📖

Beanstalk University Class #51

Date
November 15, 2022
Timestamps
0:00 Introduction • 0:22 Summary of EBIPs • 5:11 Audits and Security • 16:37 Since the Silo members are not selling Beanstalk mints, does this mean Farmers think that Beanstalk is undervalued? • 22:08 Has Publius been surprised by anything Beanstalk related since the Replant? • 24:44 Will there be an APY on Fertilizer? • 26:39 Would Publius be happy/ interested if things were happening slower? • 31:26 EBIP-6 • 33:51 Closing statements
Type
Beanstalk University

Recordings

Meeting Notes

Summary of EBIPs

  • The first EBIP was due to a bug in the Pod Market that had to do with the cancellation of V1 Pod orders. The BCM removed the Pod order cancel function and other market functions from the UI temporary
  • The other EBIP has to do with the TransferTockenFrom() function, this is used within Beanstalk so other protocols can interact with Beanstalk
  • The bug within the Pod Market was discovered when a Farmer canceled an order and received more Beans than they should have. The extra Beans were returned to Beanstalk, and the Whitehat will be paid.
  • The TransferTockenFrom() has not been exploited

Audits and Security

  • Currently, Beanstalk is exposed to risk, and smart contract risk. An economic risk is Beanstalk’s liquidity only trades against 3CRV which consists of DIA, USDT, and USDC. The economic risk will never disappear in a system like Beanstalk, but the risks can be mitigated. Publius thinks the conversation around Wells was very constructive. New projects being built on top of Beanstalk could be risked if unaudited or even audited. If a new hot project attracts 40% of Beanstalk liquidity and something happens to that protocol the assets could leave Beanstalk. There are a lot of layers of risk.
  • At the end of the day, there is no test like the test of time
  • If the DAO takes on the cost of securing Beanstalk every piece of code that touches Beanstalk, there could be an instance of a developer intentionally adding bugs to get a reward for a bug bounty. Publius thinks there may need to be a culture shift to not use other protocols that are not around for a long time. There is no single rule of thumb on how security should work.

Since the Silo members are not selling Beanstalk mints, does this mean Farmers think that Beanstalk is undervalued?

  • Publius thinks it is hard to say about the value of Beanstalk, but there is a minimum supply of Beans below a dollar. Meaning people are not really selling below a dollar, but when people do sell below a dollar, there is high demand for Convert. Publius also notices that there is little to no demand for Soil. When Beanstalk becomes more complex it will make more sense to look into finetuning the incentive between Convert and Soil. There is some friction with selling Beans on Curve because of their fee.

Has Publius been surprised by anything Beanstalk related since the Replant?

  • Publius thinks Beanstalk is moving on nicely and the economic situation is in line with their expectations. The majority of Fertilizer was sold and there has not been too much interest as of recently was expected. There was a decent amount of selloff after Replant because Beanstalk was Replanted above the peg. The system quickly repegged after the selloff. Beanstalk from a base level is doing pretty much in line with expectations. The main surprise for Publius is the amount of activity around Beanstalk.

Will there be an APY on Fertilizer?

  • It is possible, Fertilizer is not like the Silo because in the Silo you can withdraw your initial deposit and sell. When you buy Fertilizer, you forfeit any rights to the underlying. The rate of return is easy to calculate, but if trying to analyze that and factor in the loss of capital it is unclear. The idea is to take the take of minting and then calculate how long it will be to be paid back then normalize that to a year. Cujo is working on this.

Would Publius be happy/ interested if things were happening slower?

  • Publius is not sure we should be optimizing around happiness, but to answer the spirit of the question, it is very hard to say. There is a lot of really cool tech to be built, and there is no rush to build it. At the moment, there is a balance between pushing new products and things that create utility and minimizing risk. There is no road map currently, and this is causing a lack of direction. Publius thinks that it is amazing the amount of coordination.

