0:00
yeah yeah they keep cycling okay we're live but they keep cycling the uh the validator set
0:13
[Music]
0:22
hello and welcome to game of nodes a weekly podcast on the cosmos from independent validator teams and you've
0:27
just heard the derailment of our pre-show chat by some confusion from me over what the
0:34
difference is between say and swee which i've just learned are two different chains um
0:40
bye-bye is blow i suddenly because i had i i knew that there was some uh like some talk about the the v s is that is
0:46
it swede that's got the big vc money and they're just starting to get ready for their for their test nets and stuff
0:53
and i was like why are people talking about an upgrade on a network that hasn't even collected its genesis file
0:59
yet there we go that's why you got it they weren't one letter apart wait one letter apart
1:06
yeah only one letter apart but in different orders see it's very subtle very subtle
1:11
difference cosmos and uh osmo are not that far apart either it's a line between clever
1:18
and stupid but why male models um
1:24
the i i i always go back to the garth miranda joke of like i'm a writer which
1:29
means i just hit the keyboard and letters come out now getting them in the right order
1:36
i mean that it's still my stomach so probably my face it's actually very similar to programming as well that that instruction so anyway um this week's
1:44
episode is a bumper dps episode given all of the things that have happened in the cosmos this week we've had do you
1:50
know what's funny is we've got this like bumper dps episode and we put out our usual tweet like hey has anybody any
1:56
questions for us um earlier today and earlier in the week and the only questions we got were
2:01
really legitimate technical questions that actually are quite interesting
2:07
and it was like it would it would be the dps episode where we're like no no sorry we're interesting technical questions uh we
2:13
have drama to deal with uh so we will entirely be dealing with the [ __ ]
2:18
um so drama this week has has anything happened i don't think so this week
2:25
do we need to catch you up jaby so is your validator up on juno because there was something that happened last
2:30
thursday all right oh yeah yeah it's up uh what was it that happened um
2:37
let's see it was running just fine and then something happened
2:43
and then something's deeply unfortunate happened it's like the um
2:49
yeah i don't know whatever i guess it was eventful you could say it was very eventful i mean i guess the
2:56
takeaway i suppose i'm taking from the juno chain hall i think i said this on twitter was that um
3:02
you know binary out to validators instructions and everything within 10 hours that was cool
3:09
um and then i think the pathological case for invariant checks to get back up and running was 24 hours
3:15
so yeah it's a game of two halves there were
3:20
some really there's a big success in there and there's a big unfortunate thing as well um
3:26
as well as i suppose you know just we were talking about this in the pre-show is you know the the circumstances around the attack itself
3:33
are obviously um pretty unfortunate and in terms of like the the game of node sweepstakes but we
3:40
can do this who do we think did it everybody look shifty i don't know one
3:46
of us it was null man if i had the skills to do that
3:53
i'd be like you know i wouldn't be a validator i'll just be stealing everyone's money
4:07
going like oh this this must be like um this must be like a deliberately thought through attack because you could make a
4:13
load of money from it now there's the example of the person that would take the money
4:19
just for reputational damage he would 100 of wait until it went live and shortly the [ __ ] out of it
4:25
um yeah so um what so should we do are we gonna do uh
4:32
so we've got four four drama incidents to cover in some order
4:39
uh i suppose like there's something we should probably maybe like rip mention what happened over on solana because
4:44
it's quite interesting okay um obviously there's nomad which is much closer to home and uh
4:50
you know that's quite bad um the osmo halt too which i know affected all of you folks that are validating osmo
4:57
there's less of a halt i mean it would you wanna talk about osmo first because i think
5:03
that's a really interesting situation um do you wanna explain what happened there
5:08
jaby yeah so uh the expectation was that this upgrade that was going to make the epochs faster
5:16
was not consensus breaking and then it turned out there is a edge case in which
5:22
it is consensus breaking and we learned that
5:27
33 of the vowel set had updated uh which was not quite sufficient to you know
5:34
halt the chain um and so less than 33 of us had to roll back to
5:40
10 um or or so and uh and keep going
5:46
and so you know the the chain didn't halt per se but certainly blocks became
5:51
longer as waiting for timeouts
5:57
so yeah raise your hand if you're affected by that yeah easy yeah yeah
6:04
no no still drunk after dealing with it
6:09
i i'm sorry i don't even know what the [ __ ] we're talking about i was um
6:15
so no one will answer me i don't want to read the say network bloody discord because i'm on the thing
6:21
would someone just tell me like is it just a binary swap i don't even know if my node's stopped is
6:28
just binary swapping i just just restart it and call it the good already happened
6:35
so if you're still running then you might hit a consensus problem so i'll just
6:40
swap out the binary call good no i'm pretty i don't know i'm not in the active set at the moment
6:47
so it probably doesn't really matter so this is i'm stalled so yeah it's
6:54
so for cosmo visor the folder is 1.1.0 beta and that's the branch name as well
7:00
let it run okay oh yeah i'm not using girls my visor okay then just then just build this it's running for djing mode
7:07
it's a test net man it's where i learned to break [ __ ]
7:13
there we go restart well surely it's easy to just provision the same way you would provision well whatever okay we
7:18
obviously have different approaches well i've restarted now so i'll see if my monitoring now says oh it's unstable
7:25
so everything roses when we when we had that question on it on a previous episode and somebody was like how did
7:30
this get started and i think one of us possibly me or null facetiously went oh yeah well we
7:36
basically used to just be on a video chat and then we decided to film the video chat and then that is
7:42
the podcast this moment perfectly illustrates the truth of that
7:47
like normally we have like a veneer of professionalism where we're not actually talking actual shop but this is this is
7:54
the moment that breaks down um so yeah is there any well now now we've
7:59
done debugging uh nuls test net node uh is there anything else to say about the osmosis
8:05
thing it is a quite interesting case on i guess it's not so much even like there was no
8:10
real problem per se other than i suppose it maybe shows the complexity
8:16
of upgrades and how they pertain to consensus right well i thought it was a
8:22
go ahead i thought it was pretty interesting because the consensus breaking part of it was that
8:28
um the logic the end logic was the same is that like the way they did the logic so
8:33
let's say you did like a transaction then you did a stake in in one function it swapped those two right so
8:41
normally that wouldn't matter if it all went through correctly because all the gaps would be the same all the estimates would be the same whatever but because
8:47
they swapped if it failed earlier and that's what ended up happening that's where the consensus breakage came from
8:53
so while there's optimization happening it was just some kind of weird instance that
8:58
caused the issue and so how long ago before the halt did
9:05
that upgrade requests come out like i'm curious to see how long it took for 33 to to be
9:11
able to use a new binary a week i think i think it's about a week isn't that
9:16
right jeffy it took a week uh well so it was for something i think it was for estimating gas and so it
9:23
wasn't even like an issue within like the transactions it's just sure when you estimate gas
9:28
now it's not quite the same right so it's very go ahead
9:34
the the um we so this was all precipitated by the number of
9:40
uh gauges that were created for free right uh and doing some back the napkin math
9:46
and figuring out that oh man this is gonna actually take a little while longer to
9:52
accomplish the epoch and so then we have this update where it's
9:57
using caching more intelligently and only a subset of the validators actually
10:03
adopted it if all the validators had adopted it then you know we we would have
10:10
retained consensus at that point but because of the way that the reordering happened
10:16
there was a disagreement and us early adopters got the ability to uh
10:23
you know clean up some disk space that's interesting though isn't it
10:28
because it is like uh there's a lot of i think certainly from maybe if
10:35
you're publishing binaries there's a lot there is a lot of hand wringing on whether something is consensus breaking
10:40
and how you get it out and it just goes to show even if you have a pretty good idea there's a chance that the kind of
10:48
the the the tail of how long it takes people to actually do that deployment can have unintended effects
10:56
um sometimes quite bad ones and this is a relevant discussion actually recently
11:01
um obviously there have been some security things happening
11:07
you know we we've already mentioned last thursday there have been some happenings in our backyard um this last week and
11:14
one of the one of the behind the scenes discussions around um
11:21
releasing breaking changes and stuff was about like well how reasonably can you expect uh changes to first of all being be
11:28
actually adopted and merged in stuff by core teams if they're not just straight up contained to an upstream dependency
11:34
and also like how how quickly can you get stuff out to validators again like i think almost every chain has
11:41
got a different approach for emergency upgrades at the moment if they even have one um and so that was a discussion from
11:48
it kind of in in an upstream dependency used by a number of chains sort of saying well okay
11:54
discovery yeah vulnerability discovered in the wild oops here it is
12:00
um and there was just like a lot of stuff around that which i i think all of this stuff is so is very very
12:05
interesting because i the attack surface of course and wasm in
12:11
particular is so much larger than just the sdk
12:17
um that it feels like there's now you know what however many chains in
12:22
production that are now sort of flying by the seat of their pants in
12:28
terms of having to adopt um
12:34
well mitigation strategies as much as normal cyber security right
12:39
because i mean it's back to the that one of the things that came out of last thursday was how do you stop these
12:44
attacks happening and it's like well you probably can't so can you it all becomes a question of
12:51
like how quickly can you recover from them right well not only that but also like what's the response strategy
12:58
i don't think like i think that's the weakest link in all this stuff is like how do you communicate with 120 150
13:04
validators and and i mean you have you know google sheets floating around that have unlimited edit capability and
13:11
all these types of things like i think that's the bigger issue is like really a response strategy like how do you when something like this happens
13:17
like evmost is pulling out a build right putting out a build right now that that basically bypasses governance right that
13:24
has a specific hall height built in to be able to then to be able to run a another version um
13:29
