It's not really edge bases, it's how contracts works, and how this contract works.
There is nothing magical here. It's a bit like avoiding the checksums that IBAN has, and then complaining that IBAN is broken. Most people interact with WETH via UIs, but for some reason this user chose not to, and got severely burned because of it.
Things that require expertise usually requires one to know acronyms and how things works underneath, the cryptocurrency space is no different.
Now I don't know what you do for a living, but it certainly isn't cryptocurrencies. I'm sure there are more industries you don't work with on a day-to-day basis, and when people who are in those industries talk with each other on a technical level, you'll see the same amount of jargon. That's just part of expertise in a subject.
For example, two of my friends are chemists, and sometimes they talk chemistry stuff when we're having dinners and stuff. Of course I don't understand most of the stuff they are saying, but I'm not gonna claim "chemistry" is "magical knowledge" just because I don't understand it, so I'm not sure why you would about cryptocurrencies.
> You'd expect that invalid actions lead to idempotent errors, not glitch states where you lose everything.
Indeed, and that's exactly how most cryptocurrencies work today. You try to send funds to an invalid address, the wallet will present you with an error that you cannot do that.
The user in the submission did not perform an invalid action, because they wouldn't be able to perform an invalid action.
So your definition for "valid action" is just that the eth network lets them do it?
They clearly didn't want to burn £500k, and that is now irrecoverable, alongside 260 other people who made the same mistake, on a smart contract that forgoes validation for gas fees.
> So your definition for "valid action" is just that the eth network lets them do it?
Yes, this is indeed the definition for "valid", that the protocol allows them to do it.
It was a valid action, but not the action the user actually wanted to perform. There are two ways of avoiding these scenarios: A) use UIs and don't interact with the protocol without safeguards, as the UI will prevent you from making mistakes (this user interacted directly with the contract, not via a UI) and B) when doing something involving a lot of money, do it once first with a small percentage, so you can verify it's correct (this user didn't do this either).
For example, I know that IBAN has checksum built into the "address" and that the bank could revert transfers, but if I make transfers above a certain sum, I always send a small amount first, make the recipient confirm how much they received (I send a small random sum) and only then do I perform the larger transfer.
As I mentioned elsewhere in the comments on this submission (https://news.ycombinator.com/item?id=30136941), it's impossible to know if someone actually has access to an address or not, so why would the wallet stop them from sending it?
"It was a valid action, but not the action the user actually wanted to perform."
It's an action noone ever has ever wanted or ever will want to perform.
In the same way putting your finger inside a power socket is an invalid action, and people who designed sockets were smart enough to make it impossible.
For example, some holder (maybe a founder) of a certain coin can burn a certain amount of their tokens, making it more rare. This is a quite common practice. If I were to burn a certain amount of tokens, I think the most natural thing to use as a burn address would be the contract address itself.
Making it easy to build contracts that will accept resources and then never do anything with them, destroying the value, is a design mistake.
This is something the developer of the contract should explicitly opt into. As others pointed out, if everything a contract did was via explicit methods, rather than transfers, this type of defect would never have been created.
And this mentality is what will block wider adoption of crypto. Calling people dumb for not understanding a non-intuitive system (after there's so much prior, "return to sender" art in the world) will not get them to use crypto.
Sure, I have no desire for cryptocurrency to get a wider adoption, I have no skin in the game, I'm just looking at the facts. I don't care if the space burns up or saves the world, for me is the same.
This is not the case of a non-intuitive system screwing the user. This is the user purposefully avoiding using the intuitive systems setup for them, and interacting with something directly even though no one does that unless you're a developer. This person has half a million dollars worth of X, while not understanding X.
> (after there's so much prior, "return to sender" art in the world)
That's awesome that you have come up with a solution for this, while the ecosystem hasn't been able to. Could you share your solution?
It's a hard problem to solve in a system that has to A) be decentralized, B) work when less than half the network is trying to screw you and C) prevent double-spending
"return to sender" sounds easy to implement in a centralized system, but it's not that simple for a decentralized one. At least not until you release your solution.
> This is the user purposefully avoiding using the intuitive systems setup for them, and interacting with something directly even though no one does that unless you're a developer.
Of course using the intuitive systems setup for the
means that one has to trust some random people or companies, instead of going directly to the blockchain. What happened to trustless?
"Trustless" is referring to the consensus in the protocols, not to the entire ecosystem. This is a ecosystem built by and for humans, of course there will be trust involved.
You are intentionally misrepresenting the parent comment. The point is not that nobody should be able to transfer from one address to another, and pretending otherwise is pretty dishonest.
