Yes, yes… you’re poor again. Did you listen to financial advice from anons again? Shame on you!
Don’t worry… we have no financial advice for you. Just three extraordinary tales of three ways to make unlikely profits in this market!
Behold…
Help us share this thread on 𝕏, where we’re once again in algoprison…
1. Bug Bounty
The surest way to make money? Work for it!
Meet Marco Croc, he earned TWO HUNDRED FIFTY THOUSAND US DOLLARS! His secret? Simply find and disclose a vulnerability in the Curve codebase.
The lead security researcher at Kupia was looking for a little extra money, so he struck upon a great idea. He saw Curve was paying out up to $250K through their bug bounty program. He pored over the codebase, and although it was tough, he was able to identify a hypothetical reentrancy attack vector.
Transferring raw ether has always been the bête noire of the EVM. It led to the DAO hack that nearly felled Ethereum from the get-go.
More recently, the pernicious problem once again roared in the form of the malfunctioning Vyper reentrancy guard. It was intended as a killer feature to prevent reentrancy attacks altogether, but the locks proved faulty and a hacker broke through the busted lock to drain four Curve pools.
In the wake of this incident, Curve stopped handling raw ether altogether as a precaution. Instead all ether was required to be wrapped as WETH and handled like any ERC-20 token.
If you’re looking to get rich by exploiting any such bug, we’d caution against this strategy. For one, it’s a lot tougher. User funds being the most intensely scrutinized attack surface, you may find it quite difficult to identify an attack vector that could drain funds into your own wallet, the Curve hack needing to exploit a bug in the compiler itself as opposed to Curve code.
In this case, had somebody tried to exploit this attack vector, user funds would have been safe, it would merely have caused some headaches and another black eye to the beleaguered Curve protocol.
If you are able to identify a bug, then, better to report it! Black hat hackers can never rest easy with the risk of law enforcement in hot pursuit. White hat hackers get fame and fortune.
Even for non-lossy bugs, Curve is willing to pay to keep its infrastructure secure.
The brilliant write-up describes the full scheme in beautiful detail, strongly recommended reading:
We learned a lot reading this, particularly the existence of the CodeIsLaw website. Very often people say “Do Your Own Research,” yet there’s too little revelation of the tools and methods people could actually use to do so. Study this article. Print it out. Frame it and put it on your wall.
2. Soft Liquidation
When the markets nuke hard and fast, usually everybody loses a lot of money.
Curve’s Llama Lend introduced soft liquidation protection, which allows borrowers a little bit more flexibility. Instead of instantly getting liquidated, it drops them into “soft liquidation” whereby their collateral gently erodes unless they repay or conditions improve.
However, in extreme downturns, it can actually work out that you make money!
Beware that this approach is quite challenging, you may find it easier to try to claim a bug bounty.
In this case, the user had an extremely small liquidation range, n=4 bands. In the sudden market move, they dipped below their liquidation zone.
Due to the fact that soft liquidation exposes your collateral to trading via an AMM, it was this trading activity itself that opened a short window of profits.
You can see the short period on the window, just a few hours at most, where the position was at a negative loss (aka a gain) before trading activity continued to erode profits.
It suggests another possible way of making money these days… consider reviewing positions for liquidation. On this front, the outstanding Chaos Labs dashboard can be your fren.
Unrelatedly, in other dashboard news…
Trying to catch the benefit of this effect can be tough, but there is a way to make money here. Arb trading soft and hard liquidations on $crvUSD and Llama Lend….
3. Profit off Errant Trades
OK, this one’s a bit challenging, but the final way to make money? Sit in an LP pool, and wait for another user to make a big mistake trading it.
That happened yesterday.