[HN Gopher] Attacking an Ethereum L2 with Unbridled Optimism
___________________________________________________________________
Attacking an Ethereum L2 with Unbridled Optimism
Author : daegloe
Score : 146 points
Date : 2022-02-10 17:09 UTC (5 hours ago)
(HTM) web link (www.saurik.com)
(TXT) w3m dump (www.saurik.com)
| superfrogged wrote:
| May I recommend cracking an economics textbook
| X6S1x6Okd1st wrote:
| To learn that 2M is a good payout for finding a bug?
| AlexCoventry wrote:
| What's your point?
| lihorne wrote:
| Hey! Optimism's head of engineering here!
|
| We're super greatful to saurik for writing up such a great
| analysis of what he found. If you want to hear some of our key
| takeaways as the maintainers of the network, you can check out
| our disclosure post here [1].
|
| If you're wondering WTF Optimism is... we are building an
| optimistic rollup on top of ethereum. The basic idea is to de-
| couple blockchain computation from data availability and allow a
| new operator to exist called a sequencer which can accept
| transaction requests and submit the calldata to Ethereum Mainnet,
| but do the computation on Optimism Mainnet. There is an idea of a
| fault proof which means you can verify that the computation done
| on Optimism Mainnet followed the exact rules of the EVM, and you
| can prove this on Ethereum Mainnet. Our fault proof codebase,
| cannon, was built by another jailbreak legend (geohot) precisely
| with the goal of running Ethereum's battle-tested code and
| minimize the chances of bugs like this. It's some really cool
| stuff. If you're into compilers, VMs, and blockchains alike,
| check it out! [2]
|
| The protocol is still in active development, it is not done yet,
| and that's exactly why we set up this bug bounty program. We
| think bug bounties matter, a lot, and we're proud to now become
| the record holders of the largest bug bounty payout in history,
| however we hope to very quickly be beaten by someone else.
| Developers like saurik, who we've gotten to know recently, are
| super important for this ecosystem to thrive. Building this stuff
| is hard, and we want the best hackers in the world to get rich
| breaking these protocols because if we succeed in this industry,
| this technology will be the backbone of the world's financial
| infrastructure -- it needs to be secure. Everything we write is
| also MIT licensed and developed completely in the open.
|
| Very happy to answer any questions, I'll check this thread for
| the rest of the day -- AMA :)
|
| Also, we are hiring! [3]
|
| [1] https://optimismpbc.medium.com/disclosure-fixing-a-
| critical-... [2] https://github.com/ethereum-optimism/cannon/ [3]
| https://boards.greenhouse.io/optimism
| SilasX wrote:
| I have a question: why did you make transaction data from
| before the Nov 11 upgrade unavailable? How hard would this have
| been? It's just serving the same immutable transactions that
| were there before, right? People were expecting these to be
| available for planning and tax reporting.
|
| Even finding out about them after the fact was difficult
| because the cause of missing transactions wasn't made public on
| the user-facing site. For months the maintainers fielded
| questions from people on the discord that could have been
| satisfied by an announcement on the website. And even the
| announcements on discord came slowly.
| lihorne wrote:
| The Nov 11 upgrade radically changed how Optimism's backend
| worked. Transactions after 11/11 are executed in a VM that's
| much closer to the EVM than before. It's still possible to
| run nodes that access these pre-11/11 transactions, but
| because of the way Etherscan and geth are designed, it's
| unfortunately not as simple as just serving the same data
| again.
|
| Etherscan CSV exports are the best solution we had that
| didn't require significant modifications to Etherscan's
| backend. You should be able to use the CSV feature to export
| all of your relevant pre-11/11 transaction data (transactions
| and ERC20/ERC721 transfers).
|
| While we did our best to communicate this months in advance
| on our twitter, blog, discord, and documentation, it's hard
| to reach everyone and we totally agree that this is not
| ideal. At the time, we had to prioritize progress, but we've
| since made a firm commitment to not to update the chain in
| this way going forward. So, this shouldn't be something
| people will need to worry about in the future.
| Kalium wrote:
| Your first link is broken.
| lihorne wrote:
| Fixed, sorry
| cheese_it wrote:
| Hello,
|
| I've been wondering what the hardware requirements for running
| Optimism's infrastructure are relative to just running a
| Mainnet node. If Optimism can process more transactions than
| the main chain, does that mean state growth is also much
| higher? How is Optimism thinking about this problem as it moves
| to decentralize the sequencer in the future?
| lihorne wrote:
| This is a fantastic question for pretty much every scaling
| solution out there -- as the initial engineering work on
| rollups finish, many of the fundamental scaling problems re-
| emerge on L2. Right now, our system's hardware requirements
| are very similar to L1 mainnet, but the state is growing.
