Escaping the Dark Forest

Nice work, but honestly I&#x27;m not sure why they bother.<p>The article states that the purpose of these smart contracts is:<p>&quot;Stake your tokens with us and you could be the next cryptocurrency millionaire&quot;<p>That&#x27;s an obvious scam. Anyone who gave real money to such a cause has already lost it. So why is the author giving away his time to help the scammers?

This read like a piece by William Gibson in the Neuromancer universe. I finally understand now why people are attracted by cryptocurrencies.

I still don&#x27;t understand what&#x27;s happening at the core of this and the other dark forest post from a few weeks ago. How exactly are these bots front-running&#x2F;stealing the ethereums?<p>My understanding:<p><pre><code> -these bots scan the smart contracts that are waiting to be executed by the miners -the bots find vulnerabilities (another grey area in my mind) in the contract -the bots adjust the destination address of where the contract is supposed to send the the ethereums -then the bots continually execute the vulnerable smart contract code</code></pre>

I love that they&#x27;re continuing the Dark Forest analogy! Makes me also realize I never want to dip my toe in crypto like that. It&#x27;s like an amateur going up to an entirely unregulated wall street and expecting to earn some quick cash.

interesting read - seems like the solution to the dark forest is equivalent to a dark pool in traditional finance?<p>the logical conclusion is that within a few months we&#x27;ll have dark pools run by miners who will process your transactions without broadcasting to mempool, in exchange for an increased gas fee. and, within a year, we&#x27;ll find out that some dark pools sold order flow to those HFT&#x27;s anyways, a la UBS <a href="https:&#x2F;&#x2F;sites.law.berkeley.edu&#x2F;thenetwork&#x2F;2015&#x2F;01&#x2F;29&#x2F;ubs-dark-pool-leads-to-14-5-million-in-settlement-paid-to-sec&#x2F;" rel="nofollow">https:&#x2F;&#x2F;sites.law.berkeley.edu&#x2F;thenetwork&#x2F;2015&#x2F;01&#x2F;29&#x2F;ubs-dar...</a>

I guess the take away here is that if you have the right connections then you can bypass the system.

When&#x27;s the movie script due? This was an amazing read mainly for the multiple perspectives and story. Great job!

All this research into smart contracts and crytpocurrency may seem pointless and a waste of time. It is very risky to dabble in, and I don&#x27;t think assigning value to these &quot;bitcoins,&quot; or whatever they may be called, will be the lasting effect of all this research. Perhaps some new programming language, or something we haven&#x27;t even thought of, could be the result of these people working on the outer edges of current knowledge.

Love whitehat crypto postmortems like this. They always read like heist movies.<p>Curious about the use of SparkPool to bypass the mempool and get the transactions minted directly into a block. It looks like anyone can sign up and contribute their hashrate to SparkPool. Is there a risk of malicious miners running workers in their competitors&#x27; pools and then frontrunning?

Makes me think of salvage operations, and then raises the question of how do people get paid? They&#x27;re providing a valuable service. I think in shipping there are both conventions and an ability to quickly negotiate that allows contracting for a salvage ship to rush to the aid of a grounded or sinking container vessel.

&quot;Smart contracts&quot; has always seem incredible dumb to me. Code that controls how money being transferred that cannot be updated or changed even if a bug is found.<p>Awesome design. It is like the opposite of what I would want to control my money in any transaction.

Very interesting story, it really does sound like a scifi thriller to me.<p>It also makes me wonder what type of legal battle would ensue if a blackhat were to have taken all of these funds instead, I&#x27;m not sure I&#x27;ve seen any public high-profile cases like that yet.

I offer that anyone who did the work that these researchers did would have also been “rightful owners” of that money.<p>This is the consequence of programmable money; there’s no getting around it, and, in my opinion, people shouldn’t want to. Rescuing people and brands who don’t put the effort into security from the consequences of their own mistakes isn’t a net benefit.<p>I&#x27;m all for anonymous teams, but look at the hoops this person had to jump through just to get in touch with them to report the bug.<p>When you&#x27;re anonymous, all you have is your brand, and theirs should have burned to the ground for this entirely preventable error.

i tried writing some toy Ethereum smart contracts circa 2016. at that time it was immensely difficult to write them in a secure way -- even a simple &quot;hello world&quot; level Solidity contract could easily have exploitable bugs if you don&#x27;t code in an extremely defensive style.<p>i&#x27;m told things have improved since then -- can anyone who&#x27;s used Solidity more recently comment on this? is it true?<p>this, plus the fact that putting information from the real world onto the blockchain unavoidably requires some trust, seemed like the two big problems then, and it seems like they haven&#x27;t really been fixed.

One of my good friends has a saying, &quot;Humans are really good at optimizing the hell out of the wrong thing.&quot; I can&#x27;t help but think that when reading about any sort of heroics involving blockchain.

Addendum <a href="https:&#x2F;&#x2F;zengo.com&#x2F;generalized-front-running-ethereum-arbitrage-bot-attack&#x2F;" rel="nofollow">https:&#x2F;&#x2F;zengo.com&#x2F;generalized-front-running-ethereum-arbitra...</a>

This is all very interesting to read about, but in the same way epic battles in Eve Online are interesting to read about but not participate in. I hope the author doesn&#x27;t think this article is functioning as an enticement to use ETH myself, because it&#x27;s only confirming for me that I never, ever want any of my money near that shambling wreck.

I quickly want to point out that we&#x27;ve recently seen a surge in uniswap&#x2F;bancor based &quot;liquidity pools&quot; (all projects copying each other). The main idea here is that you can lock up your crypto in a smart contract - which is considered &quot;secure&quot; as to no one can steal it (audited code by reputable companies and such). If true the risk is very small with things like impermanent loss, which doesn&#x27;t apply to all pools.<p>The idea here is that your money is provided liquidity and you&#x27;ll get paid a portion of the fees as well as some new token which can have a very high value (for a fleeting moment).<p>This is important to realize when looking at the crazy marketing around these projects, if it&#x27;s based on uniswap you can reasonably sure your principal won&#x27;t get stolen - regardless of the scammy and weird marketing.

seems like a very interesting story however after the third voice change I lost interest and the specialized tech jargon just makes it sound goofy

Nice read! That’s why I respect whitehat hackers, to be tempted by ~10million and then proceed doing the right thing. I wonder if they got a reward&#x2F;bounty for managing to save all this ETH.

cryptocurreny != investment scam. It&#x27;s just another way to transfer and store value.<p>Interacting with automated contracts is an interesting extension to that system which can make things alot more complex.<p>The &#x27;dark forest&#x27; comes from a kind of man-in-the-middle attack where anyone can see the order book and exploit it, by putting their own slightly better orders in. Hence the need for co-operation with a closed order book (miner) to get the transaction in safely.

If anybody would like more intense blockchain story-telling check out this longish write-up about Justin Sun&#x27;s takeover of Steem.it from a few weeks back. <a href="https:&#x2F;&#x2F;decrypt.co&#x2F;38050&#x2F;steem-steemit-tron-justin-sun-cryptocurrency-war" rel="nofollow">https:&#x2F;&#x2F;decrypt.co&#x2F;38050&#x2F;steem-steemit-tron-justin-sun-crypt...</a>

I clicked on this really hoping it was related to the Fermi Paradox.

It seems to me that basically no cryptocurrency outside of Bitcoin has its shit together.