it's it's i think that's the that's the problem to solve right is like we know that there's going to be these these
13:35
situations and the current governance process does not handle these situations like there's no
13:41
like there's nothing built in at least in cosmos sdk governance that says oh [ __ ] we need to upgrade the next 30 minutes
13:47
right or we got to we got to figure out a way to communicate with all validators and all that kind of stuff
13:53
yeah i mean and then the funny thing is well i guess there's a couple of things isn't that there's there are some
13:59
uh there's there is a way you can obviously broadcast to the consensus set and you could drop them a custom message type
14:06
that you could listen for there's there's stuff you could do around that there's also been quite a few discussions around
14:11
um uh what i guess dow dow would cool subdials but what i suppose everybody
14:17
else probably called would if it was just natively to change like a multi-sig or something that could be authorized uh to
14:25
essentially say we are going to take the governor's action of holding the chain so that an upgrade can happen right um
14:33
which is an interesting idea uh but obviously you know very high risk
14:38
um because if any i mean you're just handing over the key to the kingdom aren't you uh in that case as opposed to
14:43
the whole of the the chained out like all of the stakers so yeah
14:49
it kind of comes back down then against the argument of like well unless it's unless it's a very carefully
14:56
controlled flex multisig or something like that that the because what happens if people maliciously use that multisig to hold
15:02
the chain you can't unhalted via governance by removing people from the multisig if
15:07
they've already successfully halted your chain because the people in charge have used their centralized power to hold the chain right
15:14
um so yeah i know it's interesting a lot of these solutions are really really
15:19
interesting but at the moment i guess a lot of the ones i'm seeing mainly come from devs and they kind of
15:25
implicitly assume that they will be in charge and they can be trusted which i think is an interesting
15:30
assumption that i'm not sure holds right well and what does trusted mean
15:36
right um if you're using osmosis trust means that they're gonna do what they can to protect your funds but evmos i
15:43
think it's the first tendermint based chain that didn't even try to halt the change they just kind of let it run its course
15:50
so is it what does trust mean whenever trusting might not be related to the
15:56
funds i mean does it make more sense for them to have not halted the chain and to let the other apps continue running or
16:01
was the security of the funds more important right we're talking about nomad there
16:07
right yeah sorry i kind of like went off in a bit of a tangent there
16:12
well no no but but but so we've we've touched a little bit on osmosis we've touched a little bit on juno
16:19
see do you want to tell us a little bit about what's happened over on nomad
16:24
yeah sure um so the bridge was drained over the course of oh three or four hours or so due to a
16:32
super interesting um exploit where uh basically the bridge
16:38
it's it's kind of like admin user i guess you could say um is is effectively like null so anyone can treat themselves
16:45
as the admin user of the contract and so if you if you looked at like
16:50
ether scan and you saw a transaction you liked like you know send 100 bitcoin to an account you could just copy that
16:57
contract and send it to yourself instead of someone else that that was basically how easy the exploit was um for for the
17:03
bridge that's simplifying quite a bit but that's kind of the tldr um and the interesting thing about it
17:08
was that the teams were aware of it happening like in real time and even more
17:13
interestingly was that an audit caught the issue and was like marked as will not resolve which is kind of funny
17:20
um but anyway but they chose to let it run this course hold a second hold on a second could we
17:26
just back up a second before you continue the explanation an audit caught the issue and it was
17:33
i won't fix it i think i think what i i read that same page i'll we'll put we'll find that and
17:39
maybe shelter you can send it to me and put in the show notes for everybody but it looks like that they they the team misunderstood the audit
17:46
results right they read it differently and didn't understand the actual issue
17:52
and just said oh this is not a problem right yeah and and to be fair so for context
17:57
for for people who aren't in software it's very common to like encounter a bug and to market as like known issue that's
18:02
that's totally common everyone does it in software um it's just interesting in this in that
18:09
like this was marked as a low priority issue um and so they understandably pursued
18:15
the high and medium priority things beforehand it's just that it kind of in retrospect
18:20
seeing that this exact issue was found and then marked will not fix kind of
18:27
gives you something to laugh at i guess so it perhaps should have been marked as
18:32
catastrophic issue yeah oh [ __ ]
18:40
but there's a lot of really interesting sides to the nomad um bridge exploit because nomad has built-in infrastructure um
18:48
let's call them short circuits i guess if they know if they notice um things happen on infrastructure side it can cut down the bridge the problem here was
18:54
that it was the smart contract itself that had the exploit and so the infrastructure that was or the
19:00
the watcher couldn't it had no way of monitoring a smart
19:05
contract exploit versus an infrastructure exploit um and so their built-in systems for monitoring exploits
19:11
or issues to shut themselves down it didn't trigger um
19:17
i i don't know the specifics of that i just know it's pretty interesting that they're kind of watching something that they couldn't or they're they're
19:23
watching effectively the wrong thing i suppose
19:30
yeah that's pretty wild i mean there's a lot of things that are wild about it but i guess there's also like this question
19:36
of what is it about bridges that means they are i mean
19:41
i mean what is it about bridges that means they are so prone to this to these types of
19:48
attacks because it's not just in one ecosystem it's in multiple ecosystems so i don't think it's
19:53
it's not sufficient to just go oh yeah the problem is that they're using solidity and not rust because
19:59
solana got owned as well right they've had bridges their owned and that's you know in a very very safe language as
20:04
well which should be more resistant to kind of everyday programming mistakes
20:09
you make in a language it doesn't have adt's and stuff so
20:14
yeah it is it just that it's the highest risk and most vulnerable bit of the infra and
20:19
so it's naturally going to suffer more attacks or like what's the property of bridges
20:26
that's special or is it just that they're visible i feel like it's that they're visible
20:31
right like i mean this would be a great episode for todd to be on because i know he's actually worked on a bridge i believe
20:38
and he he instilled the fear of god in me about bridges um but i think it's i think it's just how visible they are you
20:44
know that if you can if you can exploit this you're going to get a crazy amount of funds
20:50
and because it's so visible and generally there's not an incredible amount of code that goes into it you
20:56
have a very large surface area to attack
21:02
yeah and i guess well and i guess i suppose in this case obviously it was a ether exploit and it was
21:11
yeah it was it was via a pattern that isn't replicated necessarily in other
21:18
but then you're just like this there are going to be sleeping things like this in in ibc in the cosmos sdk and stuff that
21:24
we don't know about as well so i think that was one of the things that i i thought was interesting as well about
21:30
there were definitely some ibc maxies in the chat if you like who were
21:36
who were to use a word crowing um and i was sat there a little bit
21:41
thinking you know lads you know
21:46
let's not assume that there are no there are no skeletons in the woodwork you know what
21:51
goes around comes skeletons skeletons in the cupboard you know like what goes wrong comes around um
21:57
so yeah i think i think like when you do that type of stuff in these big chats you're like inviting people as
22:05
well to um you know come and test the wares if you know what i mean it's like
22:13
it's you know like with um luna when you know people are running around big
22:19
noting things and then uh maybe that incites some violence
22:24
of of types you know what i mean yeah yeah it's like oh oh you think your
22:30
thing's good well maybe uh let's have a let's have a closer look at that it's like imagine if you went to the
22:37
bank and we're making a withdrawal and the bank teller just
22:42
the the convention was the bank teller threw a roll of cash at you whenever you're making a withdrawal
22:49
you don't actually go up to a counter you say i want a hundred dollars then she eats it at you right
22:59
that that's what i think of bridges as operating as so let's um can can we take like a
23:06
little step back and because not everybody who watches um this is going to know
23:13
like what a bridge is and how it works so i attempted this on twitter the other
23:19
day do you guys mind if i try and explain what a bridge is um from one side to the other and then you can
23:25
correct me all the way through it i'm like five so if you could explain it that way yeah yeah yeah i will try to
23:31
explain it like we're all five i'll [ __ ] it up and then you guys will have to like correct me to the correct
23:38
answer so all right so the goal is to take uh
23:45
token a or token and send it from chain a to chain b right
23:50
uh natively the chains don't talk to each other so someone has to come up with a way
23:57
to reliably have them communicate with each other and transfer tokens so i
24:03
believe what a bridge does is that you have smart contract chain one and
24:08
smart contract chain two and then you send a token to a smart contract on
24:15
chain one smart contract locks up that token communicates with a smart contract on
24:22
chain two to mint some token that's a representative token for the token
24:27
that's locked up in chain one so that's when you end up with wrapped assets like wrapped eath or rap soul or wrapped [ __ ]
24:35
coin and then you can use that on the
24:40
the counterparty chain um to your heart's content as a wrapped asset so the value on the counterparty
24:47
chain is actually a representative value of the value on the host chain
24:53
so then i i guess we need to explain how the value
24:59
can disappear if you get an exploit like we did the other day and someone
25:05
finds a way to exploit the contract on chain one and drains the
25:10
tokens out of it then the tokens on chain two no longer have any value because they're not backed by the
25:16
original asset because they've all been taken away um so that's basically it now the thing that
25:22
i'm not sure about um is how those two uh
25:28
smart contracts communicate with each other and i think that people
25:33
run a blockchain of some description which has uh communication with both of the chains
25:40
is that right or is it just like some sort of third-party software someone's running in their mum's basement
25:47
yeah kind of so in order to communicate between the g you'll have some sort of api and so if you're gonna transfer token
25:53
it's pretty simple it's actually like you send the token and then you send an address with the token saying the output's going
26:00
to be here right and then you have like software in between the two chains that
26:05
