Degraded Performance during SNS-1 Decentralization Sale Incident Retrospective - Tuesday, November 29, 2022

You can also argue that any kind of sale or auction should never be done in a way that everyone has to be online at the same time. Instead one can collect the requests/bids/offers over a long time up to a deadline to spread the load and then execute them after the deadline. The sybil resistance, if it’s oversubscribed, has to be solved either way because bots will show up regardless, so that is not really an argument against spreading it out over a longer time.


This!!! Please move the sales out of the NNS. It isn’t just a tech risk, it is a regulatory risk as well.


@skilesare lets say you are correct and the regulators are annoyed. Do you think this is a case where we do it and ask for forgiveness later (and move SNS to new front end) or get ahead of it? Clearly the benefit to sharing the same front end is eye balls and usage. I do see a risk the regulators don’t like it but I don’t see why we can’t shift front ends at that point. In healthcare, we cannot do things and ask for forgiveness later. Any transgression can put you in serious hot water. But for Uber, for example, it was clearly advantageous to flout the law and then say sorry later. I’m not entirely convinced being cautious is the correct path when we really do need to kickstart the SNS and the IC is lagging behind.


I’ll be posting more later, but I have had a number legal opinions that voting to launch a token sale puts people(particularly named neurons and their followers) at unnecessary risk. If you are a US citizen or want to travel to the us in the future then you need to pay very close attention to what you are participating in. Is the risk low? Probably. Is it greater than zero? Yes. Lots of people have different risk profiles, but it seems like unnecessary risk to take at all when we have so many options on the table.


why would neurons need to be involved in someone launching a token sale? no one needs to approve someone uploading an ICO contract onto ethereum for example. why is that even an option??? seems odd and unnecessary

Ok but do you mind describing what you perceive to be the worst case scenario of things going wrong?

Just trying to gauge the downside that you’re trying to avoid.

Worst case: I end up in jail as the director of ICDevs for voting to launch the sale of unregulated securities and am asked to provide records on followers of our neurons. is blocked by US boundary nodes for selling unregulated securities US citizens and US ICP holders lose access to their neurons.

The fact that these are not technically correct is irrelevant because the regulators could likely be trying to make an example and they have the power to do so.


The motivation isn’t clear at least not to me. My educated guess is Dfinity did this so the community can filter the legit projects from the shady ones and let them use the NNS as a store front to advertise their crowdfunding campaign. Those who don’t want to go through that process can take the SNS code and upload it to a regular subnet and run their funding campaign however they prefer.

1 Like

The fallacy of this assumption(to me) that the NNS will be a filter is the belief that the community can self regulate and self discern what is a utility token from what is a security and/or what is a useful new protocol vs what is a Ponzi scheme. Further, there is nothing to keep a protocol from going ponzi after approval and undoing the diligence the community attempted before hand. The public won’t care…they will just see the next Luna or FTX and point at the people that voted to approve the sale as having violated any number of SEC regulations.

The fact that the NNS is becoming a store front for advertising these things is an even more flagrant nose thumbing at the specific rules against doing that. I know we have a genuine, hardy, and justified opposition to the current status quo in the regulatory space, but there is reality to deal with and if we’re going to engage in civil disobedience we need to be very clear that that usually ends up with people in jail and significant legal fees. It is unlikely that everyone using the NNS has that level of buy in and it seems…unfair?..maybe even unethical? To drag people into that that don’t know what they are getting into.


Do we have any precedents for this type of punishment? I do know that the Ookie DAO ongoing case seems to be a litmus test

I agree with you, but as I said that’s my educated guess, maybe Dfinity had different reasons behind the choice.

I mean even if in an ideal world that were the case, the NNS should rule over the IC and that by itself is already a HUGE task, do we really want stakers to spread their limited time and mental capacity to think about matters not related to protocol governance? It seems live a violation of the single responsibility principle.