But then please share with me what the argument is? The user made a transfer that shouldn't have been done in the first place, and somehow people are saying that the protocol should have safe-guards against doing transfers to the wrong address, but how is the protocol supposed to know what address is right/wrong? There is literally no distinction between them, so therefore you need to allow any transfer, or no transfer.
So I guess, when it comes down to the wire, what wins out, the needs of real users, or the documented description of a protocol?
The fact that said protocol is incapable of addressing real needs is a failure state, and historically this has been addressed by building better tooling on top of the protocol, or replacing it wholesale.
> The user made a transfer that shouldn't have been done in the first place, and somehow people are saying that the protocol should have safe-guards against doing transfers to the wrong address, but how is the protocol supposed to know what address is right/wrong?
Sure, the user sent stuff to the wrong address... Or did he? Seems, rather, that he sent the wrong kind of stuff. Had he sent, whateveritwas, WETF in stead of WETH or vice versa, then it would have gone right.
So then it seems the receiving thingamajig was at least as much at fault: It accepted (and just swallowed) a kind of stuff it shouldn't receive. It's like, say, a one-way currency-changing ATM that takes dollars and returns euros. If you feed in euros by mistake, it fucking obviously should just spit them back out (and preferably display or print an error message, "Wrong currency: Gimme dollars to get euros.") You're saying just swallowing your euros would be a "valid" behaviour for that machine.
That's so obviously bullshit that the only remaining mystery here is whether you're actively trying to defend what you know is indefensible, or actually so deluded that you've somehow convinced yourself this bullshit is true. Well, no, not the only one: The other mystery is, which is worse?
>how is the protocol supposed to know what address is right/wrong?
It's the "right" address for certain transactions--like turning ETH into WETH--but the "wrong" address for other transactions, which makes the whole thing a garbage design. You can say "that's just the way Ethereum/crypto/smart contracts work" all day, but it doesn't matter.
Most people don't care why the design is bad, they just care that it is bad, and that there are better theoretical (or real) alternatives to this tech.
Your analogies make sense to me. Sounds a lot like running a system on Linux. Or maybe assembly is a better metaphor. I like the analogy about avoiding all the safety mechanisms on an electric line and jamming your hand in there...the grid can't tell the difference.
The arguments here are odd. The blockchain isn't built to handle this kind of operation by a non-expert user. Yes, mistakes are expensive. Is that okay? In the same way that a nuclear power plant isn't designed for a rando to go in and operate it.
Yes, raw blockchain stuff is hard and non-experts should not interact directly.
The key question is, is the payoff worth building an entire system around? For nuclear power, yes, because it provides electricity for people to just plug into. For blockchain, maybe, maybe not.
> The blockchain isn't built to handle this kind of operation by a non-expert user.
But the blockchain in general and smart contracts especially are pretty expressly supposed to be, that is, central to trustlessness is not requiring some elite priesthood as an intermediary (either personally or as trusted purveyors of overlay systems) between end users and the authoritative system.
Sticking your dick into a socket results in transfer of electrons from one object to another, thats the entire point of the electric grid! Clearly it's designers had no need to design circuit breakers, ground fault circuit interrupters, etc.
Listen, in this case, there already is circuit breakers, ground fault circuit interrupters and more to prevent problems to happen in the first place. The wallet is the first guard against this, the UIs the various services provide is another, and so on.
But when the user bypasses those and interact directly with the chain, which is not recommended for people who don't know what they are doing, problems can happen.
The same as if someone bypasses all those checks you wrote about, and then complains that they got a ton of electricity zapped into them. Why doesn't the grid just know that it was a human and not something else and stopped sending electricity?!
You know what happens when you transfer money to a non-existent/incorrect IBAN?
Most likely your bank will reject the transaction and not even defund your account - as you mentioned, the IBAN itself is already designed to prevent human error.
If by chance you “crafted” a technically MOD-97 valid but not existing IBAN and the money goes out to the other bank (PACS.008), the other bank cannot book it (as the account doesn’t exist) and should automatically return it to you (PACS.004).
If by chance the other bank is incompliant and does not return the money, you can have your bank send a recall message (CAMT.056) to try and retrieve the funds. The other bank is then compelled to either refund the money (PACS.004 again) or at the least officially communicate they’re keeping your money (CAMT.029).
At that point, there’s still law and legal avenues to pursue.
One thing that does not and can not happen though, is for the money to vanish into a black hole and be removed from the economy. That is what a stable, standardized and reasonably regulated industry with some centralization does for you.
