[ccpw id="13305"]

US Treasury goes after DeFi and top MEV bots lose $25m


Regulators have always been playing catchup when it comes to crypto, and after a string of (coordinated) regulatory actions against a wide swath of crypto actors, it seems that the US Treasury is now setting its sights on “DeFi”. The tweet from crypto Twitter maestro, Neeraj sums up a piece written by his colleague Peter Van Valkenburgh. We’ll defer the constitutional questions to CoinCenter, but it is clear from the Treasury’s assessment that it is misconstruing what DeFi actually is vs. those that purportedly use it as a marketing tool.

Regulators target entities that serve as intermediaries to financial activity. It’s easy to target Coinbase or Kraken because it’s a registered company in the US. But what about Uniswap? Regardless of whether regulators legally can or should target it, the simple fact is they can’t. Even if they put Hayden in jail and got all UNI token holders to go along, they simply can’t change the immutable smart contract on Ethereum.

This is not to say they won’t try! For DeFi protocols that rely significantly on governance (all the lending protocols), they can target the token holders themselves and could muster through regulation by commandeering enough governance power.

There is also the very remote possibility that Uniswap could get the Tornado Cash treatment. Tornado Cash is also a set of immutable smart contract on Ethereum that regulators were unable to take down directly, but they achieved the same end by forcing RPC providers and validators to refuse to broadcast or confirm blocks that have transactions that interact with the Tornado Cash smart contracts.

But Tornado Cash reportedly facilitated payments to North Korea. What has Uniswap done?

A chart that attempts to breakdown how a malicious actor stole $20m from the most profitable MEV bots through an exploit of the Ultra Sound Money Relay because of a vulnerability in mev-boost-relay, the Flashbots-built client MEV searchers and relayers. Bert Miller of Flashbots has a full post-mortem and step-by-step account of how the exploit ocurred. In short, the attacker exploited mev-boost’s commit and reveal scheme by convincing the relay to reveal the contents of a block because, the relay only requires a signed block header but does not check if the block is invalid. Typically, since the block is invalid it would never get confirmed by the beacon chain.

But in this instance, the attacker looked at the contents of the block being proposed and then used this information to propose their own block where it exploited the MEV bots that had submitted transactions in the original bundle.

This was a shock to the MEV community, which typically does the exploiting. MEV godfather (and Flashbots cofounder) Phil Daian said the exploit “demonstrates the true power of having in-protocol [Proposal Builder Separation] + [Single Slot Finality] one day, while also showing that there’s some work to do to get there :)”

OtterSec has a great Twitter thread, as does MEV OG – and mev-boost skeptic – Pmcgoohan.

  • Euler exploiter returns $177m in stolen funds Link

  • Sushi Head Chef releases statement on SEC subpoena Link

  • DeFi Saver launches DCA and limit orders on Ethereum Link

  • CoW Swap launches RPC endpoint to protect against MEV Link

  • OpenEden launches regulated on-chain vault managing US Treasuries Link

  • GFX Labs launches Google Sheets add-on to query on-chain data Link

That’s it! Feedback appreciated. Just hit reply. Written in Texas, but my heart is in Nashville with the Tennessee Three.

Dose of DeFi is written by Chris Powers, with help from Denis Suslov and Financial Content Lab. All content is for informational purposes and is not intended as investment advice.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *