N/A
Recording
Transcript
there's a lot of things that are difficult uh here brad but the decentralized governance is certainly one of them in short even vitalik was participating in the discussion on twitter saying token-based governance doesn't work basically so we take that to heart and i think as a dow everyone's gonna need to [Music] collectively agree on what is a an on-chain for a sufficiently decentralized governance process and censorship resistant governance process going forward and that's not going to be trivial to design right so in short there's no chance that at least in my opinion there's any sort of on-chain decentralized governance mechanism ready for audit in five weeks instead the concept is short-term beanstalk should proceed with in my opinion what's still a pretty decentralized solution where there's going to be a multi-sig governed by the community with nine or more signatures that are really going to be distributed and decentralized so it's as long as you expect those signatories to execute the will of the dow which will now be voting on snapshot for example for the time being right it's obviously imperfect but necessary to get beanstalk back up and running in a timely fashion just because in practice the fact that the governance could execute arbitrary code on beanstalk was what presented the vast majority of potential attack vectors sure and this is a this attack is an example of one and so the fact that there's no on-chain governance from our perspective does mean that there's a dramatically reduced risk profile to beanstalk which over the next couple months is important for people to renew their confidence in the protocol so any governance model that's reimplemented on chain really should be audited by multiple parties and vetted for a long time as much as one of the things that's cool brad about what's happened in a pod in a class half full way is beanstalk is kind of corporate now there's going to be all every time code gets pushed it should get audited and there's all these new standards that before it was very much building the airplane while flying and right now if independent of how this barn razor goes this is now going to be a lot of testing before before even a test flight [Music] [Applause] [Music] welcome to mission g5 with brad nichol where we explore projects in decentralized finance that are innovating and driving our mission a financial freedom forward thank you for listening if you like what you hear please subscribe rate and review mission defy and spread the word by posting a tweet to the show all opinions expressed by brad nicolaur's guests are their opinions and do not reflect the opinions of black knox material indicators or any other affiliated organizations you should not treat any opinion expressed by brad nickel or his guests as an inducement to make a particular investment follow a particular strategy or become involved with any project a project being featured on the show is not an endorsement of that project in any way this podcast is for informational purposes only now here's mission defy with brad nicholl [Music] all right today i have with me for actually our third interview together one of the founders of beanstalk farms from the group publius ben weintraub and ben thank you so much for being here i'm actually excited to have you on because i'm excited strangely enough for everything that's happened this week for you guys despite the fact that it's been it started with a disaster because i actually think that what's happened this week has made the project beanstalk farms stronger and has generated even more interest in a product than a project that i already liked but welcome to the show thank you for joining us how you feeling thank you for having us brad that's certainly a glass half full uh approach there which we're not gonna have any problem with how are we doing well we're doing a lot better than the last sunday and everything is really relative i'd say it's marginally worse than we were a week ago from today but marginally better than six days ago so it's been a crazy week i'm sure we'll get into some of that but yeah it's nice to be here that's cool look i have to believe anybody listening to the show knows what happened but why don't you give us an overview real quick of what happened last sunday or last weekend and then what's transpired since sure so on sunday easter sunday beanstalk was attacked via an on-chain governance attack whereby an attacker borrowed a billion dollars in a flash loan and deposited all of those borrowed assets or converted them into white listed assets for deposit in the silo and deposited all of that value in the silo in doing so they acquired more than two-thirds of the total stock of the system which is the governance token and that facilitated them to pass effectively arbitrary code through the system and they were able to use their super majority powers to drain beanstalk of 100 of its non-beanstalk native value so in in all a little under 77 million dollars were stolen for feedstock on sunday and the protocol was left with effectively zero capital that happened on sunday the attack took about 24 hours because of the nature of being stopped governed so it was launched there was like a trojan force attack that was launched on saturday but executed on sunday and so sunday morning everyone basically woke up to beanstalk being totally uh drained of funds and thus began the craziness of the past week can you uh explain for people what the funds were that were drained out like what was their purpose what were they doing for the protocol definitely so as we've spoken about before brad beanstalk doesn't have collateral which makes it fundamentally different from other stable points and instead beamstock uses its credit to create stable value however the price of a being the beanstalk stablecoin is implicitly a function of how it's traded or explicitly a function of the value that you can get for it on the market in effect so the market where beans trade were liquidity pools on ethereum there were two curve liquidity pools and one unit swap p2 liquid people and in short the value of beans were derived from all of this value in the liquidity points one of the things that makes