You know what happens when you send Ether to a incorrect Ethereum address? The wallet will reject sending it. If you bypass the wallet and rewrite your own wallet to send it anyways, the validators reading from the mempool will reject it. If you rewrite your own validator to accept it anyways, no other validator will accept it and the transfer will never go through.
What happened here is more like you used IBAN to send to the correct account, the correct bank and everything was correct, but no one actually has access to the account but the bank doesn't know this.
As far as I can tell, no one has argued that transaction validation for this specific smart contract should be built into wallets. You're arguing with a straw man.
The point I see made instead is that the smart contract should not be coded to behave as it does. If a financial product at a retail bank set a pile of cash on fire when you used it incorrectly, regulators would swoop in and make the industry add some safety features, even if that safety came at the cost of convenience.
It's very hard to draw parallels from cryptocurrencies to other things as it's not like other things we have today.
Some sort of analogy could be margin calls/puts. Imagine someone who doesn't know how margin trading works used it, and lost half a million dollars. Who's at fault here? The bank for allowing it, the financial system for having the feature or the user for not educating themselves enough to understand how it works?
> Some sort of analogy could be margin calls/puts.
That is not a comparable situation. The ETH/WETH trader misused a negotiable instrument, and 500K disappeared forever. Someone who loses 500K gambling on margin was gambling and lost. If they somehow mistakenly placed an order on margin, there's probably a process to reverse the transaction and get your funds returned within a specific time window (that's just a guess on my part, though, and it probably depends on the brokerage used).
> It's very hard to draw parallels from cryptocurrencies to other things as it's not like other things we have today.
I don't think this is true; cryptocurrency in this situation is very similar to cash. You can get mugged while holding 500K in a briefcase, and the funds are unrecoverable absent legal restitution. But that's why banks make you sign a waiver of liability when you withdraw large sums in cash.
> Yes, this is indeed the definition for "valid", that the protocol allows them to do it.
I believe that this, right here, is the core disagreement surrounding the utility of cryptocurrencies. There are two orientations to think about software. One is the software orientation and one is the human or problem orientation. "It did what the software says" is a defense often used by crypto advocates who point out, rightly, that there are very strong guarantees that cryptocurrencies provide and other things that they completely do not guarantee. Other people point to the mismatch between the guarantees that cryptocurrencies provide and the actual failure modes that are very common in the real world and complain that advocates seem to be completely ignoring these issues.
I think a relevant comparison is security vulnerabilities in traditional software. If you've got a program that is exploitable through a buffer overrun that enables arbitrary code execution, the program is behaving precisely as programmed. From the perspective of the program and the computer, there is no difference between ordinary operation and the exploit. But from a human perspective one of these behaviors is expected and one is both unexpected and undesirable. And the "well, just don't fuck up your C program" argument is basically failed at this point, for good reason. I would expect to see the same in the crypto space.
This is impossible to solve, in the cryptocurrency space or in the existing structures we have. When you send an email, you cannot know if someone actually has access to that account (maybe they forgot their password?), you can only know if the address is valid or not (by sending the email). Similarly, you don't know if the right person has access to the bank account you're sending funds to, unless you ask the person who is supposed to have access, if they actually can access it.
Since this has already been answered multiple times in this submission already, I'll leave you with this:
> You know what happens when you send Ether to a incorrect Ethereum address? The wallet will reject sending it. If you bypass the wallet and rewrite your own wallet to send it anyways, the validators reading from the mempool will reject it. If you rewrite your own validator to accept it anyways, no other validator will accept it and the transfer will never go through.
> What happened here is more like you used IBAN to send to the correct account, the correct bank and everything was correct, but no one actually has access to the account but the bank doesn't know this.
Let's talk about putting safety rails around large drops.
They should never be necessary with careful use.
And they can't prevent everyone from falling to their death.
But they still prevent some harms, so we generally require them to be present.
Design to do everything with contracts through methods instead of transfers to contract addresses would make this particular type of failure impossible. There would still be other ways to screw up and lose money on accident, of course. But any way that can be reasonably eliminated and isn't, is a design flaw.
SMTP servers are able to reply whether a user exists, and some still do. Your own server will send you a "undeliverable" message if it receives a negative reply.
Haha, that’s why the client software needs Nick-Fury-style safeguards to say “I understand that this a valid transaction, but given that it’s a stupid-ass transaction, I’ve elected to throw a warning.”
What % of the people that use IBAN, know that there is a checksum, know what a checksum even is, or how to apply it?
Thankfully we have banks to deal with that - and legal framework that can help us undo problems.
"But you can use an exchange with ETH!"