just take that address and then it means it sends it off and so all it is is like send it here
26:11
mint it send it to this address so in order for it to work you have to have access to both chains to
26:19
a way to talk with them but that's it doesn't require any sort of like big behemoth third party or anything it just
26:25
requires access from the two chains they're basically like clients in the same way that like clients exist within ibc so
26:33
this is why you see ibc maxis or why we did see ibc maxis
26:40
um crowing a little bit about the the whole ibc model because there is an argument
26:47
here where you go well if you can derive if you can derive something like a valid
26:52
beck 32 that could actually uniquely um rep well obviously you can
26:58
uniquely represent it by ibc as the whole point regardless um but if it could be agreed upon that you can open
27:03
an ibc channel and your chain is made to be compatible with ibc then you you could use
27:10
ibc as the mechanism rather than a bridge because the bridge is just like kind of
27:15
at least my understanding of bridges is just the general purpose term for chain to chain via some light client mechanism
27:23
ibc is just a special case of a bridge that has a much tighter
27:29
spec to it essentially uh well it's it's an it's a native like
27:34
it's a and it's native um yeah it's a well it's a module level right uh bridge it's not like a
27:40
smart contract layer sitting on the shop but that you know that still could have a bug in it
27:46
sure so yeah you know it the fact that it is made well there's also
27:52
but there's not a third-party um light client or something connecting together either they directly talk do we oh
27:59
actually sorry there's no no that's literally what a real air is yeah yeah it's like a relay yeah just delete
28:04
the pet part on the final cut we'll just we'll just crop that part out so that it's not passed so that
28:10
yeah no no no but i know it's a reasonable question but but i think this is this is the thing is that the the
28:16
actual mechanism for ibc is literally the same funds are locked and then they're minted as like a
28:21
wrapped version essentially on the other chain which is why we have this problem um the ibc typically has hops of
28:29
multiple chains in a way that bridges don't and this is where we get into that if i
28:36
if i go stargaze to juno to osmo to stargaze and then i go stargaze to osmo to juno to
28:44
stargaze it's not the same thing right
28:49
well it is it is and it isn't it is what it is is that you still have a representative of that token that's been
28:56
re-wrapped about five times but right you don't have the original the original
29:01
token is still locked up in escrow somewhere yeah so the well so the the issue here
29:07
actually is not so much they're not same thing it is actually a problem of naming the problem is that they're obviously
29:15
they're leaf nodes in a directed graph i guess and you need some way of saying
29:21
these are actually the same thing
29:27
which yeah but it's it's impossible to do because yeah well i mean you chase
29:33
trace back to channels i guess it's like having something wrapped in like 17 sets of brackets right
29:39
you're like well well it's interesting actually yeah i mean i i i'm
29:45
squinting a little bit here but i'm pretty sure the the problem is actually a problem commonly encountered in abstract syntax trees um
29:53
but yeah i mean the easiest way of doing it is actually just to obviously the way
29:59
ibc channels work at the moment is they're registered they're known and then they're upgraded so the logical conclusion of that is
30:06
actually to have a governance mechanism for a smart contractor a module that just
30:11
says okay this channel and this channel are the same thing so that perhaps you when you maybe when
30:16
you register an ibc channel you can also submit a message to gov to governance or something saying
30:23
oh by the way you can expect this rap denom to be coming in by this channel
30:28
and because you can derive the entire path of a of a denom right
30:33
so you could write a piece of software that would unpack that and identify whether or not it's actually been
30:39
seen yet and if it's if it's not been seen before you could basically say oh it it's an
30:45
unknown denom if it has been seen before it's this other denom and then you could just
30:51
filter and triage them um at the moment that would be doable i guess because there aren't that many
30:56
chains but automating that would be a bit trickier but it's not intractable as a problem i
31:01
don't think um i suppose you would just need to break down the derivation path
31:08
get every single chain that's in the path and if you know the set is the same
31:13
yeah it's a set problem isn't it if all of the chains that exist in one path also exists in the other path they're
31:18
the same token it's just come from a different there you go well so here's so
31:24
game of thrones in my started writing a smart contract for this as well which was basically you
31:31
use gov i wrote this smart contract where you use governance to identify ibc genomes as the same thing
31:36
um but actually that's a much smaller way of doing it it's just look at the derivation path for the same thing the same thing done
31:45
there must be some there must be some complexity here i've missed come on no well you well you're talking
31:51
about when it comes from the the host chain right but if we'll say
31:57
rap like 15 times you can't really chase it all the way back can you well i wouldn't change something right but the
32:02
the ibc uh the ibc path contains all the places come from right
32:08
but not exactly it keeps being salted against itself effectively so like
32:14
go ahead no sorry we actually need bloody um
32:19
was it fabian jump on man tell us how the bloody thing works
32:25
right right right right so it's deterministically salted but you still would need to unpack all of the different intermediate hashes yes
32:31
exactly yeah yeah okay yeah yeah
32:37
so it's a harder problem than i thought it was fair enough so to be clear for people what salting means basically is like
32:42
a way of randomizing a a word effectively um and turning the
32:48
into and by adding 16 to it or something that's kind of the idea um a common way
32:54
of changing something in order to make it deterministic if that makes sense
33:00
um so here's kind of a fun thing about ibc genomes um cosmos hub i believe was
33:06
originally the cosmos hub because ibc was all supposed to feed through it so if you want to go from stargaze to osmosis you're supposed to go stargaze
33:13
cosmos sub osmosis originally but
33:18
i would argue that our current like spider web wave going about it is is better but that was the original idea
33:25
but that then maybe makes sense as to why it's designed the way it was because it was assumed that you would always
33:30
have you could always essentially have a single source of truth somewhere for that and it's become more of a federated
33:38
model since and yes and you know what's the largest federated model network in history
33:46
is web 2. mushrooms oh wow and how do they solve that problem with
33:52
your eyes um and what do uris do that's interesting as they carry around their
33:57
entire metadata with them um so
34:04
yeah oh what was that i feel like i just got rinsed there on the mushroom thing what was that
34:10
please hit me with it uh you you asked what is the largest federated network in
34:15
history mushrooms mushrooms ah it's that documentary did you what is that from that documentary
34:21
basically yeah it's very good gentle show of hands who has done magic mushrooms before
34:28
it's an audio podcast so nobody can see that but nobody could see who just did that
34:34
anyway boring um i can't remember what it's called it's called like fantastic fungi i think or something
34:40
like that on netflix you should watch it yeah it's basically a 90 minute propaganda film about the benefits of doing magic mushrooms um and some
34:48
interesting facts about trees i'm so simon's done nothing wrong so let's go i think i'm older than all of you but back
34:55
in my day it was like one of those things you can do this 10 times and after that you're going to be [ __ ] up for life so just watch out so you like
35:00
you like should pick which times you're gonna is this a night am i gonna do this tonight you're like yeah i'm gonna do it tonight
35:06
this is one of the ten and then you make a decision to do it oh man no when i was in school man they
35:12
taught that you do it one time and you're permanently screwed up
35:22
that's what they told us about acid but i didn't realize until really recently until that documentary that you can get
35:27
acid flashbacks from mushrooms and then suddenly a load of stuff made made sense to me well it was one of those things
35:33
where like i had a channel but a bunch of friends were big asset heads and they were like dude don't do shrooms and i have a bunch of firms or a shroom said
35:38
like dude don't do acid that's like crazy like don't do that they're on both sides of that fence so we just did them
35:44
all well yeah i mean it i i don't think it can harm you really it's yeah it's on
35:50
the ground you kind of experiment right yeah it used to be basically when when i was growing up it used to be legal uh it
35:55
used to be legal in england what was good magic mushrooms you just go buy them from a shop get out of here really yeah
36:01
until like 2006 they went from fully legal like as in all age groups
36:08
you can go just buy 10 grams of mushrooms for 10 questions for your insurance cheapest
36:14
yeah afternoon nap here you go straight to class a they went straight from
36:19
free buy them they're really cheap nobody gives a [ __ ] to 20 years in prison if
36:24
you give them to your mate no yeah like what did you just go pick them out of the paddock and eat the [ __ ] thing
36:30
well that's the fun thing isn't it because they grow all over the [ __ ] place you know what i'm trying as long as you know what you're growing yeah
36:36
yeah yeah yeah well i mean they just grow in the woods like uh you know i live in the north of england there are
36:41
plenty of places they grow some of the freelancers i used to work with on a previous project they they've just like a couple times a
36:47
year just go camp in the woods and do shrooms because they're just like oh yeah we know there's a bunch up in the trees uh oh yeah
36:53
they're definitely available around here as well this is like the opposite of the
36:58
marijuana story in the united states like hey if you touch the stuff you're going to jail for 30 years and like two minutes like two minutes like that's
37:05
fine it's no big deal we realized there's quite a lot of money involved in this oh yeah changed up
37:10
oh we can yeah holy [ __ ] we're actually suddenly suddenly decisively on board with this
37:16
maybe we're okay with this actually yeah what are we gonna do about all the people that we put in prison during the war on drugs uh yeah we'll leave them in
37:23
there for right now because we're making some money on that but yeah i mean we're too busy really make money to worry about that stuff so todd says apprentice
37:29
on the next belt of the league legalize i thought pot was legalized there are we talking about mushrooms about
37:35
i think it means mushrooms we're talking about mushrooms then maybe maybe i need to take it another trip to colorado
37:41
yeah like why do you think i would legal but mushrooms aren't because mushrooms
37:47
it's a different level man like i would never get in the car i would net like i would
37:53
you might be scared you don't get in a car after smoking a bag you inject mushrooms one time and
38:00
like your whole family's dead don't shoot up mushrooms man don't shoot