EBIP-6

  • This resolves EBIP-4 and EBIP-5
  • See the top of notes to see an explanation of these EBIPs
  • The next steps are to update the UI with these changes

Transcript

Okay. I think we can get started. Probably some child. How are you guys doing? Not too bad, man. Busy week on the farm, for sure. I can only imagine. As a teacher, I'm curious. What's up, guys? Doing well. Glad to hear. All right. We're going to kick off this class maybe with a quick summary, given that even the first question maybe is kind of related to that.

Earlier today, we had an announcement about an emerging subject, and that's kind of related or both related to. But tonight, Chad, since we have you on stage, I'm curious as well. Maybe can you can either of you or maybe both of you summarize, you know, the emergence of bips and then what are the changes? What does it impact?

First of all, the protocol now and then, what changes can we expect to maybe look like some or maybe perhaps you want to kick off with the explanation and then I can talk about moving forward. Feel free to just go ahead, Chad. Sure. So I guess to give a quick overview of the the two emergency bips that have been executed since last class.

The first was due to a bug in the pod marketplace which was identified by a white hat, which is related to cancelations of one pod orders. So the original pod orders that existed in the market there are some behavioral changes to the market that occurred during Bip 29, and this particular form of cancelation was not correctly accounted for.

So the BCM moved to remove the cancelation, the pod order canceled function from from bienstock. And in addition, when we received this report, we also removed a number of other market functionalities from the Beanstalk UI temporarily. So some of those functionalities, I believe including listings as well, are still are still taken down. But we're currently evaluating, you know, the state of things and when to re-enable those.

I think it's it's a little bit unclear right now. Exactly when the V1 order cancelation will go back up. But we're going to take a look at it at the market site as soon as possible under the rest of the functions. And then with respect to the EPA that was was announced today, there was a vulnerable vulnerability in the transfer token from function, which is one of the functions that Bienstock uses to enable other protocols to interact with beanstalk balances in the farm function and otherwise.

And this vulnerability was related to how Beanstalk tracks the allowance of of transferring certain tokens. And so more details about that specifically are available in the announcement. But yeah, I mean, happy to answer any, any other questions about, about those things. Thank you, Chad. And maybe can you give us a summary of any that any of these bugs got exploited?

What are we sending that? Yes. With respect to the the bug in the pod marketplace, it was discovered when an order of V1 order was canceled and a user received more beans back than they should. They were expecting to see receive about a thousand beans. I believe they were received about 10,000. Those beans were returned to Beanstalk. So they're they're appropriately back where they should be.

And then the white hat will receive, you know, payment through the immune five bounty, which they submitted. And then with respect to the the transfer token vulnerability, we've been unable to identify any cases in which this was was exploited and have done a I think breeding in particular has done a pretty, pretty thorough review of of on chain activity related to this so far.

Okay, great. And then what are the next steps? Yeah. So with respect to the the market side of things in particular, we're going to look at re enabling the UAS functionality for components of the market that were taken down out of an abundance of caution when this bug was identified. And then I believe also there's there's work in progress to fix the vulnerability in or, you know, basically make a new version of the cancelation order cancelation function.

I'm not I'm not quite sure exactly when that upgrade would would go out. So that's out of public acceptance to have that enter on had.

Thank you, Chad. Not at the moment. All right. Probably just maybe now we can all I wanted to spend a few minutes to discuss, you know, some of the thoughts behind maybe others and security. So the community and a lot of conservatives on the president's has a lot to say after the exploit. And, you know, we've been very careful with, you know, pushing code.

The first checked and, you know, checked the government audited and audited. And, you know, the contact has already been audited and Halliburton as a result and not just remains a back again, critics and back again. But, you know, the only test or the real test is a test of time. What are your thoughts about that? Probably is, you know, what what can be done or, you know, what's happening with it and how how should the community or the state of about and think about these things.