beanstalk unique is its ability to attract liquidity through protocol native rewards particularly the stock system and so over the past couple of months being since launched veenstock had effectively been able to attract collectively something like 77 million dollars of liquidity in the form of non-beanstalk native assets and so that was the value that was ultimately stolen from the protocol and because now there's no liquidity that beans are trading against the value of beans are effectively worthless for the time being that makes sense because yeah liquidity and those were paying there were pretty high gains on on those pools for people so there were a lot of people that were participating in it i know i had some listeners to our shows from both defy lunch and mission defy who are uh feeling the pain this week but strangely are positive what i was alluding to at the beginning of this but in my first two interviews with you i didn't know your name but you guys took an action that i frankly i was talking to somebody involved with the project and was really worried about you guys doxing yourselves like personally i i i was worried for your personal safety i was worried from a regulatory perspective and all other kinds of legal perspectives and i really thought this is a really bad idea but you guys decided we're going out and we're going to do an ama and we're going to disclose who we are and it's actually been a highly effective mood right now that doesn't mean you don't face potentially some personal risk but what i think it did was really just dramatically boost the trust in people and reduce the flood of people saying that you guys had stolen the money which is the there's this one niche of twitter crypto twitter that every time there's an exploit says oh the founder stole the money so can you speak to what you guys like what was that decision making process for you to decide to dox because the first time you were on my show you were trying to disguise your voice but you didn't have a voice synthesizer at the time and so i i remember chuckling along as you tried to make sure your voice was disguised but you got much better at that time not so well we would but that's so that's so well at all it was pretty funny i actually edited out some parts where your voice was like coming through clear because i was like okay this is because you're a good thanks thanks i and look i actually am a big believer in kind of um founders being anonymous i i i think it's a really critical part of it which is why i was worried so can you walk us through what that decision-making process was like for you guys because this is a massive monumental decision right that it can impact your family it's it's like crossing the rubicon once you do it there is no going back the action has been taken the dye is cast if you will so what went into that decision there were a lot of different factors the largest was that as a result of the attack there was evidently a total loss of trust in the protocol itself and over the past 18 plus months at this point 20 months from the time we started working on this has really been our heart and soul and in short in that moment and since then and i would argue for a long time prior to the attack but certainly since then we've been in a very explicit way not optimizing for our own personal well-being our physical well-being our mental well-being we're optimizing for beanstalk because we believe that there's something here worth sacrificing for and that's been the case for a long time sure now in practice we've always been committed and this was one of the main reasons behind the anonymity we're really committed to beanstalk being decentralized in practice and we recognize that people like to put people at the head of stuff in their minds and their leaders and that's a natural human tendency and we've cited previously if you look at something like a theory despite that in practice the system is incredibly decentralized people still want to know what vitalik has to say and if the goal of beanstalk is to create money real money like a globally used money currency i do not want to be the guy brad that everyone and we publish do not want to be the people that everyone's asking for monetary policy suggestions the idea system should run autonomously and be truly decentralized and so the the cost from our perspective of doxing and disclosing who we were is really that once that's done all of the work that we've you know and there's been a lot of pain in the ass associated with trying to hide our identity as best as possible we would argue realistically we never had any expectation the government wouldn't be able to figure out who we are i've got discord downloaded on my phone signed in as publish so it's not we're running a top secret operation here in the grand scheme of things but the goal was for as long as humanly possible for the public to not remain to be unaware of who we were because we don't want people to look at us as the leaders of being stuck in any capacity and in short that was a cost that needed to be taken in the short term independent of the fact that in practice we have no real control over beanstalk as was the case before it's run by a dow the concept is now that we're out there people may associate us more leaders of the protocol and we'll just have to continue to do everything we can now as doc's founders to make it clear that we don't view ourselves as any sort of leader within the protocol but the long and the short of it was it seemed like there needed to be in a in an immediate fashion a total reinstilling of confidence in the protocol the concept that and a lot of our community members because this was an open discussion should we disclose who we were should we not a lot of the people that are working on bean stalker are close to being stuck on the active members of the community said we don't want you to ducks we don't care who you are we know you guys can do it and we're ready to keep working on beanstalk whether we know who you are or not but the real point was that's not the audience at this point the people that already know and love beanstalk they recognize that was something that published would never do but the concept is to everyone else