Like banks? Making such networks ostensibly not 'decentralized'?
The entire point of Crypto/Blockchain is that is decentralized and is accessible to everyone.
If it requires that we trust 'quasi-centralized nodes' like CoinBase (i.e. banks) then it mostly defeats the purpose. Just use a bank.
At absolute minimum, the purveyors of such tech should be providing 'off the shelf' free wallet software that solves all of these problems of magical knowledge.
All of these arguments are fading quickly and the people doing this are risking a lot of credibility.
We talk about people wasting their time on AdTech, but at least there is actually some value in AdTech. We are facing an entire generation of people doing 'NoTech'. Let's turn this into something useful.
I think you missed that the user went beyond just using something to swap ETH for WETH and instead interacted directly (manually) with the contract, effectively bypassing the safe-guards that are already in place (even without exchanges) to prevent issues.
The user basically guessed that this is how you turn ETH into WETH and vice-versa, without actually reading anything about it.
If the user searched for "How do I turn ETH into WETH?" and read the first few links, they would have avoided this problem. If they made a mistake of entering an invalid address in a wallet for a transfer, the wallet wouldn't allow the transfer in the first place.
> The entire point of Crypto/Blockchain is that is decentralized and is accessible to everyone
Yes, indeed. That also implies that you're responsible enough to have a basic understanding of what you're doing. Or at least recognize that you don't have a basic understanding, and seek to attain one when needed.
It doesn't really matter that 'someone did something they should not'.
People will always press the Magic Red Button without knowing what it does with some, if rare, consistency. That's human nature, ergo, our systems must accommodate.
The fact it's possible to lose $500K whereupon 'nothing can be done about it' is a 'dealbreaker' for this tech.
The truth is, when one goes down the rabbit hole, one discovers that ETH doesn't really solve any problems and creates a bunch of problematic side-effects. When you solve those side-effects you end up with something that looks like a regulated banking system.
There needs to be a new angle/twist or use case that we haven't thought of yet, in order for any of this to make sense. We risk getting into accidents when we drive a car, because the 'upside' of fast travel is worth the risk. There's just no real upside with Crypto yet. NFT was a neat idea, but that's not it either.
> People will always press the Magic Red Button without knowing what it does with some, if rare, consistency. That's human nature, ergo, our systems must accommodate.
Are you also frustrated that you can run `rm -rf --no-preserve-root` on your computer and it's not possible to get back your data unless you had backups since before? Clearly, this is a dealbreaker for UNIX because it allows you to delete your root partition. Why would you ever need that?
> NFT was a neat idea, but that's not it either.
Yeah, no, NFTs were and remain a disgusting idea, but thanks for revealing your opinion on that, makes it easier to understand where the falsehoods in the rest of your message comes from.
Cryptocurrencies give you the OPTION to use a trust-less decentralized system. If that’s not your cup of tea, nobody is forcing you to opt-in to this system. Go use a bank, or a centralized exchange, or whatever makes you happy.
> At absolute minimum, the purveyors of such tech should be providing 'off the shelf' free wallet software that solves all of these problems of magical knowledge.
UI is continually improving and is already much better than in the early days. But the “purveyors of this tech” don’t owe you anything. If you’re not satisfied with the current wallet offerings, you can go build your own, or you can simply choose not to use cryptocurrencies.
If the 'option' implies all sorts of 'costs' (such as lack of oversight, losing money, no insurance') - then it's a choice rational people will not make.
"But the “purveyors of this tech” don’t owe you anything"
You're right.
And it's why nobody in world uses crypto, blockchain or any of this nonsense for doing anything productive and use it solely for trading magic numbers.
Currencies don't come with a prerequisite of intimate knowledge of industrial jargon that requires use on a daily basis to be proficient enough in to not lose everything.
If you're gonna deal directly with the forex industry without any safe-guards there will definitely be a bunch of jargon around, have you ever dealt with the insides of forex trading before?
In general, giving someone money does not require intimate knowledge of what's happening behind the scenes, that's true. But the submission is not about a normal transfer, the user is explicitly avoiding the safe-guards in place, and got burned by it. It's no surprise really.
The idea behind 'smart' contracts is to have immutable and decentralized pieces of code on the blockchain to execute transactions, eg. to swap ETH for NFTs or ETH to WETH like in the OP. They have addresses because they can keep a balance, but because they are supposed to be dencentralized no one can move that balance. If it did have a transfer or withdraw function people would have to trust the creator not to suddenly scam everyone.