So currently being stock is exposed to existential risk in a variety of different forms, one of which is common threat, minimal. It it has to be said that being stock has a significant amount of economic risk at the moment from the perspective that currently all of the liquidity trades against three curve, which is basically a least competent imitator of Dai Usdc and tether.

But more than that, the, the, the protocol itself is perhaps perhaps it's in a state where it could continue in perpetuity, but perhaps not. And there's a lot of economic improvements that likely should be made to be in stock that aren't particularly well defined at the moment, but are hopefully going to be able to be made through collective discussion.

Everyone can figure out what needs to actually be implemented, then they can ultimately be implemented. And it's a the economic existential risk never really disappears from a system like Beanstalk. But there is a question of at the moment there are much clearer economic existential risks that can be mitigated as opposed to the big question of is a credit based stablecoin even possible, which is which is a separate question.

And in short, it for therefore collectively toeing a fine line between pushing pushing too fast such that there are problems introduced and there 29 introduced a variety of different problems, but balancing that with moving swiftly enough such that all of the existential risk that seems to be time sensitive or potentially time sensitive is mitigate dated it before before the time comes, let's call it.

So with that in felt like the conversation earlier this week on Wells was very constructive and hopefully helpful for people to understand where we view a lot of the existential risk and where we're trying to spend our time mitigating existential risk. But frankly, the implementation of the grade system hopefully will will significantly reduce existential risk. And then on the other hand, you have things that are potentially introducing existential risk, like new projects launching on top of being stock audited or unaudited.

And lots of new code being deployed. So on the one hand, there is some question of solidifying the base layer of being stock, but let's say there's some protocol that attracts 40% of the liquidity in the protocol and that gets hacked. Even if being stock hasn't been changed in years, that could be a big problem for being stock if the the the have or the exploiter decides to take their liquidity and leave the system.

So in the case of like the Dow hack on Etherium, for example, it really is a fundamentally different thing because the ether can't really leave the system, whereas in being stock, the value that is stolen can leave the system. And so there's a there's there's just a lot of difference. The situation that being solved finds itself currently and will continue to find itself.

And from a risk perspective, it's very serious. And in order to get to a place where a the base layer and be all of the protocols that implement the derivative and other core core products, let's call it on top of being stock. All of those really need to also get to a place where they're relatively solidified in order for for things to become safe over time.

So there's lots of layers of risk. And yeah, it's, it's, it's, it's, it's, it's scary stuff, frankly. And there's not much to be said then perhaps perhaps the short term timeline should get pushed back where the, the, the existential risks not associated with smart contracts are downgraded to even further or reprioritize a smart contract risk. And it is worth saying to your point that the process around pushing code has gotten so much longer and thorough and with much, many more parties and i's involved before pushing anything you can change and still there are problems and still there are bugs and still there are potential vulnerabilities.

So in practice it goes without saying, but it's good to say no. But there there is no test, like the test of time and that's going to apply for Bienstock and that's going to apply for protocols on top of being stuck. At the end of the day. Thank you for this. And you've highlighted a few things that's maybe I wanted to ask a bit more.

So one of those things is that, you know, the being economy is expected to grow at say or will grow and then you'll have different protocols, you know, building things on top of being stuck. And the expectation is downside of depositors or being holders will be able to do different things, let's say, with those protocols. How do you think that now is to think about, you know, about this the ecosystem of the economy and thought is it is it up to the interest to also protect, you know, those other protocols that utilize beings just given that this is, you know, one economy of the EMP?

Well, there's a couple different things here. There's largely a tragedy of the commons problem where if the Dow decides it's a collective to completely take the cost of securing the contract sort of problems, I think I think we'll see a bit. Maybe we can start you can start again with the answers. Can you hear me now, Mark? Yes.

All right. Sorry about that. So there's a little bit of a tragedy of the commons problem here, which is that if the Dow decides to take on the cost of securing via audit or multiple audits, every piece of code that's going to touch billions, we use billions and have bug bounties that a the developers of those that code, particularly in the pseudonymous world, introduce bugs intentionally and then try to report them or take advantage of them and then expected to cover it.