who's just hearing about this hack how could anyone possibly have any faith in the protocol going forward if we didn't come forward and disclose who we were in short and so had to be done i think we were and are still are to some extent although it's been almost a week so nothing's happened which is nice we were concerned about our physical safety there's always something associated with that when 77 million dollars or so is stolen that's people are angry and people are looking for someone to take that out on and that's unfortunate and that's real life so there was a fear associated with that we got nothing to hide brad the short answer is we felt like it was a no-brainer because of the circumstances and had to be done and as much as going forward we intend to continue to be active participants at beanstalk and we want to continue to work on beanstalk as much as we can with the dow and with the community and with being stock farns going forward we intend to still do it as publius such that at some point publius still really can disappear even if at the end of the day someone now knows my email address and my phone number and can text me and say hey have a question about this or that so it is what it is but this is where we're at effective yeah one of you i i don't know if it was you but one of you sent a message relating the story of telling your mom about what happened that that i think we all can relate to that kind of moment mom's proud of you mom's excited about what you're doing and then you've got it we're home for the holidays right yes yeah it was a celebration i didn't even think about this weekend oh i've been working on this nonsense internet money thing as far as my family is concerned for a long time and it's only really over the past two or three weeks as beanstalk has started to really strut its stuff that anyone could possibly look at what's been going on and said huh maybe he's been spending his time pretty well so it's just like this total the whole family's here everyone's finally talking about we still have no idea what you're up to but it's very clear it's going well yeah and i'm jewish so there was a huge family dinner for pesach on friday night uh and 36 hours later and so my parents are fast asleep we're now in crisis mode hey hate to ruin your guys easter sunday but there's 77 million dollars that's now missing and they're like wow they're boomers respectively so they're it's crazy so the other thing to note is i think in that moment and that was prior to the docs and stuff there's a question of how can we we create any sort of empathy or faith with the community that this wasn't us there's there's no such thing as hey we didn't do it like you're still anonymous you no one's going to believe that that's right the in that moment it's like how can you display any sort of realness that this is real for us too and this is crazy hey just informed the parents this whole thing that we were talking about at pat's over the other night is it's for the time being it's dead basically so i think there's a lot to be spoken about going forward i don't think it's dead but certainly in that moment it's yeah and that's it's look it's hard to tell your parents that something has failed anyway but then it's more brutal they've lost a lot of money too brad they lost a lot of money it's one of those things where i've had and i'm sure you can pull my linkedin now i've had a previous business as well my parents are like my biggest supporters they've lost a lot of money investing in me historically and this was okay you guys are finally at least on paper now you're doing good this is and yeah it's brutal it's brilliant and i don't think that they're so they're not annoyed like the money's not the important thing as much as their children sure but it's like nonetheless it's hey just so you guys know all this paper money that you thought you had is totally gone now it's ugh yeah that's not fun either that's brutal that is just brutal i hadn't thought about passover i hadn't thought about all of that that's uh like the weekend that's quite the confluence of events there man that's crazy that's crazy look i think at the end of the day that also gives people uh a little more trust right finding out that your family was invested in this thing and took a hit it's probably gonna be even even greater motivator in their minds for you to really make this thing work but you guys had already invested look the from the first interview i had with you it was clear to me like and that's why i've talked about the project so much on the shows that we have it was clear to me that you guys were you were absolutely true believers in what you were doing and that you were committed to this being decentralized and you were committed to making this thing work i remember the first time we talked you were you guys had just come out of the that massive money in and out and the d-peg that you had there at the very beginning and you were so excited it was like so evident of how excited you were that this thing was back to where it was supposed to be the model was working the algorithm was working so i can imagine that day in your life is going to be uh credible but coming out of that the amazing thing to me is i think the whole idea of this trust being built up was was based on that for a lot of people but coming out of that whole thing you've actually experienced something pretty amazing like people that have lost literally millions of dollars messaging and discord and saying i'm all in what can i do how can i help and look there are people that are pissed there are people that were upset and have lost money that's important to them but i have been absolutely amazed at the community response just totally blown away i think that speaks to how you guys approached launching this it's probably the most fair launch i've ever seen in in a d5 protocol and the approach you guys took and the philosophy you had about decentralization but tell me a little bit about what that felt like the long and the short of it is and i think what for each of us in hugely sunday was a personal if not all-time low a local low by a wide margin as bad as it gets and even before sunday night when we doxed ourselves and had