top firms) and was paid $100,000 for it. He had the following to report about centralized points of failure in Compound (emphasis mine):

Weiterlesen

/0 Kommentare/von
, ,

The LAO: A For-Profit, Limited Liability Autonomous Organization

OpenLaw will be launching the first limited liability for-profit DAO, named the LAO. The LAO will enable members to invest in Ethereum new ventures and generate a profit. A new era of DAOs is beginning.

The LAO: A For-Profit, Limited Liability Autonomous Organization

Since first proposed in 2013, the notion of decentralized autonomous organizations (DAOs) has animated the dreams of blockchain developers. For many, these Internet-native organizations represent the next step in the evolution of social and economic coordination, with blockchain technology and smart contracts streamlining voting, decision making, and the allocation of digital assets.

The notion of a DAO did not emerge in a vacuum. Instead, these organizations build on a long lineage of technical and legal innovation. The Romans devised a variety of commercial entities, such as the societas peculium and societas publicanorum, that enabled parties to share in an enterprise’s profits and losses while also providing limited liability. During the Middle Ages, Italians pioneered early versions of a limited partnership to finance maritime trade. Joint-stock companies emerged in England and the Netherlands in the 1600s, providing organizations state-granted monopolies to engage in productive commercial enterprises. The modern corporation took root in the United States in 1811, when New York granted private parties the power to form their own corporate structures without an extensive approval process. Weiterlesen

/0 Kommentare/von

Semaphore, a privacy gadget built on Ethereum

by Koh Wei Jie · 8 min read

Railway semaphore signals. Source: WikiMedia Commons

This year, Ethereum has undergone a privacy renaissance of sorts. Encouraged by prominent members of the community, researchers, programmers, and DAO funders have collaborated to accelerate the ideation and implementation of privacy solutions, particularly those which employ zero-knowledge proofs. We are now at a stage where a key privacy building block is emerging from research and entering production: Semaphore, a means for anonymous signalling.

Semaphore is the basis of an ETH and ERC20 token mixer named MicroMix. In the near future, it can be used for other privacy-enhancing applications such as anonymous login, anonymous DAOs, anonymous voting, and journalism.

This technical blog post will explain how Semaphore and MicroMix work, and how Semaphore enables MicroMix to provide users with transaction privacy in a noncustodial manner. It will also describe its performance and tradeoffs, and finally outline how Semaphore can enable other zero-knowledge applications which would be otherwise impractical.

Readers should understand how Ethereum smart contracts work and some basic cryptography, but do not need to be familiar with zero-knowledge proofs. Weiterlesen

/0 Kommentare/von

Freezer – separate Geth onto two disks

Wouldn’t it be amazing if we didn’t have to waste so much precious space on our expensive and sensitive SSDs to run an Ethereum node, and could rather move at least some of the data onto a cheap and durable HDD?

With the v1.9.0 release, Geth separated its database into two parts (done by Péter Szilágyi, Martin Holst Swende and Gary Rong):

  • Recent blocks, all state and accelerations structures are kept in a fast key-value store (LevelDB) as until now. This is meant to be run on top of an SSD as both disk IO performance is crucial.
  • Blocks and receipts that are older than a cutoff threshold (3 epochs) are moved out of LevelDB into a custom freezer database, that is backed by a handful of append-only flat files. Since the node rarely needs to read these data, and only ever appends to them, an HDD should be more than suitable to cover it.

A fresh fast sync at block 7.77M placed 79GB of data into the freezer and 60GB of data into LevelDB. Weiterlesen

/0 Kommentare/von
,

Build a No-Code Ethereum app in under 2 minutes

Graham McBain
 · 2 min read

Using Bubble.is and Portis.io

Photo by Kyle Hanson on Unsplash

Protocols like Compound Finance and DYDX are arguably the most compelling reasons why you’d want to build an app on Ethereum. Unfortunately the entire web3 stack is surrounded by a cloud of wonky terminology and technical barriers. This jargon minefield makes it next to impossible for the average Jane to get something up and running.

Until now

I’ve been working on an simple MVP Portis plugin that allows anyone to utilize these and other protocols with no programming knowledge. To do this I leveraged a platform called Bubble.is, a visual programming language with powerful workflow automation tools.