38:05
up mushrooms clearly definitely don't shoot at mushrooms
38:11
[ __ ] hell that is a good piece that is a pumpkin he like injected marijuana and it was it
38:18
was all over that was it the next thing next thing he knew he was tweeting
38:23
against his dog yeah kevin asked a good question how do we get from ibc to talk about magic
38:28
mushrooms i don't know how he actually made that leap but it was it was the the largest federated network
38:35
and it's the the psyllium should we move on so i mean back back on the um
38:41
yeah so i think basically the fray correct me if i'm wrong at the moment we manage the denom by everybody agreeing that
38:48
a certain thing is a certain denom from a host chain right and basically
38:53
you know it's a ui ux issue thing at the beginning yeah i think we try not to
38:59
we try to make it so that people are extreme well we don't really have
39:05
the reason we don't have the big problem at the moment is that the de facto hub of course mars is osmosis
39:10
yeah but also the the agreed upon method by devs is to
39:17
deposit and withdraw from the host chains rather than spit the [ __ ] around all
39:22
over the place right so yeah that's like they're managing it on that level not the blockchain level
39:28
they're managing it on the user interface level so like i mean if you go
39:33
and look at um i don't know about deck scanner but if you look at like uh
39:38
coin gecko right and you look at the the noms on the exchanges
39:45
they're they've got the ibc denom they don't have the you know so
39:50
it you know it's not proliferated through everything yeah i guess because they get their feed
39:56
from osmosis maybe yeah well they're probably getting it straight from the um api right the us
40:03
yeah price api or something so yeah and they don't have like uh you know something to convert it in there in
40:09
their own system so because everything's still reported in the api uh as an ibc
40:14
denom but the you know there's the ui
40:21
makes it um you know that it renames it to the host
40:26
uh denom so i think they've just got a table of like ibc
40:32
the norms that match up with you know juno fmos all that stuff
40:37
um just in that osmosis um software itself so because if you put the ibc denoms no one
40:43
to know what the [ __ ] was going on they'd be like what is this [ __ ] what are all these numbers man well you remember when there was that
40:49
thing where curb the curb the ui for curb [ __ ] up on osmosis and it was just like some random ibc to norm and
40:57
then the pool was just some random gam thing and it was just like wow the [ __ ] coin just got even [ __ ]
41:05
uh like it was completely incomprehensible and it was like okay well so now we've seen under the hood yeah right exactly
41:12
ibc 4260 died that's that's the that's the curb thanks callum
41:19
i like how i like how callum came on last episode was was actually like completely normal
41:25
didn't drop any means didn't drop any [ __ ] posting it as soon as he's back in the chat he's just like
41:30
mr anderson yeah but he did make me feel a little bit dumb
41:35
being in the presence of such greatness how you being yourself if you're being
41:41
serious at this point or not but we're going to choose seriously i'm too serious um
41:50
hey and that's like you know the comments i saw on on twitter and stuff were you know it was like yeah
41:57
we don't have interest in the roundabouts watch game of nodes it was
42:04
i mean if you want to talk about roundabouts i'm game we have one at every intersection around here
42:10
it's it's you have roundabouts oh we have about 200 and some of them in in this area
42:16
that's crazy i don't have to stop from any point to any other point we
42:22
this uh particular region i live in is all about them it's weird like us states have some of
42:29
that like indiana or well not the docs but i think you've docked yourself there before um yeah but indiana michigan is
42:34
the same way michigan has a shitload of roundabouts um i'm in pennsylvania there's nothing they don't even they
42:40
would run into each other but it's weird like maybe maybe it's like scandinavian european backgrounds that
42:46
drive that or something else that drives that i'm not sure what what big roundabouts in europe they love the roundabouts i guaran i don't think
42:52
there's one in mississippi are we going back to having a conversation about roundabouts
43:00
like do roundabouts in not your country that's an evil that's a a two or three lane roundabout not in
43:06
your country is an eye-opening experience as you try and remember when you're supposed to indicate which
43:12
lane you're supposed to be in so you don't die uh doubly so for me because i'm on a bike
43:18
i'm on a pedal bike so when you're when when you're in switzerland did you accidentally take a
43:23
wrong turn onto a three-lane roundabout and you're like i want to avoid ending up on the motorway at this point lads
43:29
that was good fun i mean roundabouts and mushrooms is really the conversation we should be having right right so shame i
43:35
didn't have any mushrooms with me at that point um on your bike you would have been you had been laying on the ground pedaling still
43:43
i think i'm going this way sideways just pedaling away
43:48
so so juno halted uh osmosis had a almost a halt but
43:54
it was just a soft halt uh and then the soft oh is that like a soft slash but
44:00
no no no that's very different a bit disappointed everyone
44:06
you know don would have a lot to say about this conversation about uh you know roundabouts and
44:12
and uh i think you say don would have don kryptonian would have a lot to say about the wholes i think don kryptoman
44:17
has already posted a lot about the holes yeah yeah he says some stuff
44:25
um but i i guess he doesn't watch our show he doesn't care off-riding horses oh jeez he's not in the comments
44:32
we should invite him yeah something like that um yeah we're working we're waking away
44:37
our ways up from like the least impactful halts up to the largest amounts of dollars that were stolen right so i think we're at where are we
44:44
now we know man we're at nomad which is like 100 and something 150 million dollars oh
44:51
actually that's hundreds that's much higher than this uh solana thing right so the the interest the other interesting thing about the nomad
44:57
hack right was and i think schultzy touched on this was that because it was so easy to exploit
45:03
what happened was was not only that obviously when people found out they were like holy [ __ ] and my fun's at risk but also
45:09
loads of people piled in yeah to [ __ ] rob each other yeah so the reason that
45:14
number shot up so quickly you know there were individual like
45:20
attackers presumably the original ones who were draining large sums of money in a systematic fashion but also there were
45:27
zillions of opportunists just robbing each other like literally just robbing it was interesting when you look at the
45:33
transaction history there's just a lot of i don't know why it was all the same amount there must have been something
45:40
about how the hack was working but yeah i don't know if it was like white hatch trying to like save some of it or
45:46
whatever but yeah it basically just had like this going to all different accounts like the
45:51
same denomination or maybe someone was running a script that just fired it off to different accounts i don't know but
45:58
um yeah flash robbery everyone just piling on as soon as they figured it out
46:03
you got weird people on twitter saying they're like running across the the town trying to you know exploit the thing
46:10
to save it save the money somebody said it was like the first social
46:15
driven i forget what the actual term was the first social driven
46:21
hack slash exploit that like people just just copy and paste and go nuts and
46:26
do their own their own version of it so do you think like that will get much of it back or you
46:32
think it's toast it's dead yeah it's toast it's dead
46:39
the parrot's deceased gone on to another place you know
46:45
so in terms of that hack then what does that mean for like evmos so really weird things
46:50
happened when that hack was going on in that um everybody was trying to swap
46:56
out those [ __ ] now [ __ ] coins for uh evmus right so on the evm
47:03
shot up right yeah yeah well on on the avmos based decks is like um i don't know [ __ ] whatever they are
47:10
uh i think you know when you're trying to degen djing your way into making a few dollars here
47:17
well i i i it was so on osmosis i had um some evmos that i was waiting for it to
47:23
get back to two bucks for ages to to sell to pay for my um you know new microphone
47:29
and um and so i just happened to be up and having deck scanner
47:36
waiting for weeks for it to get back up to that price and um
47:41
yeah so it is the the price on osmosis started to follow the trend from the
47:46
other decks as i guess people were thinking they could arbit but you really couldn't um so
47:53
yeah it was weird it shot up like from say a buck 50 to
47:59
to about two bucks and then had like a pretty severe crash and then sort of a bit of a recovery
48:05
back up and then crashed off again but i don't like i don't know if people were thinking that
48:12
um like i don't know why people were buying the evmos on
48:18
um osmosis i don't know if it was just like a bit of a
48:24
follow-on from the other dexes and people thinking they could arbit or if people were thinking that there is some
48:30
inherent value increase in evmos from i don't know the hack somehow um
48:37
anyone anyone know anything about that i don't know
48:43
i i don't know why the price went up jaby i think you're muted man um i mean
48:49
and then it crashed again so if you see an asset selling for
48:55
two to three times what it is on a different market you know you know that speed is is paramount so
49:02
let's just go ahead and get the asset we're going to move it over and and then we'll be able to you know recoup the funds uh and and
49:09
make a buck along the way and then as soon as you try it you're like oh [ __ ] i can't actually do this because
49:15
mad usd is you know shut down and worthless so yeah so i've got all this
49:21
money but i i can't actually you know realize it because they've shut down the contract or whatever so this is
49:32
yeah yeah but then this is also a little bit the third thing with ibc a minute ago right which is the
49:39
you know whether it's ibc or bridge to a user they're the same asset but technically they're not they have
49:44
actually nothing to do with each other other than the perception of users that they are
49:50
the same thing as soon as it's as soon as it's made obvious that they're not the same thing by a hack the value goes
49:56
from something to nothing like like that and and that's interesting because there is not
50:03
that doesn't happen with forex for example there is no there isn't really is there any
50:09
equivalent of this in like traditional finance or forex or something where you do have
50:14
um maybe futures contracts is the only thing i can think of where if i bought like coal futures or i don't
50:22
know or let's say i buy oil futures because i'm a [ __ ] prick um and
50:28
then there's like an oil rig [ __ ] blows up and kills like a thousand whales or something and everyone's like
50:35
ah [ __ ] and then the price goes down potentially my futures contracts would
50:40
be worthless i guess if you had oil futures and an oil rig blew up it would go up
50:46
well how do you know that yeah i should have a point i'll be the other way right so well whatever yeah actually because yeah probably public pr perception of
50:52
oil companies who gives the [ __ ] is not enough for the price is it bad example um
50:58
there's a film with eddie murphy where there's futures that's the thing training spaces
