Yearn Finance’s founder says he ‘doesn’t build for speculators’

Published at: Oct. 15, 2020

The founder of Yearn Finance, Andre Cronje, has seen a fair share of criticism lately as he deployed some smart contracts that ended up losing users’ money. Cronje defended himself in a blog post and explained why he believes he shouldn’t be held responsible for those who “ape in” his testing contracts.

Cronje will often place large disclaimers urging people to treat them with caution and not just go in because he built it. Little can be done to prevent this, given the permissionless nature of these products. Nevertheless, Cronje was sometimes criticized for not deploying contracts on testnets, where no real money could be lost. His “I test in prod” adage also turns some people away, as it seems to imply a careless attitude toward security.

Cronje explained that he does in fact test software in multiple stages. “[The statement] exists to deter people from just using systems without investigation. It does not mean that I don’t test,” he wrote.

Before a contract makes it to the mainnet, it goes through a rigorous process of unit, interaction and composite testing. These make sure that each part of the contract is working as intended, down to individual functions.

However, a key part of that process is testing in production to achieve the most realistic conditions. He explained that the mainnet provides the best possible tools and conditions, which cannot easily be replicated locally. “I have discovered issues on mainnet I never encountered locally, I have failed to replicate mainnet systems locally, and I have encountered errors locally that I can’t replicate on mainnet,” he explained.

Furthermore, there are many versions of existing products like Yearn Finance that were deployed to the mainnet without being discovered. “There are over 22 ‘yearns’ on ETH mainnet. There are over 5 ‘YFIs’ on ETH mainnet,” he added. In a conversation with Cointelegraph, Cronje said that the reason why his primary projects were never hacked was: “Ironically, because I test in prod.” With this approach, he says he is able to iterate over the real issues that come up, instead of relying on auditors to review pre-production code. “And if people just wait till I actually launch the product, all will be fine,” he added.

One case of people getting burned on Cronje’s smart contracts involved one of these testing playgrounds, which were still at least a few weeks away from public release.

Addressing these issues, Cronje noted, “I don’t build for speculators.” While he said that he could not rationally understand the people who rushed into his test environments, he seems to have conceded that a more pragmatic approach may be needed. “I have more thinking to do on this,” he concluded.

In the meantime, he pledged to not use his well-known deployer address to conduct further tests. Given the number of previous contracts that went undiscovered, this may be enough to prevent further unfortunate occurrences.

The post follows another instance of people losing money over one of his contracts, an unnamed project often referred to by its token ticker, LBI. The contract was deployed on the mainnet on Oct. 13 and immediately triggered a torrent of people putting their money into it, with many calling it “the new YFI.”

The token’s price fell immediately after, with many stories of people losing small fortunes over it. A barrage of criticism against Cronje was levied by many market participants, blaming him for the loss. It’s worth noting that this price decline was not the result of any kind of malfunction, as the contracts themselves were not compromised.

Tags
Technology
Ethereum
Defi
Hacks
Related Posts
The perfect storm: DeFi hacks will advance the crypto sector moving forward
The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum …
Decentralization / Aug. 17, 2021
How do DeFi protocols get hacked?
The decentralized finance sector is growing at a breakneck pace. Three years ago, the total value locked in DeFi was a mere $800 million. By February 2021, the figure had grown to $40 billion; in April 2021, it attained a milestone of $80 billion; and now it stands at above $140 billion. Such rapid growth in a new market could not but attract the attention of all manner of hackers and fraudsters. According to a report by crypto research company, since 2019, the DeFi sector has lost about $284.9 million to hacks and other exploit attacks. Hacks of blockchain ecosystems …
Technology / Aug. 14, 2021
The importance of decentralized oracles: Interview with Sergey Nazarov
Chainlink co-founder Sergey Nazarov believes that increasing the decentralization and scalability of oracle technologies are key to ensure trust in the DeFi ecosystem. Oracles play a key role in the correct functioning of DeFI protocols by connecting them to real-world data. However, the trustworthiness of oracles becomes compromised in instances where they rely on a single data source to retrieve information. For instance, according to Nazarov, excessively centralized oracles enabled five recent flash loan attacks, which resulted in DeFi protocols losing around $40 million. Flash loans, a form of loan that does not require any collateral, can be used to …
Decentralization / Dec. 19, 2020
Finance Redefined: You get hacked, they get hacked, everyone gets hacked, Nov. 11–18
If people actually used insurance against hacks, this week would definitely have bankrupted a great many insurers. In the span of one week, a total of four flash loan-enabled exploits were registered (one actually happened the week before, but wasn’t noticed until later). We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol’s loss of $7 million. In total, the hackers stole $18.3 million, which admittedly, is not that much — less than the single October exploit of Harvest Finance. As …
Technology / Nov. 19, 2020
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022