Research Recruiting:
Monad Labs is actively hiring for a full-time Systems Researcher (PhD) and a Mechanism Design Researcher. Feel free to DM me if you are interested, or if you have any questions! Link in the next tweet.
Life Update: Graduated with a PhD from
@cornell_tech
/
@Cornell
.
My dissertation focuses on developing theory, tools, & systems for automatic reasoning and prevention of value extraction from smart contracts.
Excited to begin my journey as a researcher at Monad Labs
@monad_xyz
Decentralized Finance 🤝 Formal Methods
Excited to release, Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts, joint work w/
@phildaian
@_mahimna
and
@AriJuels
Full Paper:
1/6
This is why Ethereum needs PROF.
MEV-Blocker, MEV-Share etc. operate in a very fragile trust model, and force users to choose between privacy and inclusion likelihood.
PROF circumvents such tradeoffs and privacy risks.
More info:
The dark forest just got a lot darker.
A few weeks ago, 0x991 frontran a seemingly private shezmu hack tx for 250 Eth.
Today the same bot frontran a private mev blocker tx, also for 250 Eth.
Someone's abusing private order flow.
It was an absolute honour and privilege for me to have had
@AriJuels
as my PhD advisor. I couldn’t have asked for a better advisor, collaborator, and mentor.
I know I will look back on my time at
@cornell
/
@cornell_tech
/
@initc3org
(IC3) very fondly.
Congratulations to my (now former) PhD student Kushal Babel
@KushalBabel
! He successfully defended his PhD thesis and has just joined
@monad_xyz
.
Kushal's dissertation focuses on ways to measure and combat exploitative practices in DeFi, e.g.: .
His
I will be presenting PROF, our latest research on MEV, tomorrow at the Whitepaper Summit, co-located with Token2049 Singapore!
Time: 9:30 AM Tuesday (9:30 PM ET Monday)
Register here:
Project website:
I am in Copenhagen at
@acm_ccs
this week and will be presenting our work on the new learning-based tool “Lanturn” in the Smart Contract Security session. Come say hi if you are around!
Paper :
Code :
Increasingly complex DeFi means increasingly complex MEV risks. Lanturn, led by
@KushalBabel
and
@mojan_jp
, uses adaptive learning to get accurate MEV estimates w/o heuristics: . It has even discovered two interesting new MEV-extraction strategies. 1/5
Had a great time discussing PROF with the brilliant crowd at the White Paper Summit in Singapore—literally the opposite side of the world from NY! The roundtable format, with printouts of a 2-page paper summary for the audience, was quite unique. Kudos to the organizers!
Happening now: IC3 alum
@KushalBabel
, discussing our latest research - PROF: Protected Order Flow in a Profit-Seeking World at the White Paper Summit in Singapore
@WPreadingclub
!
Securing smart contracts must begin with first mathematically specifying what we want our contracts to do, specially at the abstraction of economic properties & not merely properties of the code, enabling a principled analysis of their financial interactions with each other
2/6
We first formally define (Miner) Extractable Value for a composition of smart contracts, and then define the security as epsilon-composability under this metric. Intuition being that (M)EV represents the maximum exploit value for an application
3/6
Anyone who wants to do anything close to technical in blockchains should read (and re-read) the Bitcoin white paper by Nakamoto. It is required reading!!
Very accessible, simple, and concise:
We then write down the smart contracts models (
@MakerDao
,
@Uniswap
/
@SushiSwap
) in the formal yet human friendly K language from
@rv_inc
, specify what powers users/miners have (reordering/inserting tx) and let the machinery (SMT solvers etc) *prove* bounds on MEV
4/6
In practice: We make our search space tractable by avoiding exploration of equivalent states. eg. Don't explore tx reorderings of unrelated transactions, make use of path independence of Uniswap. We uncover substantial MEV (without explicitly programming attack strategies)
6/6
(a) These models are modular, enabling seamless composition (b) These models are expressive i.e. Turing complete. (c) We can do symbolic computation and automatically generate symbolic proofs of MEV (eg. for given contracts MEV is f(x) given …,x ETH swapped for USDC, ...)
5/6
Chain of stakeholders / middlemen in Ethereum keeps getting longer. Users keep getting further away from validators(proposers).
P.S. there’s one more in this chain: searchers.
I enjoyed returning to the Ava Labs Systems Seminar and presenting Mysticeti, a state-of-the-art DAG-based consensus protocol. Joint work w/ awesome collaborators at Mysten Labs: Andrey Chursin,
@alberto_sonnino
,
@LefKok
,
@GDanezis
mɪstᵻˈsiːti/ˌmɪstəˈsidi
For the latest Systems Seminar,
@KushalBabel
became the very first Systems Seminar return guest! Kushal presents his latest work on Mysticeti, reducing the number of round trip times required by DSMR/DAG consensus style protocols.
