Glitch Weekly: Normies are (literally) sleeping on smart contracts
Plus: Worldcoin’s new blockchain, a16z’s new ZK thing, and America’s new surveillance law
Guess who’s back. Back again. Glitch is back. Tell a friend. Today we’re debuting a new newsletter product we’re calling Glitch Weekly. Original journalism is still our priority, but we also want to use the Weekly as a way to paint a clearer, more detailed (and more frequent) picture of what we mean by Glitchy. It’s a bit of a news digest, with some short and hopefully insightful analysis on recent goings on. Please enjoy, let us know what you think, and if you like what you’re reading, share with all your Glitchiest friends.
Who did Avraham Eisenberg defraud?
The self-described “applied game theorist” certainly exploited an economic vulnerability in the Solana blockchain-based exchange Mango Markets. He was just convicted of commodities fraud, commodities market manipulation, and wire fraud in the first US criminal case involving cryptocurrency market manipulation.
But did he do anything wrong?
The exploit and its aftermath, which transpired in the fall of 2022, could not have been more crypto. He orchestrated trades using multiple cryptocurrency accounts, on Mango Markets as well as other exchanges, to inflate the price of Mango’s native token, called MNGO, and net more than $100 million real dollars in profit. Because of how the protocol worked, a lot of this money came from the deposits of other users.
Eisenberg’s name quickly surfaced in connection with the scheme, because, naturally, he had telegraphed the whole thing in a private Discord server where one of the members was an independent journalist. He soon came clean, issuing a vague statement on Twitter claiming that he’d reached a “settlement” with the Mango Markets DAO under which he would return a large portion of the money and keep the rest as a bug bounty. “I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting the parameters the way they are,” he tweeted.
Neither the US government nor the jury in his criminal case agreed, and now Eisenberg could spend decades in prison. The moral and ethical issues here are complicated, though—as is the fraud charge.
“Overall, what he did I would consider within the ethical norms of the DeFi space,” crypto lawyer Gabriel Shapiro said on the Unchained podcast when Eisenberg’s Mango Markets antics first came to light. The dream of decentralized finance or DeFi purists is to remove human middlemen by putting all the rules on the blockchain. They subscribe to the idea that “code is law.” If you can figure out a novel way to make the smart contract code work for you, that’s fair game—similar to a video game player discovering a glitch that helps them win.
That doesn’t make it legal, Shapiro noted—he said Eisenberg’s actions probably fit the legal definition of market manipulation. The fraud charge raised a more interesting question, though: Who did he defraud? Technically, he didn’t deceive any humans. He created phony price signals to fool a smart contract into acting in a certain way—specifically, handing him a pile of cash—the designers likely never intended. But the open-source code (which was available for every user to read and inspect) worked as designed. How much of the responsibility should fall on the developers of the faulty code?
These technical nuances didn’t move the jury in this case. One member even fell asleep during Eisenberg’s lawyer’s explanation of smart contracts, according to Axios. Shapiro told DLNews that the verdict might set a dangerous precedent because it could give DeFi developers “more legal remedies if it turns out their code or risk parameters are faulty.” Who cares about all the details—just blame the hackers.
Gary Gensler’s SEC is finally coming for the king.
Uniswap Labs, the company behind Uniswap, the world’s most popular decentralized cryptocurrency exchange, has seemingly been on a collision course with the US Securities and Exchange Commission for years. Now it appears things have finally come to a head.
Earlier this month, Uniswap Labs said it received notice from the SEC’s enforcement division notifying the company that the division is planning to recommend legal action against it. What exactly the SEC might charge isn’t clear, but this is only the latest stop on the agency’s endless campaign to legally establish its view that much of the crypto trading that goes on via Uniswap and other decentralized exchanges constitutes securities trading and should be regulated as such. There’s also the issue of the UNI token, Uniswap’s native crypto-token. While Uniswap Labs argues that it doesn’t fit the traditional definition of a security, that definition is murky enough in this context that a court could see otherwise.
This is the heavyweight fight with The Man that crypto fans have been waiting for. A win for Uniswap would stake a major claim for the legitimacy of DeFi networks as alternative financial rails. And Uniswap Labs has come out firing, noting that recent court decisions have damaged the SEC’s overarching argument. “Despite SEC rhetoric that ‘most’ tokens are securities, the reality is that tokens are a digital file format, like a pdf or spreadsheet, and can store many kinds of value. They are not intrinsically securities, just as every sheet of paper is not a stock certificate,” it wrote in a blog post titled “Fighting for DeFi.”
DeFi probably wouldn’t exist without Uniswap, which pioneered the automated market maker technology at the heart of the movement. Uniswap Labs developed the smart contracts, and it maintains a website that helps users access them. But those smart contracts are publicly accessible via the Ethereum blockchain and they aren’t upgradeable—no one can pause them, shut them down, or reverse transactions. A major blow to the Uniswap model would likely chill decentralized protocol development, at least in the US. But you know what they say about coming for the king.
Worldcoin is so popular it needs its own blockchain.
Or something like that.
“World Chain is a new blockchain designed for humans,” reads an announcement on the website for Tools for Humanity, the company behind the cryptocurrency best known for its iris-scanning chrome orbs. Worldcoin is very into talking about humanity. The reason you should scan your irises, it says, is so that you can prove your own personhood—a capability it sees as essential given how many non-humans are on the internet. Apparently humanity also needs its own Layer 2 blockchain. “Verified humans will get priority for blockspace over bots,” the announcement explains, and real people will get a transaction fee allowance for “casual transactions.”
