43 Photos and videos
Dan retweeted
Jun 12
Some personal news: Today is my last day at @KuruExchange.
Over the past two years, I’ve had the privilege of helping grow Kuru from an idea into an integral part of the Monad ecosystem. Along the way, we surpassed $2B in mainnet trading volume, built an amazing community, and made many real friendships I hope will last a lifetime.
I can’t thank @0xfravashi and @0xtrojan_ enough for taking a chance on me to build a fully onchain CLOB together, along with great coworkers and friends like my fearless co-host @kryptobaby777 and @cryptunez who first got my foot in the door in the eco.
I remain a proud cheerleader and stakeholder for Kuru and Monad at large.
On Monday, I’m thrilled to be joining Zcash Open Development Lab (@zodl_co) as Content & Communications Lead.
Zcash’s commitment to privacy, freedom, and open-source values has reignited my passion for crypto. I’m excited to help tell that story to the world and bootstrap Zcash and @zodl_app adoption at scale.
A huge thanks to @peacemongerZ , @jswihart, and @tonymargarit for this opportunity, and to friends like @Cryptopathic and @SPCMNandHOBBES for helping me get privacy pilled in the first place.
Onward. ROM. 15:13
120
13
403
36,300
Dan retweeted
I for one cannot wait for @mert to go full Ztalin on everyone grave dancing zcash:native last Friday
16
4
200
17,484
Hi @Polymarket @JupiterExchange here's an opportunity to set up a market on if the Zcash bug was exploited.
I suspect there's a large arb between X sentiment and reality.
Jun 5
To put a finer point on it: the people who would actually face a loss if the bug were exploited are shielded holders, not transparent holders (99% of people on exchanges). Transparent holders would not be affected at all.
If you're a shielded holder and you're worried about this bug, game theory says to unshield before the pool gets drained. It's essentially free and reduces your risk.
So while markets are freaking out, shielded holders--who might actually face the loss--are not (only 1% of the 30% shielded pool has unshielded), which is the clearest signal that the people with skin in the game are not actually worried that this bug was exploited.
The size of the shielded pool is the prediction market on this bug.
2
10
502
Dan retweeted
Jun 5
To put a finer point on it: the people who would actually face a loss if the bug were exploited are shielded holders, not transparent holders (99% of people on exchanges). Transparent holders would not be affected at all.
If you're a shielded holder and you're worried about this bug, game theory says to unshield before the pool gets drained. It's essentially free and reduces your risk.
So while markets are freaking out, shielded holders--who might actually face the loss--are not (only 1% of the 30% shielded pool has unshielded), which is the clearest signal that the people with skin in the game are not actually worried that this bug was exploited.
The size of the shielded pool is the prediction market on this bug.
21
18
195
26,901
Dan retweeted
Jun 5
While everyone debates whether the Orchard pool was exploited, you can just look at the data.
We shipped Pool Analytics this week, per-pool supply tracking, shielding/deshielding flows, turnstile breakdowns. Orchard, Sapling, Sprout. All live.
Verify it yourself: cipherscan.app/pools
3
14
51
2,244
Dan retweeted
Jun 5
From a non technical perspective, to believe this vulnerability was actually exploited before being patched, you’d have to believe someone (1) was looking at the Zcash codebase more thoroughly than any of the ECC, ZODL, Shielded Labs, Zcash Foundation and other core Zcash dev and security contributors combined AND (2) resisted the urged to completely run out the Orchard pool turnstile to sell all its counterfeit ZEC during a historical 20x bull run. Seems unlikely to me.
IMO the real takeaway here is the Zcash dev and security community is absolutely best in class and ahead of every other protocol in terms of AI risk that will be endemic to all given what the models can do now.
And certainly if there is a Network Upgrade to allow anyone to verify the integrity of the Zcash supply and to prove the non-existence of counterfeit Zcash in the Orchard pool.
