Saddle Finance - REKT
Some things are better left alone.
Why fund a fork with zero innovation?
This industry is still so young and there is so much we haven’t yet built, why spend time and money on copying an existing product without adding any value?
Fast forks are understandable when done by small teams - often anonymous developers just looking for fast cash. However, this was a heavily funded and promoted project that offered nothing new to the community.
Raise $4.2m, copy the code from Curve, and get rekt.
If you fully understand the maths behind Curve Finance, you have the power to build tools that push forward the technological progress of the human race. So why imitate?
If you don’t fully understand the maths behind Curve Finance, why imitate?
If you have enough funding to become a VC firm, you have enough cash to invest in projects that offer something new to the world. So why fund a fork?
Any investor that backed this project values profit over progress.
This includes new (and old) media companies, who took money from Saddle in exchange for promotional pieces. We know it’s hard to start a business and you have to take the work when it’s offered, but please consider your reputation...
Saddle finance devops fan, Sunil Srivatsa, was not available for comment.
The only unexplored field covered by Saddle Finance was the limitation of IP laws.
After the Saddle Finance pools were arbitraged for millions within hours of launch, the Saddle team were forced to release a formal excuse for their performance, which contained an unacceptable amount of slippage for a protocol designed to “fix the problem of slippage in DeFi”
Some of the early transactions were executed with high slippage.
Individuals may not have yielded to warnings of high slippage.
In response to some of those early transactions with high slippage, we’ve updated the front end to make high slippage warnings even more explicit.
Igor Igamberdiev released several warnings advising users to exit the Saddle Finance pools, while their founder Matt Luongo showed no sympathy for the users who lost money by using the protocol he had helped to copy.
At least three major arbs took over 7.9 BTC ($275,735) from the early liquidity providers within 6 minutes.
4.01 BTC $139,961 Jan-19-2021 04:06:54 PM +UTC
0.79 BTC $27,573 Jan-19-2021 04:08:46 PM +UTC
3.11 BTC $108,548 Jan-19-2021 04:12:37 PM +UTC
Users who deposited into Saddle Finance in the hour after their launch will never get out as much as they put in, they can only hope that the liquidity rewards are generous...
You can’t prevent apes from aping but you can at least care about the outcome.
Maybe this was all part of Saddle Finance’s marketing plan. If any publicity is good publicity, then maybe they do win, but it’s the early LPs rather than the rich VCs who pay the price for this poor promotion.
At least they went to the effort of getting a Quantstamp audit, but then what’s an audit worth if nobody reads them?
Quantstamp has performed a security review of the Saddle Finance implementation of StableSwap. It is important to note that this implementation is ported from in the Curve Finance contracts, which was used as a reference during the review. In total 14 security issues spanning across all severity levels were identified, along with a few deviations from the specification, code documentation issues and best practice issues. Due to the poor documentation we were not able to determine how the developers have derived some of the implemented formulas from the StableSwap whitepaper. Additionally, we have noticed that all tests in the current test suite use exactly 2 tokens in the pool. We strongly recommend adding more tests that use 3 or more tokens and addressing all identified issues before deploying the code in production.
The implemented relation looks different (from the original StableSwap). We are not able to understand how this relation is derived from the relation in the original StableSwap paper, mentioned at the beginning of this description.
Ben Hauser of Curve said:
The saddle codebase includes sections of the curve codebase in it's comments to explain how it works. It also says "check the curve.fi implementation" at one point when explaining something. They clearly didn’t care much for my gas optimisations, or just lacked the ability to understand why they were optimisations.
Valentin Mihov said:
In the open source world, rewriting instead of forking has certain implications. For example, if tomorrow Curve implements something new in their protocol, the rewritten system can’t just merge the changes in. They will need to spend significant time to rewrite them in their system. This is not the case for Sushi or DSD for example. This is where the difference comes imo.
Ivangbi the TG admin provided the following analogy:
"I did not copy your book, I translated it to English and added 2 pictures"
Above quotes forked from l0bsterDAO Telegram group.
Considering it took Saddle Finance six months to port the Curve code from Vyper to Solidity, the end result leaves much to be desired.
We await the stale memes of Matt Luongo and team.
The founders of Saddle Finance are closely linked to the Thesis project - creators of tBTC. veCRV holders expressed their views on the arrival of Saddle Finance by voting to reduce CRV rewards to the tBTC pool.
Saddle finance devops fan, Sunil Srivatsa, was not available for comment.
“Good artists borrow, great artists steal”
What must have sounded like the perfect quote for the imitators to include in the Saddle Finance smart contract teaches a different lesson when we turn to the original words of T.S Eliot.
Immature poets imitate; mature poets steal; bad poets deface what they take, and good poets make it into something better, or at least something different. The good poet welds his theft into a whole of feeling which is unique, utterly different than that from which it is torn.
The founders and funders of Saddle Finance are all mature enough to know better. There is plenty of opportunity to make money in this industry without copying the work of others.
This project will not replace its predecessor, but it does serve to expose the true colours of those who promoted it.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
disclaimer:
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
Radiant Capital - Rekt II
Radiant Capital gets a $53M haircut. Thought multi-sigs were safe? Think again. Radiant's "robust" 3/11 setup crumbled like a house of cards. Exploited twice in 2024, the future of Radiant looks about as bright as a black hole.
Onyx Protocol - Rekt II
Another Compound v2 fork that just can't catch a break, Onyx Protocol, has been exploited again. This time, the damage tally stands at a cool $3.8 million, siphoned off by the same high-profile vulnerability that bit them late last year.
Radiant Capital - REKT
2024 is off to a bright start... Lending protool Radiant Capital lost $4.5M, to a known bug. Keeping up with the security landscape is key, especially when dealing with forked code.