|
| There are two solutions in the future: statelessness, and
| block-producer/verifier asymmetry. Statelessness (and related
| concepts like state expiry) has been under active research in
| Ethereum for years, and we've recently started our own
| contributions with a new stateless Ethereum client [1]
|
| The other part of the solution is to leverage asymmetries
| between the hardware requirements of block producers and
| verifiers. TLDR: this lets you have high HW requirements for
| sequencers, but still secure the network with laptops.
| Vitalik recently wrote about this; you can read that here [2]
|
| [1] https://twitter.com/ben_chain/status/1488275978983915523?
| s=2... [2] https://vitalik.ca/general/2021/12/06/endgame.html
| vmception wrote:
| Whats the best way to replicate these states on localhost?
|
| When using the L1s, it is easy to fork the current state of the
| network with Brownie and bang at smart contracts for free using
| fake gas on localhost. Reserving any advantage or unexpected
| behavior you find for the bug report, or redeploying it on
| mainnet for the bug bounty paying the gas just that one time
|
| But with L2s in the mix, especially Optimism, how would one do
| the same? Would it be like two instances of Brownie in virtual
| environments? Kind of like having a cluster of microservices
| booted up in Vanguard on localhost?
| saurik wrote:
| Yeah, so to run your own Optimism full node--the "whole stack"
| --you need 1) a normal Ethereum full node of some kind, 2) an
| Optimism data-transport-layer service (which scrapes the L1
| looking for L2 transactions and provides a web service to
| access just that data), and then 3) an Optimism l2geth instance
| (which is an Ethereum node modified to read its transaction
| batches from the DTL).
| vmception wrote:
| Wow. A tutorial on doing that would be great.
|
| Speaking of "bug bounties", I use the term liberally as a
| euphemism for hacking these contracts and taking everything
| for yourself under the observation that company/community bug
| bounty systems are broken and undervalued for the value they
| provide. Although seen as a euphamism now, I think the term
| is accurate especially when looking at how bounty was used in
| the American frontier or Wild West.
|
| You made $2,000,042 from this without any drama, in a quick
| timeline even though it was technically outside of the scope
| of the program! I think many in the hackernews audience would
| have liked to have known that from the get go. Many people
| ignoring blockchain would pivot immediately to at least doing
| smart contract bug bounty research on the side just from
| knowing that alone, learning the extremely lucrative and
| marketable skills in the process. If you formatted the
| article to the bug-bounty timeline to payout format. You
| should even show some people a material thing that what you
| bought with it, because many people still don't understand
| that this is analogous and convertible to money in your bank
| account especially at these convenient amounts.
|
| How much could you have seized with this bug at the time?
| saurik wrote:
| > ...because many people still don't understand that this
| is analogous and convertible to money in your bank account
| especially at these convenient amounts...
|
| FWIW this project doesn't have its own token (this L2 uses
| ETH as its currency just like the base layer), so the bug
| bounty payout is denominated in actual USD.
| vmception wrote:
| Whether they paid in ETH priced in USD, or a stablecoin,
| or a USD wire to your bank account, many people aren't
| aware that getting paid in this space is that lucrative
| and that liquid and that simple.
| seibelj wrote:
| saurik is pretty famous, I would estimate that most
| serious players in this space know the money is here.
| What is good about this post and the fact it's on top of
| HN is that maybe the average HN reader will be curious
| and help shift the crypto narrative on HN from negativity
| to at least neutrality.
| vmception wrote:
| Yeah it would be great and more on brand for this forum
| to have neutrality
|
| The actual communities for most projects and general
| crypto are obnoxious, and probably what has helped push
| or keep this community to negativity, i could see it
| flipping to neutral though, judging by the emails I get
| there are plenty builders and educated proponents here
| antocv wrote:
| But the negativity is well deserved
|
| Look at how the crypto-sphere reacted at FEDs returning
| "stolen" coins to Bitfinex like all praise and "justice
| served". Only HNers actually raised "hey guys why do you
| even crypto if FEDs will decide who owns what".
|
| It all ends up being Government-coin and they like it.
| vmception wrote:
| To me, this is Exhibit A of the oddly incoherent nature
| of discussions that appear here. What you wrote is a
| random mixture of ideology, misinterpretation of what
| happened, and the wrong forum for it.
|
| Where would one even start?
|
| US Govt hasn't returned the bitcoin to Bitfinex. Bitfinex
| has stated they would apply for getting it returned. This
| is the process these things take. All that has occurred
| is a DOJ/FBI seizure, indictment and arrest. I don't know
| what reaction you referring to and your sentences are
| ideological hyperbole that have nothing to do with the
| technology. This is a technology and industry forum. The
| technology allows any possessor of the private key to
| assume control over the entries in that private key.