the first three and a half hour ama which is one of many we've had since then the outreach from the people that are either part of beanstalk farms and working on beanstalk or just part of the community to just hit us up and say hey we love you guys we love beanstalk we believe in this thing no matter what happens we're still going to keep working on beanstalk a lot of these people are people that recently quit their real jobs and came to start working in web 3 on on beanstalk and it's like now beanstalk farms is totally broke and they're like we're not this is not something we're in it for just the money like we're gonna there's no money in sight and we're not going anywhere and that wasn't just one or two people it was uh two or three dozen people and to call that uplifting or inspiring i think might be the grandest understatement of all which is we didn't realize and this is a fact we didn't realize the effect and the meaning that this had for other people it had a lot of meaning for us but it's so hard to know until really hits the fan what when everything's going good everyone's there that's that's the way of life so the real crazy thing is who's there when things are not just going not so good but when they're as bad as they get and the percentage of people that are you know active around beanstalk that had that perspective it was mind-boggling brad and it still is it's very humbling that this is the set of people that are working on beanstalk and it's we feel so lucky to be surrounded by so many incredible people that love being stuck as much as we do and it was so inspiring like how could you not just want to do everything in your power to preserve this and not just preserve it but to have it continue on its rocket ship path that it was on before the the sunday show if you will yeah that's cool look i think that's funny i interviewed scoopy trooples of alchemics and one of the things he talked about a lot in our interview was when the protocol really started growing and got to 100 200 million dollars in in tbl he started having like massive panic attacks because while he knew logically that people were going to be investing and putting their funds in this protocol it really hit him how much responsibility he felt not that he could control it he couldn't control that but it hit him that all of these people were trusting in him and the team to build something that would work it would function they could make money from and that they wouldn't that that nothing bad would happen and he said that the panic attacks got so bad that that other leaders of other d5 protocols had to help him like get through it and realize that once it was out there there wasn't a lot he could do and so he just needed to keep doing things and better was there a time when you guys were like holy crap look at all these people putting their money in this thing or were you guys so confident in what you were building i don't mean that from an ego perspective but from you really felt so strong about what you were billing that you that you knew the protocol would work from a stablecoin perspective not an exploit it's a great question i'm a nervous guy brad so it's one of those things where as a and i think it's good as things are going at any point in time there really is something to be said for that's at that moment and i from that perspective there's no there's no chickens that were being counted and i think a lot of people particularly that were working on beanstalk over the past month or two got really enthused about how successful the model was working or being and the road map the six-month road map that being stopped farms put out the first line is beanstalk is an experiment and in hindsight that that looks really good because that's obviously true but the point is there was a lot of pushback from members of beanstalk farm saying hey we're past the experiment phase this is working and at least from our perspective anytime you have a protocol out in the wild there really is a a lindy effect if you know what i mean where the the longer it's alive the better and so we deployed beanstalk without an audit we didn't have the money to pay for hundreds of thousands of dollars for an audit right and the thought was the best way to test the experiment is in the wild and so from many perspectives the fact that beanstalk was actually audited for the first time and that audit report went live for a couple weeks ago in theory that should have alleviated some of the nervousness i think to your point of scoopie i don't think from our perspective there was as much or any sort of internalized responsibility if you understand what i'm saying because if we really do believe from a first principles perspective that the code is out there the white paper was designed to describe the the system as much as possible in practice even the thing that was exploited was described in detail in the white paper like this is very much like here's the model go make of it what you will if that's right and the long and the short of it is the longer beanstalk was alive the more secure in theory you should feel about it but in practice the the dollar value in the protocol is really the target that attackers may look at to determine whether it's worth their time if that makes sense so yeah the larger the system and the more value in the system and the more time with more value the more the lindy effect really takes hold if that makes sense yeah absolutely so in short over the past two or three weeks and in practice this is actually from an economics perspective in part what facilitated the attack there was a dramatic increase in the liquidity in the system and the total value locked in the system relative to the bean supply and so even though the bean supply did basically double over the past couple of weeks the total value locked in the contract relative to the bean supply actually increased much more than that because the liquidity relative to the bean supply was increasing and in practice the liquidity relative to the bean supply was what allowed them to acquire enough total stock if that makes sense sure but this is a long roundabout way of saying again at pesach the whole family's there one of the one of my uncles says to