Freeze stfil user’s transferred asset address #989
Replies: 10 comments 18 replies
-
I have been closely following what’s going on with stfil protocol in the past couple days and have been quite evolved in a couple (now) community self-organized effort in response of what’s happening, so I have decent context on (1) what happened that’s shown as fact on chain, i.e smart contract activities; (2) what may or may not happened off chain, I.e: what allegedly caused protocol changes in stfil pool. I also have a lot of sympathy for the impacted teams and users, and have been working with community teams to support some impacted individuals. The following might be controversial: I personally do not think this is a good idea. The token movement was triggered by a series of signed transactions & user contract logics, it doesn’t seem to be caused by bugs in the l1 protocol or bugs in smart contract (disclaimer: I’m not suggesting l1 protocol should shift and react to smart contract bugs or not) . It will be a bad precedent to introduce censorship of FIL movement in blockchain protocol (that’s outside of the filecoin token econ protocol). Also, driving fip consensus, deploying protocol changes and network upgrades takes time. Fwiw I think it might be possible (hopefully) for the community to do an emergency upgrade for resolving some critical network consensus/security issues that severely impact network stableness and security - I don’t think this is one of those issues. There is also much unknowns to what’s effective to what the proposer want - the funds might move again to a different address during anytime from now before an upgrade, what do we do in that case? I’d like to keep brainstorming / establishing supports that could help impacted users, but I personally don’t think this proposal will be one of them. |
Beta Was this translation helpful? Give feedback.
-
I am a loyal fan of Filecoin and one of the victims. I have the following thoughts, which may seem naive
|
Beta Was this translation helpful? Give feedback.
-
As a core dev, I agree with @jennijuju's take on this: I have sympathy but intervening would set a bad precedent. Furthermore, such an intervention is unlikely to gain wide community/SP acceptance due to concerns about setting such a precedent. At the end of the day, the L1 protocol is working as correctly. I'd also like to highlight how this differs from Ethereum's "DAO Hack": The DAO Hack took advantage of a poorly understood edge-case in the EVM, arguably a bug. The Ethereum core devs intervened because the protocol itself was, arguably, at fault. In the STFIL case, the STFIL contract, multisigs, etc. all worked correctly, they just weren't secure against rubber-hose cryptonalysis. The only protection against such an attack is decentralization: you can't reveal keys you don't have. |
Beta Was this translation helpful? Give feedback.
-
Note that if the argument not to intervene is "the amounts and number of users impacted are to small to justify it" or "the stFIL situation is not a protocol-level issue, but a community one and code is law", then a whale (such as PL or FF) could also propose to take upon themselves the "burden of the incertitude" with the stFIL situation by proposing a smart contract that exchange stFIL for FIL, allowing the stFIL userbase to recover FIL in exchange for their stFIL. Effectively solving the issue without requiring a FIP. If the stFIL situation is not a "hack" or a "rug pull", this would mean the said whale would be able to swap the stFIL they would accumulate back to FIL once the stFIL smart contract is "fixed". Or is the stFIL smart contract too broken atm to allow for stFIL transfers? That doesn't seem to be the case afaik. Knowing that as per #943 more than half of the circulating supply of FIL has been vested in favor of FF and PL, 5M FIL seems like not much "stake" for them, unlike for the users who might have trusted stFIL because of how official accounts, employees and related projects seemed to promote or support stFIL and collaborated with them. Furthermore, saying this should not be solved at the L1 level is an opinion, but if the majority of the community does want to solve it at the L1 level, then so shall it be lest it leads to a hard fork anyway. (Whether that's what the community wants or not is unclear at best to me at the moment, all I can see is that the core-devs are advising against doing so while some users are asking for it.) |
Beta Was this translation helpful? Give feedback.
-
Based on public information, it appears that the funds were seized by law enforcement as part of a judicial inquiry into potential financial crimes. This is not the DAO hack, and I'm not aware of any evidence of foul play. While the STFIL team should be considered innocent until proven guilty (and I have no reason to believe that they are guilty), the proper response to a judicial seizure of funds is to seek remedy within the legal system. Weaponizing the L1 against the police is generally a bad idea and could expose other network participants to criminal liability. I am strongly against the proposal: code is code and law is law. A proposal to reimburse the affected lenders using other funds (e.g. from the mining reserve) would likely not carry the same risks and would be more palatable. Nonetheless, I likely would not support such a proposal: STFIL users were paid a premium for the risk they took, unlike the uninvolved network participants who would be diluted to make them whole. |
Beta Was this translation helpful? Give feedback.