67
59
416
62,673
zcash has been insanely valuable for a long time
it also has a great relationship with security researchers
fud all you want but the takeaway should be that these models CAN AND WILL uncover worst-of-the-worst vulns that have existed in prod undetected for years
5
21
236
19,828
Dan retweeted
Jun 5
Zcash has the best cryptographers and security engineers in the world focused on it 24/7, auditing and battle testing it.
In this instance within hours of the latest model dropping they used it to find a bug.
A bit worried for the rest of crypto, which doesn’t have the same type of talent auditing it as rigorously.
125
58
471
47,473
Shielded protocols give you privacy in exchange for placing supply integrity in the faith of cryptographic assumptions. This is true for all of these protocols, every one of them, without exception.
There is no cheap trick that lets you get around this, like another technique that verifies what's "really happening" inside the pool. You will always find yourself just repeating what the SNARKs are already doing, using (possibly different) cryptographic assumptions.
The only thing we can do is rely on safe assumptions, and make our code flawless. Prior to a few years ago neither of these were practical, but we're beyond this. We can formally verify our shielded protocols and their implementations so that their correctness mathematically reduces to these cryptographic assumptions.
We may soon even do this with the current version of Orchard itself (there are at least three different teams competing to implement a fully verified proof of Orchard's circuit right now, for example). These proofs don't have to be checked by humans in their entirety, just the small theorems that describe the security notions and specifications.
Perfect shielded pools.
32
73
444
122,840
Dan retweeted
Jun 5
Fascinating to see how certain individuals are spinning as a negative the fantastic work by the Zcash developer community to identify and remediate a vulnerability
The AI-enabled assault on blockchains is here and I'm proudly on Team Zcash
250
152
1,261
146,245
Dan retweeted
Jun 5
The sharpest cryptographic minds in the world are now pouring over all this code rechecking everything
At the same time a formally verified post-quantum pool is under development.
The tech progress has never been better for Zcash!
Don’t be a panicon.
since this comes up every few months, a refresher:
- first, there *is* a way to prove the bug wasn't exploited, more on this below
- the fundamental tradeoff in a strict privacy pool is that if there's a bug, it could be utilized without immediate detection. this is the same for almost all privacy protocols without audit keys and with circuits
- it's similar to any other crypto bug, like defi, in that something could be exploited and moved to a different chain. there are bugs lurking all over defi, blockchains, and all software at all times. the difference is that given the privacy, it's obviously harder to detect timely
- note that this has always been the case with any of these things (and zcash isn't unique here, the other notable privacy project you're thinking of also has the risk of counterfeit bugs), so nothing is "new" except for the fact that understandably not everyone knows the technical tradeoffs
- in zcash, you have guardrails to detect this so the supply would never increase past 21M *but* the ppl in that pool would get shafted unless there's social consensus, which would admittedly be messy
- recently, the zcash core teams have been increasingly using advanced tools and hiring external security firms to audit themselves to keep improving security
- this is also why it's harder than it sounds to just add privacy to an L1 or L2 (without audit keys) because you want a high concentration of security researchers and cryptographers looking at this at all times. it's also why "dino" projects are interesting because they've survived this long.
- now with this new effort, one of these was a hit and the team immediately patched the bug they found
- you can be reasonably sure that it wasn't exploited given a number of signals, but you can't definitively prove it unless either:
i) the turnstile is triggered
ii) the wallets start pointing to a new pool to migrate (there have been 3 such migrations in the past for example) which would then prove this
luckily, there has been work on creating a new pool that's provably sound, formally verified, and quantum proof this whole time with @TachyonZcash (which is also how I first got introduced to zcash)
so once that migration is done, you will have full certainty
4
9
68
2,896
I'm not technical and relatively new to Zodl / Zcash.
Here's how I'm thinking about it.
You are either getting generational prices or privacy in crypto will never work. Some things to consider:
1) Multiple zcash organizations are working on a way to support the accounting of the shielded pool. Proving no exploit.
2) If you thought privacy could be replicated on another network, it's time rethink that assumption.
3) Zcash will be stronger than ever once this is sorted.
Personally, I trust the team to figure out a path forward. They haven't given me a reason not to.
Short term noise for long term sustainability.
36
22
284
24,017