51:04
you're really up with t5 and traditional oranges
51:10
and there's like a blizzard and oranges about that
51:15
financing i think it's something like these reference i'm your guy what do you want to know yeah it's they're trading
51:21
like orange juice or something aren't they like frozen orange juice yeah frozen orange juice right and it becomes
51:26
worthless because the the harvest is different or something and
51:32
they use water yeah the dukes pay off some dude for a copy
51:39
which is a which turns out to be a fake copy because eddie went and figured it out but a fake copy of the frozen orange
51:45
juice process and then they they actually i think they short it is what they do because they think it's going to be down but it's actually up
51:52
but meanwhile eddie murphy does uh mushrooms and everything comes out fine
51:57
[Laughter] okay well it's good that's how i remember it something like
52:02
that yeah okay well so so actually so yeah so even even yeah even eddie murphy
52:09
did not encounter a situation in traditional finance that was anything like the experience of a bridged asset
52:15
going to zero there is there is no such well actually maybe um well
52:21
well let's say you have a container ship wait housing prime housing wait the yeah
52:29
derivatives derivatives based off of an underlying asset yeah okay
52:34
you're like i [ __ ] know it i know it there's evidence there was a movie yeah so 2008 was i guess a similar
52:41
experience in that it was wrapped uh subprime mortgages
52:46
wrapped into like risk things wrapped into other things and sold off to other people and it all kind
52:54
of house of cards fell apart at some point so yeah i guess i guess that is the only equivalent there is not the original bridge is that what we're
53:00
saying subprime subprime mortgages are the original bridge asset don't at us well there is kind of a fun traditional
53:06
finance version of this with the bitcoin etf because everyone assumed it'd finally get through and then the sec was
53:12
like nah it's not and so then the etf is basically going becoming worthless and that's part of the reason why
53:18
celsius and block fight went down because they they banked big on it oops
53:27
but was there etf just bitcoin yeah yeah so you'd buy bitcoin etf
53:33
uh it's basically just a wrapper of bitcoin right you're trying to bridge bitcoin into the real world and the suc
53:38
was like nah dude you're not it's just like buying one stock so it's like not diversified risk at all it's just like
53:44
we backed the entire farm on bitcoin and now we're broke yeah
53:50
yeah and so when the sec said now you're not doing that the value of said bridge to bitcoin became worthless and then the
53:57
company i remember which company was still had all this bitcoin grayscale thank you yeah great skill
54:02
synthetic idos lol so that's just selling stocks that
54:08
represent a real stock that have no tie to it
54:13
for something like it's a championship it's kind of like insurance or the reverse insurance on a bond yeah
54:19
right well since it well i take from synthetic ideos they mean making synthetic assets and doing an ideo
54:25
[Laughter] wait wasn't one wasn't usurper talking about margin call the other day we were
54:31
when we were talking it's like jeremy is like 12 hours yeah like 12 episodes ago great great freaking movie awesome
54:37
really good film it just it was one of those where you know when it comes up on like prime or
54:42
netflix and you see the cast list and you're like seeing this film yeah like jeremy i like
54:47
all these pianos like spacey before he got busted for all that yeah it's got paul uh paul bettany who obviously was a
54:53
master commander the greatest movie of all time um so i was like well if bethany is in it
54:59
and he was a mastering commander of the greatest movie of all time although russ pro was also in that movie and russell crowe is mostly in [ __ ] so you know you
55:06
win some of you do some i just watched gladiator that no i had to go back and see it because i haven't seen them it
55:12
doesn't hold up forever it doesn't but there's some fun stuff in there like first ten minutes
55:18
yeah yeah i don't know the whole the whole like family getting crushed thing is like it's a little bit much but everything
55:23
else it was fun i don't think i've seen it i did not have that in australia
55:31
are you talking about margin call we were talking we were just talking
55:36
about gladiator which is which is wrong oh my god yeah i love that video i thought i thought australian schooling
55:43
you had to watch all russell crowe movies that was like actually a course that's one of my favorite movies man i
55:48
love that movie what gladiator commander no uh gladiator
55:55
wrong answer out of those two wait master commander i never seen that movie isn't it wasn't a huge flop
56:01
it's [ __ ] boring i'm not advocating i thought it was like fully wrong i'm sorry yeah
56:07
you've got ten academy award nominations is that the sign of a movie though is that true yeah it got so many but they were it was
56:14
the same year return the king came out so it only won um best
56:19
dubbing best sound design best adapted screenplay i think
56:25
no best costume design it was it was like three really weird where they were like every house given something but
56:31
we've also given seven to return of the king so you're gonna have to just have the
56:36
the miscellaneous [ __ ] and they were like well you know you did honor you did get a bunch of 200 year
56:42
old cannons record them with with 35 microphones and you know
56:48
get naval experts in you did build an entire ship in a massive flotation tank on a gimbal so you could simulate the
56:54
guns firing and you did fire them with actual blank ammunition so the ship model would move so you could film it
57:00
accurately you did do all those things but we're going to give all the awards to return the kings so sorry about that
57:06
so we'll give you like yeah basically all the ones pertaining to technical cinematography
57:12
um but yeah uh not much else i feel like i'm learning a lot about you
57:18
right now this is actually it made its money back um it did okay in the cinema but it was so blindingly expensive to
57:24
make that they didn't make anymore it cost because they they did all of it with practical special they didn't do
57:31
special effects it's all practical stunts everything on an actual sailing ship two actual sailing ships it cost
57:37
over 200 million dollars to make it was blind and it all resulted in a doge [ __ ] movie
57:45
well you are objectively wrong then alex is pretty much the perfect film everything you
57:51
need to know did everything you need to know about succeeding in life you could basically learn from a combination of
57:56
master and commander and maybe layer cake so i mean yeah okay the amount of time you've
58:02
given me like layer cake references like oh this is like that thing in layer cake it's at least maybe 10 times
58:09
at least i mean like and you just pull out these random one liners from layer cake you're like oh this is just like this i'm like
58:15
yeah man watch another movie 300 000 imdb users have classified
58:22
mastering commander as decidingly average well they're objectively wrong as well
58:29
so it's a solid seven out of ten you know we have talked about this previously there is even a thing there
58:34
is even a thing we talked about this movie have we yeah yeah were you talking about how good it was and the rest of us
58:40
were just [ __ ] crickets oh wait wait is was there a sequel like in episode one but you know there's like you know
58:45
there's like this whole thing where the americans didn't realize starship troopers was a satire right and then there were all these think pieces that
58:51
came out like 20 years later being like verhoeven starship troopers is actually a clever satire and everybody in europe
58:57
who watched it was like yeah did you guys not see robocop like the guy only makes satire that is
59:05
i'm doing my part yeah what's a starship troop is also one of my favorite movies it's way better right
59:12
but but so then that's right similar thing is starting to happen with mastering commander if you go on youtube there's a bunch of people with like
59:18
these hour long video essays being like this is the most underrated film of the last 20 years but you're not there i'm
59:23
like i never actually think this is good cinema i don't think they are doing that man i don't think they are
59:30
thank you i think you might be on mushrooms more often than you think
59:36
uh is this satire well what is what's happening to your
59:42
cosmos validator podcast oh no this is film school with the
59:48
phrase okay a quick search on youtube reveals
59:54
uh at least two yeah two the best movie you the best star trek worst weird okay um so the
1:00:01
whole thing a whole thing about why is really good a whole a 3.8 million views
1:00:07
history breakdown on how historically accurate it is uh 661k views the most underrated cinematic
1:00:15
masterpiece uh the greatest film in the 21st century there was a lot of video essays basically saying this 1.9 million views
1:00:22
for famous movie scenes that historically accurate a bunch of expert reacts
1:00:29
uh a drinking game that's cool there actually the mastering command drinking game is very good i
1:00:34
would recommend that um look man just because people say it doesn't make it true i think it's like a
1:00:40
pretty heavy minority while advocating for this whatever i don't give a [ __ ] [ __ ] you um
1:00:50
i mean the best movie of all time is homeward bound because it's a delightful story actually
1:00:57
about a couple dogs trying to get back home there's also a cat but it's mostly about the dog we
1:01:02
don't really talk about the cat i used to watch that at christmas um on my arm
1:01:07
that's a good film i think we can't agree i mean this came up because of paul bettany and paul bettany is an
1:01:13
awesome actor that guy's great he's great i haven't seen master and commander because you know i have good cinematics but
1:01:20
i think he said i'm sorry i think you need to watch mastering commander before you you make that statement because i
1:01:25
will you might watch it this week that's my homework that's my game of notes homework is the sit down if you think gladiators half decent and you watch
1:01:31
flash you watch watches watch mastery commander open minded time user let's let's watch
1:01:37
master and commander let's do it together this week let's uh history history homework and
1:01:43
then let's just jump on let's jump on a call together we'll put it on get some whiskey out stare at your akash sweater
1:01:49
first half hours while i watch master and commander right five pages of reasons why it's [ __ ]
1:01:55
for the next tweet for the next week i could be like 12 notes yeah mystery
1:02:02
science theater 3000 type thing that would be perfect we can have a book club but it's a movie
1:02:07
club on the blockchain there we go that's it
1:02:15
with tokens and then the worst movies like master and commander you can stake on
1:02:22
wait what hang a second what if we what if we do create a marketplace for movie reviews
1:02:27
what if we just do that does it need to happen no will we make it's gonna be worth billions lads is
1:02:33
this just another module for hell are you about to have another dj moment
1:02:39
to be fair everything's social including movie reviews so let's just let's just throw it in there callum's in the chat what if if callum says we're doing it
1:02:45
we're doing it there you go he can be our chief product officer is kellum actually the boss of you too if he says it's dj enough we do it and
1:02:52
then i trigger the i trigger the lamborghini clip and then we we move on with our lives and that's that's that's