| kristofferR wrote:
| This title is way underselling this.
|
| As far as I could gather from a quick googling, this is the
| largest single bug bounty payout in history.
| runeks wrote:
| Along with the bounty for this one: https://gerhard-
| wagner.medium.com/double-spending-bug-in-pol... (also $2M [1])
|
| [1] https://portswigger.net/daily-swig/polygon-pays-out-
| record-2...
| saurik wrote:
| Ah, but, you see: this bounty was $2M...+42! (omg; I honestly
| hadn't noticed this o_O)
| [deleted]
| X6S1x6Okd1st wrote:
| Excellent write up! Glad you were well compensated.
| Temasik wrote:
| cgb223 wrote:
| Page seems to be down. Can't connect to server
| saurik wrote:
| (This has hopefully been fixed; the way I added SSL to my
| website--which I only the night before last--was "ridiculous"
| and apparently not at all up for the challenge :/. I thankfully
| had given myself a backup plan--offloading the SSL to nginx--
| which I was able to switch to quickly, but I should have really
| pushed my update today with that configuration.)
| iskander wrote:
| This is a concerning aspect of Ethereum's strategy to push
| scaling to layer-2 networks: Ethereum is a heavily audited and
| tested protocol that runs an extremely decentralized network of
| diverse clients. L2s can be...an AWS instance running arbitrary
| buggy code. Much of the confidence in the "base layer" that
| people using Ethereum currently experience will be significantly
| undermined if mundane transactions wend in and out of different
| L2s.
| soco wrote:
| Correct me if I'm wrong, but with those L2 tricks the plusvalue
| of Ethereum gets kinda diluted... and there's already a heavy
| discussion on the "why should I use it at all".
| k__ wrote:
| Their proof ends up on L1 and they get cheaper the more
| people use them.
| serverholic wrote:
| You're going to have to explain. L2 heavily rely on the
| Ethereum base layer.
| suikadayo wrote:
| Most L2s will require users to pay transaction fees in ETH.
| Some will have fee abstraction where people can pay with
| tokens, but the rollup themselves will still end up paying
| ETH on L1.
|
| Ethereum will essentially be a settlement layer for rollups,
| and everyone will be doing their DeFi, NFTs, etc on the
| rollups which are almost treated like their own chains.
| serverholic wrote:
| Ethereum didn't start that way, it had to build trust over time
| just like any other project. Eventually L2s will get there too.
| SubiculumCode wrote:
| Same with Polygon their Ethereum L2+Sidechaining scaling
| solutions. Polygon is quickly building a reputation for solid
| secure code, mostly because their team kicks ass and is
| proactive.
| jeffalbertson wrote:
| I mean they just disclosed a 1.6mil hack 40days ago.
|
| I like polygon and unfortunately feel like hacks/stolen
| funds are part of the maturing process for blockchain
| projects but im not yet ready to say they are building a
| reputation for solid secure code.
| baxtr wrote:
| Side note: that's the first flame war free / nuanced thread on
| crypto that I have seen on HN so far. Thanks for starting it!
| iskander wrote:
| No problem!
|
| After a year of playing around with crypto I think I'm
| appropriately both skeptical and excited, which is hopefully
| a good starting point for non-trolling conversations.
| kristofferR wrote:
| The discussion here used to be way more thoughtful, it's only
| been bad the last year or so.
|
| I think the degradation of crypto discourse here was mostly a
| knee-jerk reaction to NFTs. "NFTs are stupid, so all crypto
| is stupid, because NFTs are crypto" - that was likely the
| thought process behind all the toxicity seen here.
| rawtxapp wrote:
| I would disagree, in my experience HN has been pretty anti-
| crypto for a long time, starting with Bitcoin's
| announcement thread [1].
|
| Personally, I think people are just tired, as a proponent
| I'm tired of arguing the same stuff over and over again, I
| can imagine the other side of that too. At this point, time
| will decide who's right and wrong, I think that what anyone
| of us thinks doesn't really matter in the grand scheme of
| things.
|
| 1: https://news.ycombinator.com/item?id=599852
| simias wrote:
| Yeah I'm an opponent and I feel the same. The talking
| points have been exhausted half a decade ago. On top of
| that as cryptocurrencies get more and more mainstream we
| have to deal with less sophisticated people who make it
| very hard to have a decent discussion in the first place,
| because you basically have to start by taking 20 minutes
| to explain to them what the basics even are.
|
| NFTs are really pushing this situation to the extreme.
| Between the NFT enthusiast who seem to think the
| technology is literal magic who can do anything you want
| it to and "haters" who will say stuff like "NFTs are just
| URLs of JPEG" which is absurd oversimplification and
| completely misses the point.
