deficorner

Think of it this way: there are 100 seats in the movie theater. That's the total supply of ZEC. 70 of the seats are taken up by people who don't mind showing their faces. That's the transparent pool, they're out in public. There are 30 seats left. Outside there's a bus with tinted windows that has 30 people in there. That's the shielded pool. They don't want anyone to know who they are, but they can come into the movie theater if they want. This bug allowed people to sneak into the shielded bus undetected through the back. But if they want to come out and enter the movie theater, there are still only 30 seats sitting empty. So exploiting the bug means that you get your people in the bus to empty out quickly (before anyone else does) and take those 30 seats, leaving the honest actors on the shielded bus stuck in the bus unable to leave. Does that make sense?

Threadguy reveals Andrew Kang told him "why are you trading?" and breaks down the 4 levels of trading "I just had Andrew Kang on and he responds to me and says why are you trading? There's mega trends that emerge every couple of years and they're the most profitable investments in the world every single time. You can compound massive amounts of wealth in a relatively small amount of time. Why are you trading?" "There's 4 levels. The worst is short term leverage trading just because you're bored. I'm in Zcash just because I'm in the mood to be in Zcash. That's the least profitable game where I make a bunch of money then give a bunch back. Second is short term but a real opportunity arises, like when Jensen said Marvell should be worth a trillion dollars. That's a good trade even though it's short term." "Third is high size spot where you see a real investment opportunity and hold it for 3-12 months. And fourth, the most economically viable, is finding an idea that's far out, believing in it, slamming it and holding it for 4 years. Like buying Robinhood at $12 because the world has changed, you see it, everybody else doesn't. That's a once a decade thing but you get fucking paid when it happens." "My goal is to eliminate level 1. I'm entering trades because I'm bored. That has got to go."

There's a lot of confusion about the recently patched Zcash bug. Here's how to actually understand it. If the bug had been exploited before the patch (very unlikely it was), it would have looked like the shielded pool getting drained. Whoever minted the counterfeit shielded ZEC would want to sell fast, before anyone else found the same bug. And remember, the market for ZEC is almost entirely transparent ZEC, not shielded. You can't dump freshly minted shielded ZEC on Binance or Coinbase without unshielding it first. The losers in that scenario are shielded holders who sit still. The transparent portion of Zcash is fully visible, so it's trivial to enforce that transparent ZEC never exceeds max supply. If you try to unshield more than the cap, you'll get stopped at the door. So if you hold transparent ZEC (anyone trading, on an exchange, or doing price discovery on ZEC) there's no marginal effect on you. The loss falls entirely on shielded holders. The team's next step is a new turnstile and a fresh shielded pool in the coming upgrade, which will confirm the shielded pool was not inflated. Think of it as taking headcount at the end of the field trip--that will make sure no extra kids snuck onto the bus. But while AI found this bug, AI will also deliver the fix for the whole category: formal verification. I'm very bullish on this as the path to harden all software across the industry. Formally verified cryptography can't have implementation bugs by construction. Right now AI is surfacing vulnerabilities across all our software--browsers, OSes, and blockchains are no exception. We're in the awkward adolescence where every wart is getting magnified and put on full display. But formally verified software is the only path forward for mission-critical software, and Zcash has put it front and center on their roadmap to deliver. Privacy is too important not to. (Dragonfly holds $ZEC and continues to. I'm personally an investor in ZODL.)

In light of today’s event, it’s a good time to revisit the below article. Losses are unavoidable given a long enough timeframe and surface, the key part is being properly compensated for the risks you’re underwriting. Admin control, oracle configuration, economics and smart contract risk all deserve their own risk pricing. Staying honest with risk, no matter how tempting it is to sweep some of them under the rug, will allow you to understand the minimum rate you should demand.