So there's there's some weird I wouldn't call it liability questions, but incentive questions around what the Dow should be doing and what's prudent. But frankly, I feel like the big thing is going to be as a culture, not to use protocol or not to use protocols that haven't been around for a long time and been stopped. What's a pretty long time for what's exploited.

So and Beanstalk has had vulnerabilities since before. There's no there is no single rule of thumb here how security should solve problems. We started losing your again or your look. You're muffled in the mouth, let's say sorry about this. Let me try. Let me try moving somewhere else. I'm not sure exactly what's going on, but I was was my answer clear or did I lose you?

Yes, I think I think the piece of advice let's say that what you said is that users or holders of being they will want to, you know, use protocols that have either been sufficiently audited or, you know, has been around for some time.

Yeah. But at the end of the day, neither of those two things are guarantees of security, as we've seen with Bienstock. Yes. And that was the other thing that you have highlighted. You know, there are different different kinds of risks. So, you know, there are the risks where the protocol doesn't do what you expected to do on that, given maybe there were lucky, you know, some loopholes or bugs or whatever, you know, that caused it.

And then the other bit, as the economic risk where, you know, the protocol behaves as expected and everything runs fine. But hey, the experiment, you know, didn't turn out as expected. The same. Yeah. And at the end of the day, it's up to every individual user bienstock to determine what, what makes sense for them to use and experiment with and how much capital to put at risk.

And it's yeah, it's as always. Bienstock Bienstock remains an experiment, and if anything, the experimental nature is increasing, not decreasing in the short term. And that does introduce significant risk.

Okay.

All right. With that, I think we can move to the next to the next topic unless, you know, anyone in the audience wanted to discuss any of this more or, you know, just feel free to drop questions and somewhat chat published. I want to talk a bit about, you know, the state that the protocol is in right now.

And now let's talk a little bit about the economics of it. So we see what's happening with the overall, let's say, you know, market and the crypto market and specific bienstock seems to be very fine or, you know, pretty healthy. The protocol is maintained and, you know, a continuously, let's say, you know, out of seasonal or seasonal or, you know, throughout most of the seasons and say and then the majority of farmers are not, you know, selling any any of those beans that are getting minted.

What do you think that means? Is this some sort of, let's say, like an upper limit for being? Does this show or maybe signal that the protocol in general is undervalued, just given that the number of beans are increasing and that the holders are holding to it and not selling the. Does that not, you know, signal that or what do you think?

Well, it's hard to say about the value, but what's clear is that there is no or minimal supply of beans below a dollar. People are not willing at the moment to sell beans below a dollar. And any time the people have sold beans below a dollar, there seems to be decent demand to convert. There seems to be less demand for soil, basically no demand for soil, which is interesting.

And as as being stock becomes more sophisticated as an economic system, the balance between the temperature and the convert incentives, that's something that will definitely it will it will make sense to to look at fine tuning that, because it's clear that right now all of the demand is coming from convert and not from demand for soil. And it's unclear how sustainable that is.

And the liquidity to supply ratio is something that the protocol can perhaps use. That's an indicator of that. But that's not necessarily the most important thing right now. The point is that for the moment, there's not a lot of supply below a dollar. There is demand from convert, mostly below a dollar. And there does seem to be some, let's call it a margin above the peg, above a dollar, a delta, be above a dollar where there's minimal selling and converting happening.

So it's not just below the peg, it's actually below something like 1.0 of two. Now granted, because of the the curve B, which is four bit, I believe that doesn't necessarily it's not surprising because there's some friction around selling beans above a dollar for less than four bips above a dollar. You're still getting less than a dollar. So it's unclear how much real demand there is above a dollar.