|
| That being said I would argue that the fact that the
| discussion is not advancing and that we're left with
| "monkey jpegs" is to be blamed entirely on the
| cryptopeople who clearly fail entirely to deliver
| anything new. The killer "crypto app" has been a couple
| of years away since 2015 at least. The tech keeps getting
| more complicated as an attempt to address the
| fundamentals shortcomings of the blockchain, but it still
| fails entirely at being anything more than a vehicle for
| wild speculation.
|
| The fundamental reality is that basically nobody would be
| using any of this if they didn't think it was going to
| make them rich. That was true five years ago, it's true
| now and I think it's going to remain true for the
| foreseeable future.
| iskander wrote:
| I'll try to engage without pulling us into familiar
| debates.
|
| I have found, in a year of intensive use and research
| around the Ethereum ecosystem, here are a few things I
| like that wouldn't really work without an underlying
| immutable distributed ledger:
|
| 1) Creating limited editions of generative art.
|
| 2) "Forever" art like on-chain pixel and ASCII art.
|
| 3) Frankenstein-like adaptations of traditional fintech
| constructs into a decentralized implementation, such as
| AMMs.
|
| Also, the more I learn about the zk-rollup space (STARKs
| and SNARKs) the more curious I get about the
| possibilities there. You can, for example, have digital
| treasure hunts where whoever finds the treasure can
| generate a proof without revealing the location. So far
| this is just cool without having an obvious killer app,
| but more than anything else in the crypto space I think
| there will be killer apps emerging from this technology.
|
| By volume, I agree with critics that it's mostly bubble-
| chasing, gambling, and scams. It might be healthier for
| everyone if the tech & art experimentation were walled
| off from investments. At the very least, we probably
| shouldn't have crypto exchanges advertising -- really
| nothing interesting comes from luring Main Street to buy
| and store Doge on a centralized exchange.
| BoorishBears wrote:
| Hasn't time already proven the skeptics right?
|
| The biggest sources of skeptism were around logistics and
| value as a currency:
|
| Is there a cryptocoin that has successfully solved
| logistics without disastrously failing as a currency?
|
| Even if you ignore the environmental aspect... has any
| coin that has achieved scale _not_ experienced deflation
| that would make the Great Depression look like a hiccup?
|
| To me the skepticism has always been "you can't have a
| functional decentralized currency". Some people take that
| at face value and proudly proclaim "people will accept
| your BTC/ETH/etc."
|
| But most people mean it in the sense we think of
| currencies belonging to non-failed states: aka being a
| somewhat stable store of value. More widely used for
| payment of productive economic output than fraud and
| speculation...
|
| -
|
| I see crypto as I see Tesla, maybe there way a point but
| it's long buried under the mania.
|
| Disclaimer: Due to that mania I keep some as hedge, but
| again, imagine saying I keep dollars under my pillow as a
| hedge that next year they might have 10x'd in value...
| rawtxapp wrote:
| Has it?
|
| Bitcoin is _bigger_ than ever before. It 's far more
| valuable, it has far more users, processes hundreds of
| thousands of transactions moving billions of dollars
| worth of value every day on-chain alone, has very healthy
| L2 layer growth (1ml.com), has hundreds of exchanges
| worldwide, it ticks every 10 minutes and will keep
| ticking for the foreseeable future. We have a small
| country that adopted it as a legal tender with more
| countries coming on the Bitcoin standard potentially this
| year.
|
| People only see the fiat currencies and forget that we've
| run on gold standard for thousands of years and fiat
| currencies are barely 50 years old and riddled with
| financial crises left and right. Bitcoin is digital gold,
| strictly better than gold. But anyways, we'll see what
| happens in the future.
| DennisP wrote:
| With zkrollups, you get an on-chain proof that the off-chain
| infrastructure did everything correctly. A contract can even
| verify that proof before updating the data on chain.
| HashBasher wrote:
| > extremely decentralized network
|
| Can you provide source for this claim? I thought that infura
| was the dominant infrastructure provider for eth and if it gets
| taken down, a majority of the apps goes down too.
| iskander wrote:
| Infura is a single RPC endpoint, the underlying network it
| talks with has 5k-6k clients:
| https://www.ethernodes.org/?synced=1
|
| You can choose one of ~20 different free RPC endpoints:
| https://ethereumnodes.com/
|
| This doesn't include private or paid RPCs or just running
| your own.
| nootropicat wrote:
| Infura already went down several times and nothing happened.
| Metamask users can easily switch to other rpc providers
| (including their own nodes).
| teempai wrote:
| Ethereum actually has almost no client diversity. The vast
| majority of nodes run the geth client (go).