🔗
It was a pleasure presenting our work on Lanturn () at the
@AvaLabs
Systems Seminar. I've got a feeling another one—on DAG-based consensus—might be happening soon ;)
In this week's Systems Seminar, we're joined by
@KushalBabel
, PhD Candidate at Cornell Tech, who introduces Lanturn, a general-purpose adaptive learning-based framework for measuring the crypto-economic security of composed DeFi smart contracts.
Processing all the Ethereum blocks since genesis...I can viscerally feel each price cycle by just looking at how fast my script is processing the different batches of blocks
Very excited to be holding one of the very first copies of The Oracle
@oraclenovel
by
@AriJuels
. The jacket of the hardcover is viscerally elegant!
Can’t wait to read it cover to cover.
This one is 0x32.
Accelerationists and systematic value extractors, beware of regulators!
They have world-class help and existing laws that apply well to MEV extractors and facilitators (broadly construed).
I will not be taking any questions or comments on this matter.
Reminds me of my first real coding job as an intern at Uber. We mistakenly turned off surge pricing for Mumbai and Hyderabad. That too for an entire weekend during the Monsoon season!
Everyone was forgiving and kind tho :)
We mistakenly sent out an empty test email to a portion of our HBO Max mailing list this evening. We apologize for the inconvenience, and as the jokes pile in, yes, it was the intern. No, really. And we’re helping them through it. ❤️
Finally I've been able to successfully hack myself into being a morning person. Scheduled 7AM meetings with an organisation in India. Realizing that my desire to sleep in < the excitement to meet with these brilliant people daily
I find it quite neat that we were able to verify CK proofs using smart contracts that we also deployed on Ethereum mainnet. It was also fun to cross-compile code for a Bitcoin mining ASIC and get it to generate CK proofs. Excited to see what dapps will be built leveraging CK.
The next iteration of PROF blog post is out. We believe PROF is a simple, promising way to combat harmful MEV and get fair ordering (for your favorite notion of "fair"). We're exploring ways to make it happen.
@KushalBabel
@iseriohn42
@_mahimna
FAQ thread on questions asked about PPOF () at SBC: 🧵
Q1: Would (non-myopic) validators not censor PROF transactions?
A: No. Since validators are just signing off on a header in PBS, they cannot discriminate vanilla PBS from PROF-enriched block!
Are mining pools currently distributing MEV profits to the workers or keeping it for themselves? Which ones are the most progressive and transparent here?
@bertcmiller
@ObadiaAlex
et al.
@VitalikButerin
@_jhunsaker
@0xMert_
Sone of the members on this list do not have last names, it just says “Omer” for example. In an event when Arbitrum does steal user funds it would be difficult to track down who “Omer” is. Perhaps you should make last names mandatory.
While releasing an "update to the T&C/ Privacy Policies", it should be mandatory to release what changed from the previous version. Like a `git diff`. Much more convenient to follow (maybe that is exactly what companies don't want)
Just another morning in New York:
Embarrassing a well-dressed white collar dude smoking in the subway on his way to a desk job.
Next time I’m making you pay a grand total of $50 fine!
My first paper was my internship advisor asking me to prove two program semantics equivalent.
Two months later, I had a draft with a counterexample program!
Yesterday I was pleased to host a meeting between
@elonmusk
& the leading Bitcoin miners in North America. The miners have agreed to form the Bitcoin Mining Council to promote energy usage transparency & accelerate sustainability initiatives worldwide.
Spent all of today introducing my brilliant friend (working in HFT and FAANG before) to blockchains. He had insightful questions about everything: consensus, defi security, ZK constructions, state growth, trusted hardware, community culture etc. He was absolutely amazed at the..
What is the sentiment in the Physics community about Geoffrey Hinton winning the Nobel Prize in Physics?
Perhaps Roger Penrose should be considered for the Turing Award.
@cargodog_
@gakonst
In any case, one needs a different protocol to produce totally ordered blocks, called Snowman. I haven't seen performance benchmarks for the Snowman protocol. cc:
@_patrickogrady
who can perhaps give a pointer to these numbers.
Just paid INR 60000 (> $800)
#tariff
to the Government of India for importing an iPad.
Such protectionism has made the domestic players fat and lazy. It’s not as if there is a competitor to
@Apple
that is being protected.
The country needs a political party on the economic right!