1:02:57
a feature it's on the roadmap um
1:03:12
it says i don't know i read that it's don't put it on the podcast as watching
1:03:18
no because it's [ __ ] nobody can see this so reena i think
1:03:24
i i think that might be an oblique reference to the family guy master and commander joke surely
1:03:30
you know the you know the family guy joke about mastering commando they do yeah cultured for us brother i think all right well
1:03:37
it's it's just it there's just the cutaway just goes there on the watching movie channel it goes and now we go back
1:03:42
to masturbator and commander and then like there's there's a there's like a french ship
1:03:48
firing at this british warship and there's something like bashing on the captain's door and he's just like sir [ __ ]
1:03:54
[ __ ] hell should we return fire crikey and he's and you just hear like this gruff english voice go like one
1:03:59
second uh yeah that's that's the j that's the beginning of the joke so what that pop
1:04:06
most is common kind of anyway dps
1:04:11
yeah let's get back to you let's talk about dogs for a second dogs for a second so it's a lot less
1:04:16
about the salon slope thing is salon a bigger value than nomad
1:04:23
no i think a small one is actually quite small i heard it was like eight million or something it's like oh really so it's like one
1:04:29
19th the size got that to be way too long eight million dollars like not even worse bringing up
1:04:35
yeah that's simple price there's a morgan just a day in crypto hey yeah can i just buy in can can i
1:04:42
take an opportunity to get us like demonetized
1:04:47
please with that sexy voice and that new microphone hell yeah
1:04:52
family friendly uh yeah well this is totally demonetized afternoon movie
1:04:58
masturbator and commander captain the enemy ship has opened fire
1:05:04
on us i'll be right out sir we've already lost 10 men hang on sir don't you think we should return fire yeah
1:05:10
yeah go ahead and do that and i'll i'll meet you up there in like five minutes
1:05:16
wow you pretty much thumbs up that movie yeah so it's like i just kind of vaguely
1:05:22
remembered it but uh yeah it says a lot about my ability to
1:05:28
remember useless [ __ ] but i can't even remember the name of a method called doesn't it um so just so everybody knows
1:05:33
that was masturbator and commander in my radial voice
1:05:42
um so hey you know okay before before we go back to this this exploit business did everybody see
1:05:49
june last year was anybody into that you know the new june film i did yes i watched that i mean
1:05:58
yeah i didn't realize i didn't realize that was like part one of [ __ ] how however many parts they're gonna do
1:06:04
until i got to the cinema sat down and it got to the credit and it was like june i was like [ __ ] let's go and it
1:06:10
was like part one yeah i was so disappointed when i got to the end of that and i'm like [ __ ]
1:06:18
yeah i literally i was sat in like the third row in a packed cinema what the [ __ ] like involuntarily and
1:06:24
then they were like everybody around me was like i'm like oh [ __ ] sorry i'm not in my
1:06:30
[ __ ] living room wait that was playing is this a j-u-n-e june dude i think you would know
1:06:37
how the hell do you guys so okay pronunciation oh wait wait you said but you're not aware of this i'm aware of
1:06:42
dune but you said june okay thank you june i think we've
1:06:48
established dune he says wrong doom
1:06:53
karate is in sanji aluminium
1:07:00
[Music]
1:07:07
[Laughter]
1:07:26
wait dead silence on this call chaby until you say dune correctly
1:07:32
dune or june two different things june was very different to jaby with the g
1:07:38
massive just said yeah i'm debbie i don't know what he's
1:07:44
saying dabby dabby
1:07:51
sand june's maybe lilo oh okay so the solana thing was only eight million dollars is that even i
1:07:58
feel like that's beneath our notice isn't it like a million dollars nothing i mean two two people on this podcast have sent that amount of money to the
1:08:04
wrong address you know that's a week's work
1:08:14
halt is like the smallest who gives a [ __ ] article on their podcast for the
1:08:20
week [Laughter]
1:08:32
i wouldn't even lean down to pick up 8 million and uh go our pal ghost friend of the
1:08:40
show has said i've lost eight 200 million dollars to fraud and i'm still here
1:08:45
now that's a reference somebody said that unironically didn't they on a twitter space that was on the twitter
1:08:52
space for uh what were you just talking about the fmos thing what's that called
1:08:58
help me out what was the bridge that i'm just talking about
1:09:04
so i got on the nomad twitter space like hey i've been in this space since 2015 i've lost two million 200 million
1:09:10
dollars and i'm still here on rugs and polls and this and that that's wild like
1:09:16
but then the question is like okay if you lost 200 million dollars and you're that sanguine about it and how much did
1:09:22
you make well he must have had to have had 200 million to lose right
1:09:27
no at least he said he started with five thousand five five thousand dollars and grew up through like you know whatever
1:09:33
like early days right grip 200 million and lost it through different types of exploits and this and that and didn't really say what he was
1:09:39
still doing but so he's made a bunch of money from luck by the sounds of it and like
1:09:45
money from stupidity he's not stupidity well i don't know if it was stupidity i think it seemed like it was it was it
1:09:52
was it was like i cannot i could relate to this it was 50 to 60 year old salty [ __ ]
1:09:59
i got in early i got lucky and [ __ ] happened and here i i'm still here
1:10:04
because i believe in it i can relate i understand exactly hey
1:10:12
tara let's talk i can eventually i don't understand exactly where that person is coming from not 200 million dollars what
1:10:17
the hell so can we just appreciate for a minute the irony of uh
1:10:24
evmos getting wrecked basically the wreck drop wrecked itself yeah
1:10:32
this is like a circle i mean i don't know it's uh unfortunate i guess although i guess
1:10:37
technically nomad got wrecked not admoss trickle-down yeah
1:10:42
yeah the effect is that everyone on evmos got wrecked because they all had those wrapped assets right
1:10:51
yeah that's true so like you know it is it is like a moment's silence for all the people that
1:10:58
were using that bridge to be fair that is absolutely pretty yeah it's pretty nuts
1:11:04
anyway the worst part about is that like i mean there's like this guy who turned 500 000 or sorry thousand five
1:11:11
grand of the two million and says hey i got like you know i got this for two million dollars or whatever the hell it is like that's that's a nice
1:11:18
story and it's fun to laugh at but there's there's a lot of people who start with five thousand dollars or lose five thousand dollars right and the
1:11:24
numbers of those is probably multiply a thousand or two thousand or ten thousand to one
1:11:30
and that's that's [ __ ] awful which which just basically means that like this idea and this whole
1:11:37
vision for how blockchains can solve some problems is this not going to
1:11:42
happen right or it's going to be delayed for x number of years because of this [ __ ] and that's bad for everyone right
1:11:48
like it's it's nice to talk it's not nice it's it's interesting to talk about what's going on within nomad or this
1:11:54
stupid wallet thing where i guess they were just taking i guess they were taking customers 24
1:12:00
word seeds and plastering them billboards i guess is the is the story with the slope
1:12:06
situation yeah so somebody posted in the chat possibly rama that
1:12:11
um it was apparently like some integration pathway where they were just being like
1:12:17
here is here is a seed phrase um here we go and you're like okay well
1:12:23
yeah so it's not an upstream well maybe there is some some element of an upstream hack here as
1:12:28
well but like equally there is a very very localized piece of stupidity that's happened close to the
1:12:35
seed phrase that has resulted in it actually getting leaked in the first place so
1:12:40
yeah i mean it sucks and i feel sorry for people involved but it is like oh okay well it you know touch wood that
1:12:47
doesn't mean it isn't there's nothing like a knock-on run of things crashing
1:12:52
as a result of this no um and to be fair you know actually put these put these hacks into perspective none of it's as
1:12:57
big as terror you know uh ust depeching is probably gonna be the
1:13:03
the biggest [ __ ] show from this bull cycle by a big margin sure but i mean
1:13:09
again it's that's a that's at an aggregate level at an individual level it's still [ __ ] awful right like i
1:13:15
mean you know right so it seems like um
1:13:21
yeah it's just i mean i mean i think friend of the show uh what the [ __ ]
1:13:30
the print of the show jack said something along the lines of like hey this is the importance of open source wallets
1:13:35
and i would agree with that um this is a closed social wallet that was an ios type of thing people probably selected
1:13:40
it based off of screenshots in the ios app store right based on what looked pretty or what they thought might be
1:13:47
uh might be useful and next thing you know you have a situation where behind the scenes they're
1:13:53
doing something stupid uh which they should not be collecting seed phrases anyway and that should never freaking
1:13:58
happen that should always be local on device um and why those seat phrases would make it
1:14:04
back to a centralized server or wherever the hell happened is utterly freaking ridiculous
1:14:11
and it's a it's a you know but how would how would anybody downloading an app off the app store understand that right i mean that's kind
1:14:17
of the issue right you just kind of pick it based off of reviews and i look at stars and next thing you know
1:14:22
your funds are drained because you have a company behind the scenes that's stupid
1:14:27
yeah i mean i guess yeah all of us would do our due diligence for anything we run as a
1:14:32
validator and stuff but have all of us audited the code of ledger and not that kepler
1:14:38
no but but i have never installed an ios or any sort of mobile wallet that's the
1:14:44
other piece too it's just well yeah i mean i i ledger but yeah yeah i mean i i don't even buy i don't
1:14:50
even do i wouldn't even buy a [ __ ] pizza from a phone i literally my phone is some messaging
1:14:56
and looking [ __ ] up and if i need to pay for anything with a credit card it happens on a laptop
1:15:03
really yep a lot like crazy yeah i mean i carry i
1:15:08
have i have a card that only is a cash card it only has some some money on it which is in my google pay
1:15:14
uh just in case i need to when i'm out cycling or something like that and i've already got my phone on me yeah um well
1:15:21
credit cards are different because there's there's some protection there like i'm paying for that service right like there's a percentage of getting and
1:15:26
i'm paying for the if something gets hacked it's on them that's not on me yeah but then that's part of the value
1:15:32
of paying everybody i'm a cash only kind of guy i don't have a credit card i'm don't have any of that stuff so
1:15:39
and you go to a bank vault to compound your rewards yes
1:15:44
i don't believe in i don't believe in credit i don't really i don't believe in loans i don't believe in credit um i
1:15:50
think it's all the way of i think it's all a way of um creating compliant bodies under capitalism to do the
1:15:56
biddings of corrupts upper class and i don't want to be a part of i have a student loan which i'm not
1:16:02
super happy about because you know i could afford that um everything else i refuse to participate in late capitalist