|
| Regarding the security aspects of L2s: they will of course not
| be anywhere near as robust as ethereum itself, but over time
| they'll get better. However, they also don't need to be as
| robust as ethereum given they effectively benchmark against the
| ethereum chain so while things could go wrong, the amount of
| damage will be very contained and as the ethereum mainchain
| scales the damage radius becomes ever more contained. Finally
| the bridges that are being implemented to move assets from
| ethereum to the L2s can implement emergency withdrawal
| mechanisms which allow users to get their assets out even if
| things go wrong.
|
| Not perfect, but the tradeoff seems reasonable to me given the
| performance enhancement and the diversity of functionality that
| can be offered via many different environments.
|
| Disclaimer: I'm quite possibly biased due to my company working
| on L2s.
| sophrocyne wrote:
| For those interested in data supporting diversity comment
| (~82% geth) - https://www.ethernodes.org/
|
| Re: GP comment - From a "trust" perspective, there is a
| distinct difference to call out between the integrity of data
| on the platform, and the trustworthiness of the platform
| itself (i.e., the ability for centralized control of all
| data)
|
| In an instance where an L2 is compromised, the potential
| impact is limited to the integrity of data that _individual_
| L2 was contributing to the overall platform.
|
| Those transactions which demand absolute integrity will
| naturally tend to occur on L1, for this reason. Risk
| mitigation strategies will develop for those operating on L2
| + bridged chains.
| jrochkind1 wrote:
| What kinds of transactions do not demand absolute
| integrity, but still make sense to use a blockchain for? (I
| don't know much about these sorts of things, I'm actually
| asking for examples)
| mattdesl wrote:
| Security of zk rollups may be sufficient for a lot of
| activity - trading, DeFi, games, art, DAO/access tokens,
| escrow, crowdfunds, all the web3 stuff.
|
| The L1 may eventually be a primary settlement layer for
| protocols like zkSync and StarkNet (and any other
| protocols and rollups built on Ethereum L1). At some
| point it may not be common for users to interact with L1
| --ie. users of Argent and Sequence wallets may only be
| holding assets on L2.
|
| zkSTARK/SNARKs has pretty dramatically changed the L2
| landscape and new direction seems to be moving away from
| optimistic rollups like in the OP. This is just my
| understanding, somebody please correct me if I'm wrong.
| jrochkind1 wrote:
| I gotta admit I don't know what 50% of the words there
| mean, but it surprises me to suggest that "absolute
| integrity" would not be required for trading, escrow,
| DeFi, DAO/access tokens.
|
| Makes sense for games and art (but then I wonder what
| they are doing using a blockchain in the first place).
| sophrocyne wrote:
| This turned out to be longer than I intended. Apologies.
|
| I view Ethereum as a value network, connecting disparate
| sets of transactional use cases around a set of core
| services (like Address, asset records, and transaction
| functions)
|
| To believe that blockchain makes sense for assets which
| do not require absolute integrity, you'd need to first
| accept that there are valuable use cases which having an
| asset management & transaction layer (L1) serves.
|
| If we establish that there are valuable use cases that
| attract asset management to L1, at a certain point
| network effects begin to take hold, and the system
| becomes "top of wallet".
|
| There are parallels in how you manage traditional
| finances today - Even if you have multiple bank accounts
| and digital wallets for USD (e.g., a Chase account, Cash
| App, Venmo, etc.) you're likely to mentally consider one
| of those your "primary" account. The important one. The
| main difference in the value network of Ethereum is that
| the primary account can aggregate the assets that are
| managed/transacted through L2 solutions. The L2 solutions
| leverage the core "identity/asset mgmt layer" of L1, but
| serve use cases that don't justify the cost of
| development/operation/transaction on the main layer.
|
| To connect this analogy to the original question, let's
| imagine that your Bank Account offered direct integration
| with each of the other accounts you manage - Capturing
| every asset you held, including the 124 gold you still
| have on your World of Warcraft account from a decade ago.
| If the 124 gold were to somehow disappear due to a
| bug/hack/other integrity issue, your bank account would
| reflect that. But the important stuff would be there.
|
| TL;DR - If commerce generally moves to blockchain systems
| at significant scale, there will be an acceptable level
| of failure on L2 systems to support the convenience of
| aggregating up asset mgmt alongside the important stuff.
| iskander wrote:
| >In an instance where an L2 is compromised, the potential
| impact is limited to the integrity of data that individual
| L2 was contributing to the overall platform.
|
| I think distinction is only meaningful as long as L2s
| remain a niche curiosity while the majority of transaction
| volume resides on L1. If the L2 plan succeeds and almost
| all volume passes through an L2 and one of the major L2s
| has a bug like in this post, then a large fraction of all
| ETH could end in the hands of hackers.