The first step in making this possible is integrating a wallet provider. I’m a big fan of Portis and integrating their wallet has proven to be very easy. All this took was a few evenings and emails to the team to talk about problems I ran into. This work has resulted in the first tool which lets a non developer create a Dapp, all in under 2 minutes. Weiterlesen

/0 Kommentare/von
,

53 Tools You Need To Build Applications On Ethereum

4 min read

👉 Get your FREE chapter of the Blockchain Developers Handbook…

This guide takes 3 minutes 33 seconds to read.

🤖 Programming Languages

Solidity is the main programming language for smart contracts, however there are other languages which will be useful depending on your usecase.

  • Solidity — Object Oriented High Level Language For Smart Contracts
  • Vyper — Pythonic Programming Language For Smart Contracts
  • JavaScript — High Level Interpreted Scripting Language
  • Python — Interpreted High Level General Purpose Programming Language
  • Go — The Language In Which Geth (Go-Ethereum) Client Is Written In
  • Rust — Language In Which The Parity Client Is Written In
  • Java — The Pantheon Client Is Written In Java
  • .NET — Intergrateable To The Ethereum Blockchain With Nethereum
  • C++ — Protocol Development With The Help Of Github /Aleth
  • Ruby — See How Ruby Is Used In Ethereum With Github /Ethereum.RB

Weiterlesen

/0 Kommentare/von

Build an Open Investment Bank Using OpenLaw

Today OpenLaw is releasing its second vertical OpenLaw Finance. With OpenLaw Finance creating legally compliant tokenized securities, fixed income products, tokenized real estate, and smart derivatives can be as easy as filling out a simple form. The future of decentralized finance is coming into focus powered by OpenLaw.


Ethereum holds out the potential to serve as the commercial operating system for the globe. Launched only five years ago, Ethereum is rapidly emerging as the spine for a streamlined financial system where existing financial products can be structured and administered more efficiently. Despite the downturn in prices, Ethereum’s growth has accelerated over the past two years. We’ve seen the birth of stable coins, like DAI, and the threads of more advanced financial products like those provided by Dharma and Compound. Ethereum-based trading platforms are beginning to mature, like 0x and Uniswap, creating composable financial legal blocks that enable assets to flow more seamlessly between parties. And decentralized oracles like Chainlink are moving to mainnet, holding out the hope of inputting real-time data into commercial relationships and creating new, more efficient means of commercial transactions.
Traditional finance, of course, has noticed. An increasing number of banks and other “fintech” startups are exploring the use of blockchain technology through the issuance of their own stablecoins and a host of pilot programs ranging from J.P. Morgan’s stablecoin to SWIFT’s instant GPI payments.
The blockchain-world and traditional finance are on a collision course with new tools and approaches rapidly painting a picture of what a more democratized and streamlined financial system could look like — one that is more efficient, transparent, and resilient. Weiterlesen

/0 Kommentare/von

9 Things You Didn’t Know About Ethereum 2.0

1. It needs 2 million deposited Ether to start
We covered previously how a validator would need to submit 32 ether to a deposit contract to join the staking system in Ethereum 2. What isn’t as widely known is that we need 65536 validators for the new chain to start – roughly 2 million ether (65536 validators). That’s exactly 64 validators per planned shard in the system – too little at first (see numbers below).

Weiterlesen
/0 Kommentare/von
, ,

Revisiting stablecoins

Cryptocurrencies were supposed to destroy the traditional monetary system. Ten years on, where are we?
Bitcoin has been wildly successful, but as a financial game–not as a medium of exchange.

Weiterlesen
/0 Kommentare/von
,

Simple MultiSig Wallet — Step by Step

Source: https://medium.com/@alejandrodiaz

hand-holding guide to the Simple MultiSig Wallet, with plenty of screenshots

A multi-party transaction is a classic example of something you can do more easily with Ethereum than with fiat currencies. Yet many people don’t realize how easy it is to use MultiSig Wallets for multi-party transactions.

In this article I’m going to introduce a typical use-case for a MultiSig wallet, and then walk you through how to execute multisig transactions using Christian Lundkvist’s Simple MultiSig Wallet. I’ll be using the user interface for the Simple MultiSig Wallet that I wrote — it’s completely free to use and available on IPFS:

https://ipfs.io/ipns/simplemultisig.io/wallet

The walk through will have lots of screenshots. I know that format can be tedious for some people — but if you’re setting up a MutiSig Wallet with large sums of ETH it can be re-assuring to actually see how the screens will look.

Weiterlesen

/0 Kommentare/von