1:16:09
credit systems i think it's a scam it is a scam right
1:16:14
and then when people try and create stuff on a blockchain i'm like well i i don't get involved in trad fire i wouldn't get involved in the blockchain
1:16:20
i think it's i think it's a system of of economic slavery it has no other purpose than
1:16:25
that um so yeah yeah that
1:16:31
yeah have you read 5 000 years of debt i think you would enjoy it no it sounds interesting uh obviously like i mean the
1:16:37
irony i suppose here is that you know you would expect me to be one of those people that's like oh the government budget must be balanced it's like a
1:16:43
household budget but actually when it comes to government economic policy i'm exactly the opposite i'm like spend all you want mint debt don't give a [ __ ]
1:16:49
it's government debt it's 150-year time scale nobody cares um
1:16:55
so amount of contradictions put put this on your book list it's uh david gr greg
1:17:05
[Music] it's a good book i will go and buy that i can give you a relevant
1:17:11
do you want to join a recommend back if we're doing serious books i recommend skunk works
1:17:17
by what's his name let me talk amongst yourselves i'll find you a
1:17:23
reference for my uh my current book reading is mistakes were made but not by me
1:17:33
with cognitive dissonance i'm running through the shock doctrine by naomi naomi klein
1:17:41
what's that about uh basically how the cia screwed south america
1:17:48
oh nice nice more than that but that's that's a pretty decent dldr jaby do you have a book that you're
1:17:54
reading currently that the first 5000 years oh yeah really
1:18:01
yeah i'm through like the first few chapters of it and i'm like oh yeah yeah it's totally we're just um
1:18:08
compounding the concepts of western religion to
1:18:13
serve as the basis for uh for our financial systems totally makes sense yep
1:18:20
oh man you said yeah i'm reading master and commander
1:18:25
and it's [ __ ] garbage [Laughter] well the novel the original novel the
1:18:31
highly regarded i don't wanna i don't want a wikipedia article around it i was just making a joke [Laughter]
1:18:38
it's a beloved series
1:18:43
with a similar step stature to the shark novel just it's literally like 400 pages
1:18:52
it earned a a solid seven out of ten on imdb it's a picture book of turds
1:18:59
this is good this is good yuck has already worked himself up into a hatred so when he watches it
1:19:05
he's gonna be like oh hang on a minute it's actually quite well shot and the sound design is very good actually
1:19:11
i've never seen it i have no opinion to this movie my opinion is purely towards your love of it
1:19:17
look this man's talking about like lighting effects he's got a [ __ ] broken lamp
1:19:23
pointing at the wall for his lighting in his studio well i haven't i have an architect's
1:19:30
lamp because you know it's actually like important to see the stuff you know for writing that and whatnot that isn't that
1:19:36
is an unshaded bulb sitting on a broken lamp that has no back lighting there's no key
1:19:42
light for everything like i said you walked away before for everything that you spend in audio you spend the inverse in
1:19:49
lighting well this it looks like you're sitting near an architect's lamp it's a it's a really
1:19:56
really good long work lamp so you can all of the stuff on
1:20:02
your desk is evenly covered and it's also um it's different colors during the day and
1:20:08
night so you can work late at night without ruining your sleep i would say
1:20:13
i would describe that lighting as harsh and unappropriate for a podcast
1:20:19
get a [ __ ] light well i have i have a ring light obviously but i
1:20:24
prefer to not be like set in the dark which is what it feels like when you do that
1:20:31
yeah you're yellow very weird it's no it's i don't know it's the ring light's super
1:20:37
weird because remember it's late at night here so it's all it's all very weird with the room lights whereas i
1:20:42
actually have like stuff on my desk so it's weird to not have the death light on anyway the book i'd recommend
1:20:48
is skunk works a personal memoir of my years lockheed um by ben r rich
1:20:54
ghost written by leo amos it's a very very excellent book about the
1:21:01
research and development and managerial strategies of lockheed martin skunk works that allowed them to
1:21:06
develop the u2 then the sr-71 then the f-117
1:21:11
nighthawk so we will put these all these books in the uh show no in the show notes i hope
1:21:17
so yeah um you guys remember what we talked about obviously i will i will go out and buy uh your recommendation with
1:21:22
book and i'll go read it and you can have a review on a future episode um and yeah shock doctrine is like a
1:21:28
solid stone cold banger um no logo by naomi klein is actually i guess the
1:21:34
original inspiration for howl um for fans really
1:21:39
yes um the motivation of like brands and
1:21:45
advertising kind of destroying the world but via occupying mental space is kind of the chief motivation for building
1:21:51
something like hal it's also my chief interest for joining the blockchain space in the first place
1:22:00
is this i have heard of that book actually i can't say that
1:22:06
oh you've been talking to me of you man i picked up i i saw that in the dow dow uh discord and i bought it and i uh
1:22:14
i read it when i'm giving blood it's uh quite enlightening
1:22:20
you've been giving plasma it takes a fair fair while and i like to sit there and read like you know
1:22:26
these little uh these little things that's hilarious you're like what are you reading i'm like i'm enlightening myself
1:22:33
oh man break it um yeah okay well um
1:22:39
so should we talk about how did you know what happened do we want to do we want to post more of that
1:22:47
well let's let's uh is there any more is there any more dps
1:22:52
to go over from the other dps that we haven't gone over yet we've also got some questions here we should maybe answer the questions at some point but
1:22:58
the ghost asked business that bad you have to start doing putting plasma [Laughter]
1:23:03
we don't get paid in australia it's it's freebies plasma for freebies over here yeah
1:23:10
just like just like niles t-shirts another freebie it's fallen in hard times
1:23:16
i'm not sponsored by a cash but
1:23:23
maybe we can work something out i can work something out yeah i won't tell anyone and i'll shill your [ __ ] on twitter greg
1:23:30
greg reach out come on just reach out to me privately did you get the t-shirt before
1:23:36
or after greg came on game of notes no i was like way before it was like a year ago they sent me this
1:23:45
fair enough tie-in um so sorry no you what did you want to cover before we oh yeah let's let's just
1:23:52
um i would like to just comment the incident response this time was uh very
1:23:58
good in my opinion uh quite a quick turnaround um it's like an all hands on
1:24:03
deck thing uh yeah you might be able to explain it in better words than me but
1:24:09
um from the the moment it was like identified that the chain was halted instead of like freaking out people were
1:24:16
straight on to finding a solution um i think
1:24:21
it was a pretty quick turnaround on a solution um and we have like a playbook now is that
1:24:28
right for for christ's christ to see
1:24:33
yeah i mean in the sense of obviously we have to find and patch the thing first that's the
1:24:40
that's the unknowable bit but as soon as i think that happened quite quickly i like i think that happened within a
1:24:46
couple of hours yeah yeah i mean there was obviously we're very lucky that we had a saf looking
1:24:51
into it as well but also there were um uh what's angelo from bitsong um
1:24:58
obviously ethan was there as well ethan was about there basically there were a lot of people around and i i think actually
1:25:07
the person who first so obviously somebody decompiled the
1:25:13
contract um and it was something to do
1:25:19
there was something there was some mention of reply i think that was the clue it was it was time and then it was a
1:25:26
reply there was a time and there was a reply and that was the kicking off point for angelo and dimi to start
1:25:32
looking into where that might have come from and that pushed us in the direction of author z which then revealed the
1:25:38
exploit in time um so and the interesting thing is this there
1:25:43
was actually a bit of misdirection in that as well um because there was a there was a potential smoking gun
1:25:50
um that was identified very early on and actually dimi uh and angelo from bitsong
1:25:55
and dimi from core um came up with a patch that they demonstrated actually solved
1:26:03
the bug but it it it was actually a bit subtle
1:26:08
it hadn't solved the well it caused it solved a potential case of the bug but it hadn't
1:26:14
actually patched it um and a saf basically was the one that
1:26:20
actually showed that the uh the thing that we thought might be happening which was a system local time was being
1:26:26
inserted to cause non-determinism was actually not happening um in the contract anyway the malicious
1:26:33
contract although whether or not that would have been possible i don't know i don't think so but um that was the
1:26:38
initial thought as to what might have been happening there so so can you then break down um
1:26:45
like we're five uh how the the exploit halted the chain
1:26:52
um i think i know somewhat but i'm not 100 um on the exact
1:26:57
exploit and how it caused the non-determinism okay so it's quite clever
1:27:04
um but the very the very very short version of it is that
1:27:10
every transaction in the sdk returns events uh when it when it returns there's like
1:27:16
a response and you can attach events to that and events are just like
1:27:22
metadata like i guess there's a way of thinking about it's usually stuff like hey here's an event that says i
1:27:29
the thing that was called was blah like say send um the sender was
1:27:35
this address the recipient was this address like you might all three of those might be encoded as events
1:27:42
i guess right um and they're serialized via protobuf
1:27:48
uh bishbash bosh right they're outside of consensus
1:27:54
um so they're not validated by the blockchain state machine before they're committed so that they are not
1:28:00
deterministic they usually are in practice because obviously anybody who works on
1:28:06
blockchain is afraid of non-deterministic behavior in general but they're not get this is the crucial
1:28:13
thing is although they almost always are deterministic they're not guaranteed to be a deterministic and it doesn't matter
1:28:19
that they're non-deterministic because they're outside of consensus so who gives a [ __ ] and here's where it gets fun right
1:28:25
because within cosmosome you can read events from other cosmos and
1:28:34
contracts you know this is how you pass information about things that have
1:28:39
happened right so somebody worked out that using the reply endpoint which
1:28:44
essentially takes input from the result of a an operation in either the sdk or
1:28:51
another smart contract you could um collect those events if any
1:28:57
of those events were non-deterministic right so within cosmosome it's not you can't there's no
1:29:03
non-determinism in that because of the way the serialization works but what somebody had found
1:29:09
was that in auth z there was a situation where the events returned were not always deterministic
1:29:16
um it was i wrote this down it was yeah message grant revoked right
1:29:23
so what you see in the contract is it's calling them a whole bunch of times because sometimes it's non-deterministic
1:29:29
well well sorry it is non-deterministic but sometimes the the the result will be different right but then what you can do
1:29:36