|
| The ledger would accurately reflect the moment that a bad
| actor lifted e.g. 5-10% of the ETH supply off an Arbitrum
| or StarkNet bridge. Technically the L1 is uncompromised but
| a lot of money would be "redistributed".
| kristofferR wrote:
| > Ethereum actually has almost no client diversity.
|
| I think that is slightly misleading, all the client diversity
| efforts is focused on Ethereum 2.0 now, as the old clients
| will be dead soon. [1]
|
| This is the most updated stat I've found:
| https://twitter.com/sproulM_/status/1481109509544513539 (read
| the rest of the twitter thread too!)
|
| Still not great though, but better at least.
|
| [1] https://clientdiversity.org/
| SilasX wrote:
| Yes! I got burned by Optimism in another way. They tell you to
| point your applications at etherscan.io for transaction
| data/history, but then, on November 11 last year, the pushed an
| update that deletes all transaction history up to that point,
| which you need for taxes!
|
| They swore they'd have the history restored on Etherscan by Nov
| 18th, but they still haven't. Only recently they pushed a
| workaround that lets you download the transactions as a CSV,
| but that lacks the critical data from your transfers of non-ETH
| tokens. And then, an alternative source _does_ have that data,
| but only as a binary blob you have to run through a decoder and
| parse out yourself.
|
| The crypto tax software, of course, doesn't know what to do
| with it.
|
| (Even if your local client cached the transactions, most, like
| MetaMask, left out the critical data above.)
|
| 68 days till the filing deadline in the US!
|
| I asked the maintainers how they planned to do their own taxes,
| and one of them claimed that he was separately recording all
| sales in a spreadsheet. I had to inform them that the taxable
| events include more than just sales, and, even under the most
| aggressive interpretation of tax law, you need the other data
| to figure cost basis.
| leppr wrote:
| If the history is completely gone, your government won't be
| able to find it either, so you can just fill in whatever you
| want to explain how balance A became balance B.
| AlexCoventry wrote:
| Of course it's not completely gone. Chain analysis
| companies, which tax authorities consult, will have backup
| copies.
| 3np wrote:
| Let this be a lesson: Maintain local self-hosted copies of
| any necessary data, don't rely on third-parties maintaining
| it and keeping it available. Should be standard practice for
| anyone doing anything serious with cryptocurrencies but
| unfortunately users seem complacent enough that easily
| accessible tooling is still lacking in many places and you
| may have to DIY scripts for some parts.
|
| Your situation is unfortunate but it sounds like no fault on
| Optimism or Etherscan here.
|
| (BTW just to be clear: you're talking about off-chain data
| that was never part of on-chain txes, and this binary blob
| comes from some Optimism operator? If it's on-chain data its
| just a matter of doing the right queries)
| SilasX wrote:
| Okay... in a sense, yes, in hindsight, I should have
| planned for this. But there are a number of reasons I think
| this kind of response is too dismissive.
|
| First of all, no matter how well you prepare, there is
| always going to be one level higher of system failure that
| you "should have planned for". In the npm-Linux-box-borking
| debacle, there were people insisting you should never have
| run npm except on fully disposable hardware with an
| instantly replaceable dev environment (which is the only
| thing that would have let you shrug it off).[B]
|
| Got mugged walking home? Should have taken a safer route.
| Took a safe route? Should have walked with a friend. Still
| got mugged? Should have walked with two friends. For all n,
| should have walked with n+1 friends.
|
| Second, it's painting with a tad broad of a brush to call
| me complacent on crypto. I've filed crypto taxes since 2017
| and kept cost basis records from years before. I'm aware
| systems fail and (outside of this) have set appropriate
| backups and cached critical transactions to spreadhseets.
| Even here, even with nothing done by the Optimism team to
| correct their mistake, I'm not actually doomed, as I can
| file taxes based on an input-output analysis of my Optimism
| transactions as a good enough first pass, and correct
| later. The issue is unnecessary convenience.
|
| In fact, as things stand today, I'm in exactly the "safe"
| position you thought I was -- "oh, it's there, you just
| have to query right". Indeed I do! Now that I've pulled the
| tx data from the alternate sources, I "just" have to yak-
| shave out a meaningful read of all the transactions.
| (Update: per sibling, you can download the transactions
| from a different tab but you still have to do some
| transformation.) But none of that takes away from the point
| that this is huge, avoidable inconvenience and flaky
| community relations.
|
| Remember, even if I had cached them, I'd still be stuck
| having to manually import them into my crypto tax software,
| which is a failure from usability.