Particularly it seems like the majority of activity or demand above a dollar is from a single automated wallet or bot. So it's not it's not necessarily the most and it's certainly not the most growth that being stuck has seen in its past. But if you take a look at the charts on the forecast page, for example, and you look at the the all time market cap or all time being supply, I guess that's on the supply chart in a different spot.

But even the market cap, you can see that this this period isn't dissimilar from the some of the earlier periods and be in stock from a size and a relative stability perspective. There's there is no volatility factored in here. So that's largely why it looks a lot flatter. But otherwise, this isn't this is neither here nor there from our perspective at the moment.

But lots of interesting data and continuing to just observe and learn and try to try to think about the models as much as possible on this end. But generally not not too much to infer from the fact that there is some particular activity above or below a dollar at the moment, other than not a lot of supply below a dollar and demand demand below a dollar.

Okay. And I agree with you on on the latter. I guess, on you know, the basis on which you're not really selling a being for a dollar. But just given that, let's say, you know, the senior edge is accumulating. So it's true that you may not get $100 for 100 beans, but you sell a hundred beans that, you know, you've gotten through through a senior to sort of interest.

And I think it's pretty interesting to find, you know, farmers in general holding and maybe that has been reflected as well. And the prices of unripe on the secondary it seems that you know the secondary valuation for stranded assets has also increased in the past few weeks and I find it baffling, to be honest. But in this market, you know, this is happening and it's quite a bullish sign.

Okay. Dumpling says, have you been surprised by anything possibly planned or is this about what you would have thought? Would you be curious to hear? Okay. His curious to hear what you think about that. Yes. Well, on the one hand, being stomach is moving along relatively nicely, both preplanned and the economic situation have been started generally in my expectations, the majority of fertilizer sailed, happened prior to the re plan or shortly after, and there has been much interest since that was expected.

There was a decent amount of a sell off an overhang shortly after the replant because the system was replanted above a dollar. So there was some mending there and there were even some significant inflows after we planted then left and that exacerbated it. But generally did the overhang was a not particularly large and b the system respond in nicely in general is quickly re pegged if in a way that it really hadn't before due to convert.

So that was interesting. I think a lot of that was from the fact that all the liquidity was locked at that point, which still remains the case to some extent, but being stocks seems to be from a base level, doing pretty, pretty much in line with expectations. I think the main surprise is to us is the amount of activity happening around the stock, considering that it was replanted three months ago or so.

Right. September, October and November. Yeah, three months. So in short, that there is a lot of crazy good stuff happening around the stock. And that's perhaps the thing that's most, most surprising to us agree with. I'm pretty excited to see the things, you know that's going to happen on the inside come, come, you know, basically be deployed under us.

This is it. Deckers asks, Would there be any way to show an employ on fertilizers? So not sure of of to drill is here to know that they were working on that but can talk a little bit about that so the idea that it's possible now things don't map exactly like the silo because unlike the silo where you can withdraw your capital and sell your your your initial deposit, when you buy first you you forfeit the any sort of right to the to the underlying and therefore the the rate of return is easy to calculate.

But if you're trying to annualize that and factor in the loss of capital, it's it's a lot less clear. So the current thought and not sure exactly the status on the implementation of this but the last that we heard on the discussion of this was that the the the idea would be to to determine based on the current minting, how long it would take for the for the entire fertilizer to be paid back and then basically normalize that to a year.

So if the rate of return when the fertilizer was 20% and based on current minting, it was expected that it would take two years to get there. The API would be and I guess it's not exact, but it would be something like 10% on site, which confirms that Cojo is working on the first. If I can see dumping and stuff in a question that's worth or not.

All right. Duncan follows up and asks, Would you be happy or interested? As things were actually happening slower since liquidity is mostly still locked, maybe existential risks could be reduced a bit. Not sure happiness is really the thing to optimize around, although to answer the spirit of the question, it's really hard to say. There's there's a lot of really cool tech to be built, and frankly, there's no rush to build.