is if you feed a whole bunch of those transactions to a whole bunch of those events to the reply endpoint
1:29:43
and you ignore success or failure uh and then just say the hash of that
1:29:49
eventually at some point they'll disagree right across different validators and you get an app hash well you don't get an app actually get hard
1:29:55
fork um okay so they've they've taken the output from they've taken the output from a
1:30:01
module as the reply with junk uh that would
1:30:06
normally be you know the same across the validators but sometimes you end up with a
1:30:12
difference in time yeah and normally they see no impact absolutely no impact because it's just normally probably
1:30:18
discarded right not not because it's not part of consensus so and and nobody
1:30:24
takes those as input normally to anything else right yeah and so they're feeding that reply input into a smart
1:30:30
contract which does some [ __ ] and then gets booked because one or two validators ended up with a
1:30:37
different state yes well would every validator end up with a different state which is why you
1:30:42
saw so many calls uh in the exploit yeah um also
1:30:48
yeah it's it's clever it's a clever exploit you had to have spotted the exploit in author z
1:30:53
you had to then know that wasn't e uh not only would accept those if you
1:31:01
use the reply endpoint which is bear in mind like ninety nine percent let's say 50 60 of
1:31:08
simple smart contracts only use the three standard endpoints they don't use the reply endpoint um
1:31:14
so you had to know about that and then you also had to know that the the wasm module that implements cosmosm
1:31:20
doesn't do any additional filtering that would change that output um to the to the module and that it accepts
1:31:28
events from other non-wasm modules to the reply endpoint
1:31:34
so that's that's quite a few things to know um i
1:31:40
think i have a a so there's there's obviously a number of
1:31:46
this is when we get into who do we think done it territory
1:31:51
and i think where it gets more interesting because obviously there's always the possibility there is some script kid
1:31:57
um and there is also a possibility it's somebody who just looks for upstream um dependencies to grief these projects
1:32:04
like you know there's um there's a really interesting thing so i spent the last couple of days basically
1:32:10
digging through issues to work out the order in which this stuff was was found
1:32:16
and one of the things you see is that there are these unrelated issues that have been sort of raised on on wasmd and
1:32:25
cosmos sdk it commented right which yeah they see this in the next version
1:32:31
we're not even that so people have ra they've been trying to implement some piece of functionality they've noticed some weird behavior and they've gone hey
1:32:36
this thing's weird can we fix this and they've not thought hold on a second is there a chance that this could be
1:32:42
used as an exploit so they've just said it publicly on an issue
1:32:48
um and there's actually so the real yeah and the really so the really interesting thing is like uh there's a but there's
1:32:53
two issues in cosmos sdk which i think asapha pointed to on his twitter thread um saying oh this has been reported six
1:33:00
days ago more interesting is that like 12 days ago or whatever um there was something
1:33:07
raised on wasm d which was i i think ground zero for spotting that
1:33:14
this was non-deterministic which was about gas fee estimation
1:33:19
and what's really interesting about that is while people are already i think in korea maybe for hackathon and the first
1:33:26
reply to it is somebody from confio saying yo do not post this [ __ ] publicly
1:33:35
follow the disclosure procedure in security.md if you want to talk to us about non
1:33:40
about gas non-determinism and that did not happen
1:33:45
so what or it did behind the scenes and we didn't see that bit and we got hit
1:33:51
before that that discussion around its course but what i also saw
1:33:56
was the same user opening issues both on wasmd and on cosmos
1:34:03
now i don't think that's a malicious thing but i think it goes to show how subtle
1:34:08
this bug is that the reporter who essentially found the exploit
1:34:14
that themselves did not even realize the seriousness of the small thing the
1:34:19
seriousness of the thing that they had uncovered they'd found some inconsistent behavior and they were trying to just chase it down
1:34:24
um for consistency's sake but very few it took a while i think for
1:34:30
people to spot what issue um this actually was and the real
1:34:35
catalyst for that was actually juno getting taken down i think until that point nobody had really
1:34:41
even though there had been a couple of mentions of hey can you actually also pass us on to the security contact
1:34:47
nobody was like delete this thread you know nobody had taken that level of like
1:34:53
stop talking delete this github issue this is actually a security threat which i think you know if people would
1:34:59
realize the seriousness they probably would have done um given that can you actually delete
1:35:04
an issue is it does it still exist no you can populate it if you're the you know if you're the organization you can
1:35:09
[ __ ] delete that [ __ ] oh you can like nuke it out completely of course yeah yeah
1:35:15
so there's a few things going on there but there's there's like a kind of audit trail between like issue 904 and wasm d
1:35:21
and then issue 910 um which i think it pretty clearly shows
1:35:28
a user running into a kind of interest like a kind of edge case that they can see as a bug
1:35:33
but but the various people involved either not
1:35:39
spotting the severity of it or not wanting to again say disclose because that's the other thing
1:35:44
like if you it cuts a number of ways if somebody finds a bug and you're sat there re
1:35:50
triaging the issue and you go oh my god this is really bad do you say to them stop talking this is really bad they
1:35:57
might be an attacker do you delete the issue and then make them realize it's a bad thing i see this is where it gets
1:36:03
into all very low trust up i don't know 100 what the correct thing to do is that you know do you delete that issue
1:36:10
because you don't want additional people to see it but in doing so at least that one person
1:36:15
knows that they've probably found an exploit you know that could be a throwaway
1:36:20
burner github account and they could be the person who hit us i don't think they are in this case because they've been
1:36:26
too kind of doxing themselves and noisy on on github and they seem to be genuinely working on another project so i don't
1:36:33
think that's that but yeah i don't know it's all quite interesting i think from that kind of
1:36:41
uh maybe social side of things with this like how how do you manage that risk uh that risk surface do you know what i
1:36:46
mean um and and as an aside just for those who are kind of interested about how this
1:36:53
stuff works obviously serialization and all that kind of stuff is a more complicated subject and there's an interesting point here which
1:36:59
is that protobuf itself is non-deterministic for maps and that all that kind of stuff is used quite heavily
1:37:05
in cosmos so when i say like people are very alive to non-determinism in cosmos and jaby will obviously also know about
1:37:12
this is that there are a series of adr um decision records and design patterns
1:37:17
in cosmos to deal with non-determinism in um
1:37:22
serialization cases it's why anybody who's worked with the sdk uh sees like quite there's quite a weird
1:37:28
sort of syntax for a lot of the stuff that's basically ordered maps
1:37:33
um so the inputs are kind of ordered to the first key in the second key and the third key so sort of
1:37:39
to the user eventually they get by json it looks like a map but when it's actually worked with it's actually more
1:37:45
like uh it's more yeah it was an ordered it's an ordered dictionary or it's an ordered
1:37:51
hash map depending on your language and what your language kind of calls it but there's like a if anybody's
1:37:56
curious adr 27 and adr 20
1:38:01
i think i should look at my pad adr 20 hey two of the ones that kind of govern that behavior in the sdk which
1:38:09
sort of shows that this is something that is very very serious in other contexts but just in the case of events
1:38:14
in this particular case like it was just not sorted um and then the fix for that has obviously been to just enforce
1:38:21
what number one enforce fil for sorting in wasm d and number two filter non-wasm
1:38:26
events so that's how it's been patched for the future um which is you know you should
1:38:32
have luck if you had a non-wasm event use case that you wanted to feed into the reply handler but
1:38:38
um i'm not aware that anybody does so um so yeah that's it that's that's
1:38:45
that's the juno hack uh so moving on from that explanation um
1:38:53
that longhouse explanation so uh now now you're no longer five
1:38:59
yeah exactly i think i've grew up from five to like 40 and with 20 years of
1:39:05
experience through there uh but anyway so one thing that
1:39:10
has resulted from this hack also is
1:39:16
we have realized the now pressing need um to be able to recover from these attacks
1:39:23
quickly which is not currently possible with the uh invariant issue when we
1:39:30
um hard fork so the uh invariant checks when we're
1:39:35
restarting the network are now taking like an entire day so
1:39:41
we were i think we found and patched the issue in under like you know eight
1:39:47
or so hours um and had it out two of the validators but then spent the next 24
1:39:52
hours with invariant checking so i believe that
1:39:59
juno core are going to put out a bounty
1:40:06
for people to try and improve the sdk
1:40:11
um in that we can get through the invariant checks quicker like some parallelization
1:40:17
potentially i don't know how that's going to go but that's going to uh an outcome and
1:40:23
can someone tell me what a nutella kid is like the uh
1:40:30
i don't know i saw people say words script kitty and nutella kids
1:40:37
uh script kitty well script kitty is just a kid who takes down your website
1:40:43
are they smart or do they just write scripts that do random stuff that breaks things the
1:40:49
implication is that they're a [ __ ] little prick who's copy pasted a script off the internet
1:40:55
and so no one knows what so i'm not alone in not knowing what nutella kids are where did that come from i don't
1:41:01
know if someone said it in the chat it's like oh it's probably a nutella kid i didn't know what it meant
1:41:06
i don't know i just see there's a somebody knows little kids why are you going to bring hotels into this
1:41:12
what did you tell her they didn't do anything right i i assume it's a young person i don't know
1:41:17
did you know that nutella you know for do you know what ferrero rocher yes
1:41:23
did you know that it's just nutella inside ferrero rocher
1:41:28
roche yes i absolutely did not know that because they're the same company
1:41:34
obviously so it's just it's just nutella is that that's pretty cool [Laughter]
1:41:41
would you know the other thing is the listening the phrase exploding movements obviously the main
1:41:46
ingredient in that stuff is like palm oil or whatever to thinking it out now like presumably originally it wasn't
1:41:51
because it would have been made by you know some italian grandma or something um but like if you go to like
1:41:58
any supermarket in europe you can almost always get um organic like own brand
1:42:04
nutella and it's literally just like hazelnut and cocoa powder and sugar
1:42:10
and it's the most rich thing in the world because it's basically just nut oil and [ __ ]
1:42:15
sugar and cocoa and it's the best thing ever