|
| Third, there are reasons to expect optimistic.etherscan.io
| as a reliable source to point to.
|
| 1) When you set up e.g. Metamask, the Optimism site gives
| you exactly one URL to point to, with no alternatives or
| warning that one day it might be missing history. [A] The
| very fact that Metamask equates "nothing from that url"
| with "no transactions" means they were treating it as
| mission-critical.
|
| 2) The entire ETH community outside of Optimism relies upon
| etherscan.io for most of their own tooling ethereum
| projects. All sources for ETH projects say to connect
| there, as if it's inconceivable that there could be an
| outage or need for some fallback.
|
| 3) It would have been trivial to keep the transaction
| history up. There was already a server somewhere
| (etherscan-owned or otherwise) serving transaction history.
| All they had to do was configure it to be able to check
| transactions for being from before that switchover, and
| ping that (static) DB for a subset of them.
|
| (Remember, this isn't, at least so far, an issue of cost:
| they do plan to get optimistic.etherscan.io back up as a
| reliable endpoint for the pre-upgrade txns, they just
| didn't think to upgrade a way that would facilitate such
| queries of already-existing immutable data.)
|
| And, for the final kicker.
|
| 4) Optimism maintainers _themselves_ didn 't even think to
| locally cache all the transactions they'd need! (As in the
| one mentioned who only logged a proper subset of taxable
| events.) If the very people who live and breathe this stuff
| overlooked it, I think I can be forgiven for overlooking
| it, as they expect even casual users to join.
|
| [A] https://metamask.zendesk.com/hc/en-
| us/articles/4403700785691...
|
| [B] https://news.ycombinator.com/item?id=16438630
| kfichter wrote:
| Heyo, chiming in from the Optimism team here. You should be
| able to get non-ETH token transfers (ERC20 or ERC721) via the
| Etherscan CSV export feature. You may have to make a dummy
| ERC20/ERC721 transaction to get the page to show up. If that
| isn't working for you, feel free to hit me up on Discord (I
| think we already have a thread together) and I can help get
| you whatever data you need.
|
| See this random account for an example of exporting ERC20
| transactions: https://optimistic.etherscan.io/address/0x9c1e0
| c67aa30c063f3...
| sschueller wrote:
| Isn't the whole lightning network for bitcoin also L2?
| vmception wrote:
| hm okay, room for nuance, there are at about a dozen L2
| technologies in deployment right now, each with multiple
| competitors using a specific technology.
| rawtxapp wrote:
| It's L2, but you can have different types of L2s. With
| lightning network, you're opening and closing channels with a
| counterparty using on-chain transactions, so each channel can
| be tied back to an on-chain transaction.
|
| Before someone points out that it would require tons of on-
| chain transactions to onboard everyone onto it, you can batch
| thousands of channel open/closes into a single transaction
| with new protocol upgrades.
| HashBasher wrote:
| Exactly, CashApp/RobinHood/Coinbase/Kraken are all bitcoin
| L2. Centralized and trusted, but L2 nonetheless.
| idiotsecant wrote:
| That's not even the most fundamental issue with LN though,
| it's not a fully thought out system. As LN node count
| increases the routing complexity increases exponentially,
| which is the classic problem of routing issues on large
| graphs that literally every networked system has. The
| internet solves this with some degree of human intervention
| to tip the scales to particular routes, which is something
| that the LN inherently can't (and shouldn't) do. There is
| some amount of optimization that could take place using
| common graph routing algorithms like OLSR or others but
| those represent foundational changes to the protocol which
| historically LN is allergic to for whatever reason and
| wouldn't entirely solve the problem in any case.
|
| Simply put - it can't scale to that kind of throughput for
| a combination of cultural and technical reasons.
| rawtxapp wrote:
| Most end-users won't be acting as payment gateways,
| they'll all have private channels, so they won't appear
| in the routing graphs. The number of routing nodes would
| be many magnitude smaller than total number of LN users.
| It's working fine for now with growing adoption (1ml.com)
| and I believe it'll only get better with time.
| simias wrote:
| Unless things have changed recently the big issue with LN
| is that it's fundamentally a centralizing force. The idea
| that everybody is going to open a million channels with
| every single counterparty (locking coins in the process)
| is ridiculous. Instead people would just open a couple of
| channels with big, centralized nodes but that's just Visa
| with cryptobabble on top.
| idiotsecant wrote:
| Sure, but in order to accommodate more users you need
| more routing nodes. Exponential scaling is a funny thing-
| systems work perfectly right up until they
| catastrophically fail. That's why it's important to
| understand these kinds of problems ahead of time, which
| LN is determined not to do.
| jksmith wrote:
| >> which LN is determined not to do.
|
| What's the source of your opinion?