@socrates1024
@badcryptobitch
I think it minimizes front-running for transactions submitted via Fb, and maximizes front-running for transactions not submitted via Fb (to the public mempool)
@cargodog_
@gakonst
But it also tolerates a much lower adverserial threshold for liveness -- sqrt(n) instead of typical n/3. There are other many interesting and unique tradeoffs, and there are opportunities to combine the two kinds(see Frosty, ). 2/N
It takes a lot of clicks, and back and forth to browse through comments on
@Medium
blogposts, and more so for the replies to those comments. Why can't these comments and replies be rendered like
@reddit
does, on the same page, below the post!
Why do organisations show us the entire T&C (not fit for human consumption) without also showing the diff from the previous version, whenever the T&C change.
They have incentives to deliberately nudge the users towards not reading them before accepting.
@Google
recently did so.
Much of what’s being sold as "AI" today is snake oil. It does not and cannot work. In a talk at MIT yesterday, I described why this happening, how we can recognize flawed AI claims, and push back. Here are my annotated slides:
DO - talk about people “acquiring” or “contracting”
#COVID19
DON'T - talk about people “transmitting COVID-19” “infecting others” or “spreading the virus” as it implies intentional transmission & assigns blame
#coronavirus
Someone deployed $CRV based on smart contracts we had published on github, front-running our efforts.
While we initially were skeptical, it appeared to be an acceptable deployment with correct code, data and admin keys.
Due to the token/DAO getting traction, we had to adopt it.
Q.2: What ordering policy do PROF sequencer(s) use?
A: PROF design is not opinionated. Sequencer(s) can choose any ordering over encrypted transactions (with knowledge of associated fees). Note that FCFS sequencing will not have latency racing in PROF.
When we say Bharat, it is not a culture of absolutism, of you versus me, this is a culture of inclusiveness. Inclusiveness is the need of the hour. On the level of the individual, it is only through inclusion that we can experience joy, peace and balance. It is important we
great work going on in the blockchain and crypto space. He was also amazed at how great and talented people this ecosystem has. (I had omitted the part about personal attacks and ego clashes on CT ;)
Spent all of today introducing my brilliant friend (working in HFT and FAANG before) to blockchains. He had insightful questions about everything: consensus, defi security, ZK constructions, state growth, trusted hardware, community culture etc. He was absolutely amazed at the..
Our elegant mathematical models with normal distribution assumptions: Current mood swings in the market won't likely resurface until a long time. Right? Simple enough? Or maybe too simple!
Q.3: Why should a relay support PROF?
A: First, it makes them more competitive, i.e., their blocks are only more valuable with PROF. If relays are indeed an oligopoly such that they don’t face competitive pressures, prof bundle can pay \epsilon fee to the relay.
@MaxResnick1
@MatheusVXF
@tarunchitra
IIUC, the first one talks about sequencing rules only where ordering is controlled by a single entity, and is quite different than fair ordering (which is really a misnomer for decentralised/joint ordering).
@relyt29
Yup, if the MEV auctions between "searchers" (folks who bribe miners for inclusion/ordering) become very competitive, the bribe searchers must pay is equal to the MEV, bleeding all the value from users and searchers to the miners.
@SashaSpiegelman
@IgMosqueira
@gakonst
- FWIW, the original tweet from
@gakonst
was essentially about multi-proposers (in relation to inclusion lists and MEV), which is not there in cordial miners IIRC.
- The Mysticeti paper does cite Cordial Miners and mentions the differences. Please dont conflate researchers and PR
There used to be Netflix and Hulu. Now there are Apple and Disney and seemingly a million other services that shape what you can watch. This means you’ll probably need to get multiple services to watch your favorite shows.
Agreed, decentralization is only lucrative from a long term perspective which is not natural for most humans. Permissionlessness however is far more attractive even in the short term.
@pkedrosky
The public doesn't care about decentralization per se it wants stuff to work. Centralization makes stuff work fast and at scale so even when it begins with the promise of decentralization competitive pressures push Web3 towards centralization behind the scenes.
re Wormhole hack:
Is this a $300 million write off, or changes are being made to the protocol to recoup this loss?
(Assuming that the attacker doesn't return the money)
@wormholecrypto
Jump put up 120k of it’s own ETH because we believe in Wormhole and want to support it in this stage of its development. And we're going to come out stronger than ever
Detailed incident report from Wormhole to come soon
@cargodog_
@gakonst
Good point. Avalanche has a diff nature than some of the recent DAG-based protocols like Mysticeti. Avalanche has a lot of positives going for it, main one being: subsampling avoids all-to-all communication, which means it can scale to a large number of nodes (100s-1000s). 1/N
Morty is working on a new tuskla design! 100$ to pre-book, production starts in late 2021.
#ElonTusk
is the most
#rickandmorty
thing ever, related to Earth C-137