But yeah the ability to send the directly to the address is stupid. There are no real world and crypto world use cases do it. I think the most glaring thing is that person has 500k in ETH but no idea how smart contract work or how to use the functions...
> to execute transactions, eg. to swap ETH for NFTs or ETH to WETH like in the OP.
It could apparently only swap from one kind of crypto-"currency" to other stuff.
> But yeah the ability to send the directly to the address is stupid.
Isn't the problem raher the ability to send the wrong "currency" to the address?
If it can only change from one kind to others, then the correct behaviour is obviously to accept only that kind, and reject any others. This is basically an online version of a physical currency-changing ATM, where you feed in dollars to get euros (or other currencies?) in stead. If you feed in euros or pounds or yen by mistake, the ATM should obviously spit it back out. This online version just swallowed the wrong currency. You don't have to know how ATMs actually work internally in order to determine that this is invalid behaviour not only on the user's part, but definitely on the ATM's too. If the ATM can only change from dollars to other currencies, then it should only accept dollars.
Well no, you can use options and swaps to accidentally "gift" your money to more proficient traders or to market-making institutions or just pay it away in fees, but in all those cases you're giving the money to someone, not shredding it.
an immutable black hole might as well be a shredder. the OP in the reddit did precisely that. that money is GONE. locked away forever. it has not been transferred to anyone else.
Indeed, an "immutable black hole" could be described as a shredder, agree. But that's not what that address is. The semi-official "black hole" address for Ethereum is 0x0000000000000000000000000000000000000000 (https://etherscan.io/address/0x00000000000000000000000000000...), currently has $29,461,295.02 worth of ETH in it. Any other (valid) address is just another address on the network.
"It's not a black hole, because black holes are collapsed stars, which is clearly not what we're talking about."
This is basically the style of argumentation being used here. Frequent equivocation over the terms "valid" and "black hole" to avoid addressing anyone's actual point.
This kind of argument came to mind when I first read the thread, but then I thought... isn't the whole point of crypto to be decentralized? To avoid these kinds of concentrated power structures?
The thing that gets overlooked here is this guy had to have an above average understanding of all this to even get into a position to make this mistake. Manually sending weth to a contract address is not a process a newbie would even conceive of doing. Or even having weth in the first place.
This guy was pretty far over on the right side of the bell curve when it comes to Ethereum knowledge.
It's still obviously a giant design gotcha that losing money this way is possible. They fact that it happened to a guy who knew probably 95% of the esoterica he needed to know to complete the transaction successfully and still got completely burned is an issue.
> The thing that gets overlooked here is this guy had to have an above average understanding of all this to even get into a position to make this mistake
You'd think so, but you'd be surprised.
> This guy was pretty far over on the right side of the bell curve when it comes to Ethereum knowledge.
No, that's not true. Even people at the beginning of the bell curve know that you don't send half a million worth of anything around without verifying first that what you're about to do, is correct. You first do that by reading through everything and double-checking. And after that, you do the thing you want to do, but with 1% of the value or less, and verify/double-check again. After that, you do what you actually wanted to do.
The ecosystem is very new, has bunch of sharp edges everywhere and there is no recourse if you do anything wrong, so going through this process is something you learn very early on.
> They fact that it happened to a guy who knew probably 95% of the esoterica he needed to know to complete the transaction successfully
This is obviously not true, as the person seems to not even have search for "How to convert X to Y" before performing something they know they might not be able to undo.
If this happened at a bank, you would be told you submitted the wrong form to withdraw foreign currency from your account (closest analog I can think of) and be given the correct form before it even started getting processed.
A better analogy would be that you sent the money to a bank account you thought belonged to X, but X can no longer prove that they actually are X, so the bank are not allowing them to withdraw the money anymore. Would the bank still send back the money, even though the recipient was technically correct?
There is nothing magical here. It's a bit like avoiding the checksums that IBAN has, and then complaining that IBAN is broken. Most people interact with WETH via UIs, but for some reason this user chose not to, and got severely burned because of it.
Things that require expertise usually requires one to know acronyms and how things works underneath, the cryptocurrency space is no different.
Now I don't know what you do for a living, but it certainly isn't cryptocurrencies. I'm sure there are more industries you don't work with on a day-to-day basis, and when people who are in those industries talk with each other on a technical level, you'll see the same amount of jargon. That's just part of expertise in a subject.
For example, two of my friends are chemists, and sometimes they talk chemistry stuff when we're having dinners and stuff. Of course I don't understand most of the stuff they are saying, but I'm not gonna claim "chemistry" is "magical knowledge" just because I don't understand it, so I'm not sure why you would about cryptocurrencies.