| rawtxapp wrote:
| Look at it this way, if x = number of total users,
| routing nodes will grow O(log x), not O(c^x). The users
| can grow exponentially, the routing nodes won't because
| the marginal cost of processing an extra transaction from
| an end-user is very close to 0.
| suyjuris wrote:
| > the routing complexity increases exponentially, which
| is the classic problem of routing issues on large graphs
| that literally every networked system has
|
| I assume you are using "exponentially" in its informal
| meaning of "somewhat quickly" ? At least I am not aware
| of any routing issues that scale exponentially with the
| size of the graph.
|
| To the contrary, if you can pick the graph structure then
| routing is not very difficult at all.
| keymone wrote:
| Sigh. Quick, go tell UPS and DHL and others that they
| must file for bankruptcy because traveling salesman
| problem or whatever is hard to solve.
|
| This is just nonsense because, for instance, each LN hub
| can configure how much processing it wants to take on by
| focusing on most profitable subgraph.
|
| In the end, LN will be processing more and more payments
| and you will keep ignoring that fact and claiming that it
| can't scale. This has been happening for years already.
| null0pointer wrote:
| The main issue with LN is even more fundamental than
| that. Their argument against other scaling solutions was
| basically "if we scale on chain the hardware requirements
| will be hard for regular people to keep up and
| decentralization will suffer". So instead they went about
| and created a system where only the wealthy have the
| capital to commit to open enough channels and route
| payments. LN is almost totally antithetical to crypto in
| that it enables the creation of the very thing crypto
| sought to destroy; gatekeeping payment processors.
| Bitcoin was co-opted by Blockstream and co. who wanted to
| become Visa/Mastercard-like rent seeking middlemen.
|
| Opinion part: Monero is technically superior to Bitcoin
| in basically every way.
| voldacar wrote:
| >Monero is technically superior to Bitcoin in basically
| every way
|
| I see how this is true from a privacy perspective, but
| how does monero solve the issue of the blockchain
| eventually becoming too large for an ordinary person to
| run a node on their pc? the bitcoin blockchain is already
| several hundred gigabytes
| null0pointer wrote:
| As I said, that's just my opinion really. But Monero uses
| a dynamic block size. The hardware requirements will
| increase of course. But hardware becomes cheaper over
| time so the monetary cost of participation does not
| increase as quickly as LN where the cost of participation
| is capital directly.
| kingo55 wrote:
| RE: Monero, I agree. One shortfall - how do we verify no
| one on the network has found and exploited an inflation
| bug?
| null0pointer wrote:
| Good question, I don't have an answer for you
| unfortunately. I have seen people talk about this in the
| Monero community though so at least they're aware of the
| issue.
| stale2002 wrote:
| It is yes, and even though the lightning network is
| considered one of the more secure/safe L2 networks, even _it_
| has had bugs (now solved) that potentially could have caused
| everyone to lose all their money, if those bugs had been
| taken advantage of.
| gillesjacobs wrote:
| That's an issue with all cryptocurrency infrastructure though:
| projects need to be proven to demonstrate robust value and it's
| probably one of the most adversarial spaces in software.
| History has shown that hacks and exploits of projects hurt the
| price of the native taken but do not really damage the long-
| term earned trust.
| rawtxapp wrote:
| Exactly this, it's a _very_ adversarial environment with huge
| stakes for those that can exploit it. Even projects that have
| been around for months, years can get exploited which is why
| I 'd recommend waiting a long time before putting non-trivial
| amounts into any smart contract or crypto related projects.
|
| That's also a big plus for Bitcoin, because it's been around
| the longest and because it's so much simpler than more
| complex chains like eth, it's as secure as it gets.
| dan-robertson wrote:
| Are the stakes that huge for potential exploiters? It seems
| that exploits can write off a bunch of value from the
| exploited but, at least for big and quickly noticed
| exploits, it is hard to launder the gains into the
| 'legitimate' part of the ecosystem with big exchanges and
| suchlike.
| rawtxapp wrote:
| I think last year alone had more than a billion dollars
| worth of crypto hacked on defi, there's some trackers out
| there [1]. On one hand, you have amateurs that leave
| their private keys on cloud services and try to cash out
| while living in a place like NYC, on the other hand, you
| have people who know what they are doing or perhaps live
| in places that actively encourage those activities [2].
|
| 1: https://cryptosec.info/defi-hacks/
|
| 2: https://www.bbc.com/news/business-59990477
| steelstraw wrote:
| At least Optimism is smart enough to offer huge bounties. They
| awarded him $2,000,042 for this.
|
| https://twitter.com/saurik/status/1491821215924690950
___________________________________________________________________
(page generated 2022-02-10 23:00 UTC)