According to Tools for Humanity, Worldcoin, which launched 10 months ago, accounts for 44 percent of all activity on OP Mainnet, the Ethereum Layer 2 chain developed and maintained by the firm OP Labs. Sometimes it jumps above 80%, apparently. “Given the scale and growth rate of this community, it’s time to graduate to a dedicated network.” The new chain will use the same “optimistic rollup” technology under the OP Mainnet’s hood, popularly known as the “OP Stack.” It’s the same technology running Base, the Layer 2 developed by Coinbase, and the NFT marketplace Zora.
Hmm … Interesting! Genuine question: Who are the humans behind all these “casual” Worldcoin transactions and what exactly are they doing?
A16z made a zero-knowledge thing.
It’s a zero-knowledge virtual machine (zkVM) called Jolt. What’s a zkVM, you ask? We’ll tell you, right after this important message about applied zero-knowledge cryptography: Around a decade ago, crypto nerds made this “moon math” practical so they could have privacy. Along the way, they realized they could also use it for another thing called verifiable computing, a process by which one computer (the verifier) outsources computation to another, more powerful one (the prover), which can then generate a cryptographic proof that the computation was done correctly. The first computer only has to check the proof, which is a lot easier than running the program itself. As we’ve discussed before, this capability arises from a property called succinctness: zero-knowledge proofs are smaller and easier to process than the statements they prove.
The first place such verifiable computing has made a big difference is in the crypto world. Blockchains are low-performance computers; they are slow and expensive to use. Now they’re outsourcing some of that computing to other entities that use zero-knowledge cryptography to verify their computations. In theory, there are also plenty of non-blockchain applications for this kind of verifiable computing. But it’s extremely difficult to write zero-knowledge programs, called circuits, and few are skilled at it.
Which brings us to zkVMs and Jolt. A zkVM is a tool the more powerful computer uses to prove it ran the program correctly. The benefit of Jolt and other zkVMs in development by startups Succinct Labs and RISC Zero is that programmers don’t need to write circuits. “(T)he programmer only needs to write a program in a high-level language of their choosing, and the zkVM handles the rest,” a16z explained in a recent blog post.
“Hyper composable virtual worlds that we’ve never seen before.”
We’ve talked a fair amount about onchain games (aka autonomous worlds) in this newsletter. But one of hardest things to explain about what onchain game developers are after is something called “composability.” The property, or “affordance” as the nerds like to call it, arises from the fact that all the game’s rules and logic are encoded in blockchain smart contracts. That means it’s possible for anyone else to extend the game world by adding third-party “plugins” that interact with the contracts to introduce new game aspects. It’s a bit like traditional video game “modding,” but on crypto steroids. The concept was on full display last week in Lisbon, where Ethereum OG Peter Pan (that’s his quote above ^) convened 132 developers to demo their games and build new things inside other games. You can see videos of the demos here.
In one example, a group turned an asteroid in the space-based game Primodium (which we called one of the Glitchiest things of 2023) into a casino where players can gamble to win or lose valuable game resources. As the Primodium developers explain in their developer docs, the game is designed to let third parties extend the game world “with new commands, logic, and data while still being subject to the same rules as the core game. This is different from modding, which can involve changing the rules and restrictions of the game.”
The makers of a new handheld gaming console say it will be blockchain-ified.
A startup called Playtron is developing a handheld gaming device that will integrate with the Sui blockchain, a Layer 1 network developed by ex-Facebook engineers. Tipped to launch in 2025, the new gadget, called the SuiPlay0x1, will be able to run blockchain-based games, according to a report in Decrypt. It aims to challenge the dominance of incumbent giants in the handheld device market such as Steam and Nintendo. Its blockchain integration will mean people who hold assets on Sui will have them linked to their Playtron account, and the devices will use Sui’s zero-knowledge login mechanism, which is like a “sign in with Google” button but (sorry, using this one again) on crypto steroids.
The US Congress may have reached a breakthrough on data privacy—or at least a partial solution.
A bipartisan proposal called the American Privacy Rights Act would limit the types of consumer data that large companies (with over $250 million in revenue) are able to collect, store, use, and give to the government. Consumers would also have the ability to sue these companies if they violate the rules. In the new system, a national registry of data brokers would be created, who would serve as the country’s data gatekeepers. In theory, brokers would be forced to scrub their lists if someone asks, and allow people to opt out of having their data sold.
While politicians are touting the bill as a watershed, internet freedom advocacy group Electronic Frontier Foundation said it fears that the new bill would “freeze consumer data privacy protections in place, by preempting existing state laws and preventing states from creating stronger protections in the future.” The EFF added: “Federal law should be the floor on which states can build.” Either way, to make it to President Biden’s desk, the proposal would have to clear both lawmakers’ committees and pass both chambers of Congress. In an election year, that may be unlikely.
Then again, “the next US president will have troubling new surveillance powers.”
That’s the headline from Wired on Congress’s recent reauthorization and expansion of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which authorizes national security agencies to intercept certain foreign communications that flow through US networks. The Senate pushed the bill through at the 11th hour, electing to ignore reforms proposed by privacy advocates, like a requirement that the government get a warrant before looking at the communications of American citizens who are swept up in the program. On the other hand, the bill adds language that “expands the type of service providers that can be compelled to participate in the program,” as the New York Times put it. “The measure is aimed at certain data centers for cloud computing that the FISA court ruled in 2022 fell outside the current definition of which services the statute covers, according to people familiar with the matter.”
Follow us on Twitter or get corporate with us on LinkedIn—if you want.