I think the DAO group got a pass, but the SEC was pretty direct in the wording they included with the opinion:

“Those participating in unregistered offerings also may be liable for violations of the securities laws. Additionally, securities exchanges providing for trading in these securities must register unless they are exempt. The purpose of the registration provisions of the federal securities laws is to ensure that investors are sold investments that include all the proper disclosures and are subject to regulatory scrutiny for investors’ protection.”

The violations of these referred security law is a felony. I think most enforcement has been in the form of fines to date. It the tornado cash guy is in jail still, although that is more of a national security issue.


Can you provide more information on this bug and what the fix was? As it brought the subnet to a halt, it sounds like the most serious one identified.

I do think one consideration of how the regulators respond is what kind of app is becoming a DAO. I don’t see the regulators freaking out about the SNS1 which is essentially a website with a poem. I don’t see the regulators freaking out about OpenChat which is a messaging app whose token allows you to pay for things like disappearing messages.

I could see the regulators freaking out about anything defi - a DEX like InfinitySwap.

I do think it is likely inevitable that the SNS will split off from the NNS because of the regulators coming down on the SNS. But if the regulators come down on the NNS, then that means it’s getting traction and getting used and the authorities are taking notice.

What I would say is that if you truly think the risk isn’t worth the squeeze you should argue why the downside case is existential. I think Dom is fighting to be relevant and wouldn’t put the IC in existential risk - unless he was convinced his actions are putting the whole project in danger.

At a minimum, Dfinity should create another SNS front end and launch pad with voting so that when the time comes it can quickly transition away from the NNS front end. That would at least be the prudent thing to do. Hope for the best but plan for the worst.

If you think even this isn’t good enough because named neuron representatives could actually go to jail, I think the job is somehow to convince Dfinity of this. As they clearly don’t believe it right now.


Is it a real problem when you don’t expect this much traffic live and if it should happen didn’t it preform as expected and you have found a couple of adjustment to improve the issue?

Alternatively, never do free or nearly free airdrops / public sales through the NNS. Projects should price their tokens so demand is sufficient for full subscription and not so low that demand overwhelms supply and leads to network congestion. I imagine that most dapps looking to raise funds will aim to do precisely that. SNS-1 was far from what will be typical in this respect. The NNS should be a place for serious fundraising, not giveaways. If tokens are priced properly, nobody will have incentive to create an army of bots to bid.


Regardless of whether or not the SNS sale is attached to the NNS (it probably shouldn’t be), the focus should be to expand the capacity of the network (and subnets) to be able to handle a large enough # of txn/s for any reasonable event, including against a potential DDOS attack of the NNS.

@icme raises a red flag here - if I were to stage an attack on the NNS, I’d upload a malicious wasm, get a few whale bad actors on board, vote (pass 3% voting threshold), and attempt to DDOS the NNS to block any votes going through afterwards until the replica/canister upgrade is made.

Maybe a bit more manageable of an attack would be to wait until a few hours before a less controversial proposal ends but named neurons haven’t voted yet (DFINITY, ICPMN, etc.) and then DDOS the NNS for just a few hours to prevent votes from being cast.

I don’t know how reasonable/manageable this is, but it might also make sense to try to decouple the ICP ledger from the NNS. It’s concerning that an attack (intentional or not) on the NNS halts IC-wide transactions (unless that’s by design :thinking:).


huh a bit strange they should stay out of it. there are so many places where things can go wrong from securities regulations in different countries, to sanctions, to KYC and AML…

I think you basically raised all of the potential issues I can see with the SNS-1 matter.

The more I look into it, the more nervous I feel, especially when SNS-1 is currently traded at a highly speculative and manipulated price in the secondary markets. Folks will get screwed up and who will they blame for their loss?

Conducting a public sale in the NNS will always be considered as an unofficial endorsement and enablement of Dfinity. And that is just a ticking bomb.

A “speculative price” for SNS-1? What exactly are they “speculating” on - that the SNS-1 poem is actually a cryptic guide to a hidden treasure (e.g., Forrest Fenn 2.0)? Where is this token even being traded?