me how are you feeling about all this and he's got a shit-eating grin on his face because he can't believe the system's working and i'm like i'm nervous like i'm nervous because beanstalk is swimming with the sharks and it's out there and it's one of those things where you don't know what you don't know brad and i think we did have the humility to recognize we don't know everything that's one of the reasons of conducting all of this discourse and dialogue and process out in the open sense that in theory someone could have raised their hands and said hey this should be changed to x y zero yada or this there's a million ways that this could have gone differently but instead whoever was that recognized the problem decided to exploit the protocol so that is the nature of doing things in an open source fashion and it was and is something that i think we and everyone that was a part of beanstalk was really willing to live and die by because of the decentralized ethos of the protocol and it's very tough it's very tough one of the difficult things is that the audits there's a lot of auditors in the space but they're very limited in bandwidth and so right there's an audit scheduled with trail of bits that's been scheduled for months and months that's going to start in five weeks from now and trail of bits is a world-class world-class computer security firm right it's one of those things where the time where the the there was this very it was a perfect storm if you will where you had to have the right economic conditions insufficient amount of audits to have to found all any potential issues it was one of those things where you know again if we go back to how we started this discussion not counting any chickens is yeah the system's doing great but yeah the rapid growth was certainly going to attract a lot more eyes sure some friendly some not friendly and yeah it's very it's uh it's an ugly business brad it's another business self what the thing that was exploited was governance not the protocol determining the peg or or the value not the economics it's recovering the economics have functioned beautifully from the beginning but it must be difficult to deal with the fact that the the thing that you guys most want for the protocol to be truly decentralized to have on-chain governance and that must be look it's it is what it is but that must be the thing that's difficult for you guys because essentially you've got to come back and re-examine that and figure out how to implement that so that you don't have a weakness around it and do you think that's something you guys are going to do before the trailer bits audit or you're going to maintain it with multi-sig for a while and see what the trail of bits guys say about the existing code that determines that so ultimately there's a lot of things that are difficult uh here brad but the decentralized governance is certainly one of them in short even vitalik was participating in the discussion on twitter saying token-based governance doesn't work basically so we take that to heart and i think as a dao everyone's going to need to [Music] collectively agree on what is a an on-chain or a sufficiently decentralized governance process uh and censorship-resistant governance process going forward and that's not going to be trivial to design right so in short there's no chance that at least in my opinion there's any sort of on-chain decentralized governance mechanism ready for audit in five weeks instead the concept is short-term beanstalk should proceed with in my opinion what's still a pretty decentralized solution where there's going to be a multi-sig governed by the community with nine or more signatures that are really going to be distributed and decentralized so it's as long as you expect those signatories to execute the will of the dow which will now be voting on snapshot for example for the time being right it's obviously imperfect but necessary to get beanstalk back up and running in a timely fashion just because in practice the fact that the governance could execute arbitrary code on beanstalk was what presented the vast majority of potential attack vectors sure and this is a this attack is an example of one and so the fact that there's no on-chain governance from our perspective does mean that there's a dramatically reduced risk profile to beanstalk which over the next couple months is important for people to renew their confidence in the protocol so any governance model that's reimplemented on chain really should be audited by multiple parties and vetted for a long time as much as one of the things that's cool brad about what's happened in a pod in a class half full way is beanstalk is kind of corporate now there's gonna be all every time code gets pushed it should get audited and there's all these new standards that before it was very much building the airplane while flying and right now if independent of how this barn raiser goes this is now going to be a lot of testing before before even a test flight yeah this is the circumstances have changed dramatically in short when i want to talk real quickly because this is one of the things i think is really important in this space that that i don't think we're there yet and that is the audit the this problem of finding qualified and good auditors and then the fact that they all operate in their own world their own bubble and by that number one it's incredibly difficult as you just expressed to find auditors that have the bandwidth to actually help a protocol audit the protocol number two that's from what i understand primarily a manual process right it's people looking through code and finding things that are previous weaknesses or potentials for exploit and then number three what i haven't heard about is one of the things i'm having difficulty understanding after all this time is i haven't found a firm that's actually saying okay how do we synthesize all of the exploits that happen across d5 into data and utilize machine learning and some ai models to actually be able to scan code to find things that are common right because there are things that like flash loan resistance and other things that people know about but it's next to impossible with thousands of lines of code for any developer