-
Since the quantity is not large and there are not many users, could you please ask the foundation and protocol laboratory to take out a small part of yours? Your billions of fil, this 5 million fil is indeed a small amount for you. Are you willing to take it out? Funny, |
Beta Was this translation helpful? Give feedback.
-
这种傻逼提案要是实现了,FIL 价格 估计就 0.0000000000001 U了。 |
Beta Was this translation helpful? Give feedback.
-
Chiming in to concur with @jennijuju, @Stebalien, and @jsoares. I empathise with STFIL holders. I've been engaging since the beginning to help at a technical level. I'm planning to post an X thread soon, so stay tuned. However... Neither the Filecoin/FVM platform nor the STFIL contracts themselves behaved unexpectedly. Based on what's public knowledge, a state actor appears to have launched an investigation on the STFIL team, and these funds are allegedly under some form of seizure (judicial, executive?). The agency gained access to the admin multisig via the investigation by obtaining the keys of 4/6 signers (at least). They deployed a set of contract upgrades to block withdrawals for LPs, and to presumably take possession of liquid FIL in the staking pool. In my opinion, the Filecoin community/ecosystem should have no interest in antagonizing or interfering with an ongoing investigation; this is bad precedent to set, and dangerous for the entire community. Affected parties should organise to seek legal counsel. Re: comparisons with the Ethereum DAO. The latter was a self-funding mechanism, so its early hack became life-threatening to Ethereum itself. Futhermore, it exploited and exposed a rough edge of the nascent protocol (reentrancy). In fact, that was the start of arguably the most recurring smart contract development advice ("guard against reentrancy"). Conversely, STFIL is one application-space lending pool out of many, and no technical gotchas were exploited that I'm aware of. |
Beta Was this translation helpful? Give feedback.
-
Although I hold great reverence for the ideals of PL and FF, which is why I hold FIL, if this matter is not properly handled, I will be completely disappointed in Filecoin. I believe the entire Chinese community feels the same way. Over the years, the Chinese community has made tremendous contributions to Filecoin. In the early days of mining, many of us investors invested in mining equipment and tokens, only to see the prices skyrocket and get stuck. However, we still believe in the grand vision of Filecoin and continue to hold on. Later, as China's policies changed and mining was banned, many miners were investigated by the police and had their assets confiscated. Although there were some bad apples among these miners, investors were almost wiped out in this purge. Afterwards, the remaining investors and miners began moving their nodes out of the country, and those who stayed were cautious to avoid police attention. After the launch of FVM, we investors seemed to see hope, as we believed in the protection of smart contracts and no longer had to worry about miners being controlled by the police or running away with the money. Unexpectedly, even smart contracts could not protect us this time, and this smart contract was a top project strongly supported by FF officials. If we cannot trust this, what can we trust? Can we only trust Bitcoin? Only trust offline wallets? I hope FF can think from the perspective of Chinese investors and consider China's special national conditions. If all efforts cannot stop the greed of the police and their inhumane handling of cases, then a hard fork may be the best option in the worst-case scenario. The spirit of decentralization is indeed important and cool, but if it is exploited by bad people, is this decentralized technology still just? There is a Chinese saying, "Things are dead, people are alive." It means that people hope to be flexible and not dogmatic when dealing with things. I am not a technician, and I don't know how to deal with it technically for the best solution. This relies on the geniuses of FF, but I hope not to completely reject the hard fork option from the beginning, at least leaving room for discussion. Finally, I want to express my respect for FF's grand goals again, but please don't leave us ordinary followers behind on the road to achieving these grand goals. You are like Moses, leading us out of Egypt. Please lead us all the way to Canaan and don't abandon us in the wilderness. |
Beta Was this translation helpful? Give feedback.
-
This requires changing the code so that all miners can upgrade and agree. |
Beta Was this translation helpful? Give feedback.
-
FIP: #990
Currently, more than 4.5 million FIL of Stfil user assets have been transferred to “unknown addresses” - https://filfox.info/en/address/f410falck3ysg7e2k4outtq2r24ytd66cuddydnoga6a, which most likely belong to the police.
According to "customary practice" these assets will soon be sold off in the secondary market, and all investors and community members should pay attention and take action.
I propose that FF and PL should make freezing this account and formally consider how to implement it and take action!
Beta Was this translation helpful? Give feedback.
All reactions