Most of it because someone else builds a great it can be fought and if not, at some point the Beanstalk community will certainly get around to it. But I think that that at the moment there really is a balance between pushing new products and things that create utility for beings and purely focusing on things that that minimize existential risk like wells and the game system and it's a fine line.

So perhaps like all things, it will oscillate and the focus goes back and forth between Core Beanstalk functionality and lots of stuff being built on top of being stuck to our earlier point about being surprised about how much stuff is being built on top of being stock. I think from from our perspective and being stock farms a lot, a lot, a lot of work has gone into supporting the ecosystem as opposed to working on Beanstalk directly and a lot of that is great, really, really great.

But there's, there's just a need for more resources and everything comes at the margin and will continue to come at the margin and yeah, it's not a question of necessarily moving slower as continuing to move deliberately and feel like at the moment one thing that is tough is there isn't really a roadmap and there is a notion file which not sure how public it is, although we've been trying to get all of the and stuff to be public, but we've been trying to put at least our thoughts into a little bit more of a rigorous timeline and form, but recognize that there isn't necessarily the most direction in terms of a roadmap or anything published

recently and nonetheless, it's kind of amazing the amount of coordination that is happening almost without explicit coordination. It's just all happening where lots of things are lining up together and therefore you almost can't. It's hard to say that things are being rushed, but it's also hard to say that because I'm moving very fast. And so what does that really mean?

It means that the thing that can really probably be improved is the process. And maybe the question is really how much time should be spent optimizing the process as opposed to building things and not to move faster or slower thinking no matter how how slow even you want to slow down yourself, you still find yourself pushing harder and wanting to move fast.

And Brian just said, it's crazy that it's only been three months. It feels like five years. It really does feel, you know, maybe not five years, but it feels like a long time things and defi moves fast. And I think the Dow in general here holds, you know, holds everyone to a standard and expects, you know, more and more.

And brings us back to the initial discussion that we have, is that, you know, we're moving fast, maybe too fast, you know, for our own good. But, you know, no matter what, you know, this is this is, I think, the spirit of of, you know, what what being stuck as I'm the people behind that sort of the door behind it.

I think. Yeah dumpling concurs and says he agrees about, about the process. Let's, let's give it a minute or two see if others have questions, you know, whether it's something good to discuss or something else that's happening a month is for fear of torture. Okay. We briefly discussed the emergence of BEPS earlier this class in a forum five and guys us posted an announcement on IBM six that's meant to resolve those those two.

That's going to happen unless you can come on stage and give us a summary of all those steps or the step. But yeah, I don't mean to derail class by any means, but figure we should share as soon as possible after the transaction is executed. So silo chatter I think pretty adequately addressed a couple of these. But essentially even for the bug that resulted it but for was related to the fact that Beanstalk was storing essentially the number of pods ordered for every pod order rather than the number of beans locked.

So was returning farmers a proportional increased amount when canceling their pod order rather than the number of beans they locked in the pod order? And then with the EBA five six, which was related to permits, I mean at a high level, a lot of the inside functions have a parameter that allows you to decide which what balance you want to pull a farmer's assets from, whether that's their farm balance, their circulating balance or or some combination of the two.

And so the fix in this case was simply to enforce that only only internal or farm balances would be used by that function. The vulnerability was in being able to transfer assets from another farmer's external balance if they had approved as such. So those are a couple of things that were fixed in the event. And there's a there's a write up in the announcements channel, so feel free to check that out and happy to answer any questions.

Thank you, guys. And then I guess the next step, as is for that to be reflected on the UI, the Connect. And that's probably a question for Sally, Chad, or I think someone might be working on it. But yeah, I think the idea is to get that back up as soon as possible. Thank you. Thank you guys for the update.

We are at the end of the of the townhall chat, all the questions. Let's maybe give it to see if others have questions. Otherwise we can end this class. Thank you. Thank you all for joining us. And probably us as always. Thank you for taking the time to answer this test questions. And we'll see you on next week.

Again, my.