on any project to know about everything that's ever been exploited it's just flat out impossible and i think it's almost equally as impossible even though they're reviewing code all the time and looking at vulnerabilities and weaknesses for audit companies to be able to cover that no matter how great they are at auditing so i'm wondering if you guys i want to just get you to pontificate a little bit about what that experience has been like first of all trying to get somebody to audit your code and then secondly if you think there are things that the the community or the ecosystem as a whole could be doing to make this a safer better process for every protocol there is a real shortage of supply when it comes to auditors and a large part of that is that auditing is largely even though there is some automated testing associated with the audits the a significant portion of it is manual right and the people with the skill set to recognize any potential problems fall into two buckets brad those that steal the funds and those that work on not stealing the funds and as we know stealing the funds pays pretty good about 77 million dollars working grueling grinding through code for a salary that it's just a very different it's a very different proposition for people with a very similar skill set and it's not to say that they don't exist that there are white hats or there aren't good guys it's just they're limited they're limited and most of the people in the space that have the expertise they've already made lots of money if you know what i mean right whether through good or bad and it's like they don't need they don't need to work there's this major supply shortage of audience furthermore because there's the supply shortage of auditors there's a lot of compromise that potentially needs to be taken on quality right because it's not everyone can be the new york yankees not everyone could be the the la dodgers so it's like sometimes an audit is better than no audit so what does it mean to be audited what's one on it versus two audits versus three audits versus ten yeah it's tough it's hard it's hard to ever get that feeling of oh now it's safe the thing about being uh bitcoin's been around for a long time brad and at this point there's a lot of money on the table if you could figure out how to attack or exploit the rules of the protocol the fact that that hasn't happened that's the proof so in short no amount of people signing off looks good to me looks good to me it provides the same evidence as the lindy effect of being out in the wild for a long time and so there's this there's a friction there there's a tension there as to how much should protocols spend on audits versus risking funds right how much does an audit cost not a million dollars you could get multiple audits from a million dollars so 77 million dollars were stolen from beanstalk how many audits should it have tried to pay for the point is an infinite amount of audits under this premise are cost effective whether all those audits find all the bugs that's unclear and so then when you impose onto this economic situation that there's a huge supply shortage of auditors where even if beanstalk said hey pay 2 million dollars we'll pay 3 million dollars there's just not enough auditors to go around basically so even though beanstalk was able to attract trail of bids and now also halbord is scheduled to start an audit may night as well which is very exciting the concept is with the exception of when there's a hack and now that palborn's able to make you know room on their crisis calendar for beanstalk normally it's yeah we can slot you in august so given that when beanstalk was launched it had no no real capital behind it to pay a million dollars for an audit that just didn't exist when beanstalk was young even the cost of the sunrise function of 2400 beans a day was pretty expensive it's the concept forking over 250 or 400 grand for an audit before anything was valid right before the model had demonstrated anything that's crazy so it's one of those things where given the the structure of the auditing space there just really wasn't the opportunity to get 10 audits done on beanstalk now going forward i think the hope is any code that that the dow votes on prior to it even being voted on if that makes sense should be audited sir particularly one of the good things about moving to off-chain governance for the time being is that there's no ability for someone to propose some sort of you know trojan horse allah what happened over the weekend because now all of the code can actually be reviewed by everyone in an off chain bash and if that makes sense sure so i guess there is some security vulnerability between the time people review it and the code that is actually executed on chain if that makes sense but that's a practical security concern as opposed to a theoretical one if you understand what i'm saying yeah so that's yeah there's a lot to be said for how as a beanstalk can continue to do better and better on the security front the first audit the initial audit getting done that was a huge deal for beanstalk prior it was a hundred percent code like new code basically that was unaudited that's scary so the fact that beanstalk was very recently audited but that was a big deal internet itself now again what did that mean didn't mean anything so in practice it's this is the the struggle that collectively then itself should the death spend five million on it should the dow spend a million dollars on oddity or should the death spend infinite money it's who knows and it's it's a question that changes with scale as well but in practice because the main thing that should actually provide faith and security faith in the security model is having money in the protocol that's not attacked there's a there's only so much cost that can be justified to spend on audits i think at this point that cost has increased dramatically so now right no one's gonna say the third or the fourth or the fifth audit is worth it whereas before i think people may have said that not to say that there was lots of auditors asking hey can we come out at beanstalk and now the dazzling no we can't afford it it was more yeah this is given the very limited audit resources having two auditors lined up as a good start and the hope is to add a roster of auditors going forward but gotta start somewhere the first one was just completed the second one is supposed to start in five weeks and now there's a hal born one which will start in two weeks so there's lots of good stuff happening it's a security front but yeah it's a it's an impossible question to answer as to what the right thing to do is yep now you guys are going to launch some bounties as well via unify who i've had on the show i think that's actually one of the best ways incentive exploits and hacks being found so that people actually know they can get paid to to actually find the weaknesses and as the world gets better at tracking and locking funds that have been exploited i think that's going to become more prison versus a reward for finding something will be more and more viable i think over time totally and the wall the hacker hasn't responded to any of beanstalk farms as outreaches to say if you return the funds you can keep 10 it's like a white hat bounty or a gray hat bounty in theory that's a security model that's very attractive sure and was something that we had advocated for within the dow not everything happens instantly going back to that odder conversation and it's in theory you'd love to have lots of different bug bounties and stuff like that but i think now given the amount of priority that security is taking on everyone's mind that the immunified bounties are going to go up asap basically yeah definitely that's great what let's we haven't talked real quickly about what's next what you guys are doing to try to get funds back in and what i love about all of this is you're going to use the protocol to save the protocol and so to me that is just a beautiful thing like it's coming out of this successfully will push to me beanstalk farms into an even a much better place ultimately prior to the attack beanstalk's credit-based model was really kicking ass and the concept is particularly given that the attack was not on the economic model it was on the governance model the protocol should continue to lean in as much as possible to the credit model and furthermore just given the economic structure of the problem whereby there's the 76 77 million dollars of liquidity that is now stolen or needs to be replenished the nice thing about a credit based model is that beanstalk can issue debt up to us 77 million dollars worth of debt at the protocol level to try to bring in as much of those missing funds as possible so in practice the idea and this is something the dow has been having a lot of discussion about being stock farms i submitted a written proposal i think yesterday or a couple days ago and there's been a lot of debate and discussion around that proposal and in short the concept is for beanstalk to have a fundraiser like a fundraiser is a term that is specific to the protocol if that makes sense like it's in the white paper right the protocol has a way to when it needs to raise non-beam assets like usdc to pay for an audit it has a structure where it can issue debt in exchange for assets the protocol already has this so the only question then becomes how to create uh terms and how to have the dao effectively negotiate or present terms to potential lenders uh to come to peenstock given what's happened over the past week where it's attractive both for the dow where the dow doesn't feel like they're losing 100 of their capital which is currently what's happened and the lenders are are highly incentivized to come and lend to beanstalk for this one-time fundraiser if so the community is calling it the barn raiser so there's this the barn raiser now i didn't know what a barn razor was brad but like it's very cool i learned about it it's everyone gets together and very quickly works together to build a barn yeah it's funny my my relatives on my dad's side are all farmers and they're mennonites and so that is like the core part of their community like the community always comes together to help the other farmers build plant grow harvest the whole bit so it's it's a perfect model for what you're doing it's absolutely perfect the beanstalk community is very strong brad and so the the concept is and it's still tentative to these are tentative plans the dow still needs to vote on a snapshot to move forward with this but this is according to the proposal that beanstalk farms presented a couple days ago and has been updated due to community feedback there's going to be like a 10 day the fundraiser will last 10 days so for the month and a half prior to the attack there was basically no soil available being stocked with every dollar bean stuff was willing to borrow from from the market it was getting filled almost instantaneously and there's very minimal hundreds or thousands of soil an hour right now there's going to be 76 77 million soil up to 76 77 million dollars and it won't be beans normally it's beans but in this case because feeds don't have any value at the moment it'll be usdc or something like that a lot the bean stock fundraisers can come and lend to beanstalk for pots right and so the concept is how to have the this short term because normally the protocol responds slowly and steadily if that makes sense fred right so we've spoken about beanstalk's not in a rush and normally if you want to sell your beans at a discount the protocol doesn't mind so this is like a one-time thing where the protocol needs to be jump started so how can you create the same mirror how can beanstalk mirror the normal economic effect it has on the market for lending over a shorter period of time that's basically the question that the structure of the barn raise is trying to answer there there are really three phases to the barn rates as a whole there's the barn rays then there's the hair cut to the whole system to scale it based on how the barn race goes and then there's like a vesting over time for all the people that are getting recapitalized but if we just talk about the barn race itself and there's lots of details on the other phases swell on the beanstalk farm's proposal but i think the economics that are interesting is how the bar raised itself that first phase is going to work so there's two stages the second stage is easier to understand than the first so the second stage is where the weather the interest rates are lending to beanstalk will start at 20 percent and the weather will increase by one percent every 10 minutes for three days and the concept is there will be a new pod line for anyone that participates in this barn racer or this podline receives one-third of all new bean mints going forward normally it's half go to the silo half go to the pod line this new pod line will receive one third of all bean mints so if you're at the front of this pod line you basically get to cut everyone that's been waiting in the old pod line and then everyone get who's lending in this art racer to beanstalk gets in line behind the first person one in this new podling that makes sense yep so the concept is the auction this three-day this three-day on-chain barn racer will conclude with the weather going from 20 to 21 to 22 and people can get in line at that weather now the question then becomes well it's very hard for the market to actually price itself in advance and to figure out how to price lending to beanstalk so the thought is prior to the three actual auction there will be a bidding process where the anyone can basically place a bid at a given interest rate and say nice i want to bid a hundred thousand usdc or a hundred thousand ust at uh forty four percent interest rate or a hundred percent interest rate and the concept is when the auction itself happens whenever the weather gets to 44 or 100 your bid will clear and you'll get in line wherever that is now the there has to be an incentive to bid so the concept is if you there will be like some time bonus for bidding on the first day versus the second days first the third day so the earlier you bid the more of the bonus you get right so uh that's the general structure of the the barn race itself if that makes sense and if it gets to if you don't bid early enough and it it gets to them will it be capped at the 76 million so yes uh 76 and change so you won't be able to lend more than that to being stuck so if it gets capped out everybody they've hit the max then if you wait too long you're going to lose out correct and if you bid too high of a weather you bid the maximization 452 percent if you bid the max weather and the fun the barn raiser sells out prior to that then your bid will not clear those are good problems for beanstalk to have sure in those case in that scenario you might expect people to lower their bids to make it more competitive but i believe under the current proposal if you update your bid you do update your bonus as well so if you bid on the first day and then you update on the third day your bonus changes to the third day bone so there's some forfeiture of time preference there got it look i think the solution is incentivized and based on the protocol makes it exciting and and very positive thing for you i know you have a very limited amount of time so far got about we're getting more we're just moving brad there's a lot going on so one of the things have you had interactions with other protocols in the space that might be interested in investing treasury funds those kinds of things into the barn rays the short answer is yes but i can't disclose much more than that but yeah there's a lot of different there's a lot of different things that could make sense here for beanstalk and for other protocols that might be interested in uh coming and lending to being stuck at the moment there's a couple that to me are particularly compelling and we're trying to because we are talking to them so they become more of a partnership than just uh correct yeah i don't like the word partnership because of that implies some sort of corporation or it's not the most decentralized term but from a symbiotic relationship perspective there's a lot of different opportunities here with that said feeling like uh feeling like there's an opportunity here brad at the end of the day sunday was as it doesn't get much worse than that how much of your money did you lose a hundred percent so it's you know you can't get much worse than that right that is the bottom the concept is beanstalk really does have an opportunity to demonstrate the credit model is so good it's so good there's so much demand for beanstalk's credit that even losing how much a hundred percent of the funds the protocol was able to recover i think that's gonna be quite the story that's gonna be the defy story of the year that's that to me is puts you over the top i definitely i'm excited for that um i'm gonna cut us off there because i know you have another thing to go to but dude i really appreciate your time i'm excited for what you guys are as crazy as it sounds what you guys are experiencing i think it'll harden the core community that's contributing to this project i think it'll harden the project i think it gives it even more potential and i was talking to somebody the other day so they were talking about concerns they have with beanstalk protocol and one of the things they were talking about was the the complexity of the of learning it and i said that actually i think is the thing that saved the protocol is that all of the members of the folks investing have invested so much of their brain power in understanding how the thing works that they weren't about to give up on it because they really understood what was there and so i think that actually is the an advantage and i also think that one of my responses was the average american doesn't understand how the freaking economic or financial system in this country works i don't think there's any problem with beanstalk getting kind of retail support without people understanding the complexity of the protocol so i'm excited for you guys we appreciate it tremendously brad thank you for having us it's a pleasure as always and it's nice to to be here without a modifier holding the nose uh it's nice to just be here so really a pleasure and look forward to doing it again soon congrats man and fingers are crossed i i think you're going to see a tremendous response to the barn raise and if i can do anything to help don't hesitate to reach out appreciate it tremendously brad talk soon take care buddy take care bye