We are going to argue a non-consensus position here: web3 users are getting too much assistance and protection and the industry should work less on user safety. In our view the present situation gives too much false hope and leads people to make bad decisions.
This does not apply to every flavour of "user safety" you can imagine. And we certainly do not think most web3 user experiences are appropriately safe. But we want to make the case that, in some ways, too much talk about and work on user safety actively makes things worse.
Recently someone executed a big swap on Aave and lost almost all of the $50 million-ish value they started with . Aave is a kind of automated market-making protocol that mechanically executes trades based on user input. And in this case someone sold tokens worth about $50 million and got back tokens worth nearly zero.
There was no rug pull. And there was no scam. Automated market makers (AMMs) work by storing assets inside and using those assets to programmatically make prices for users. If your proposed trade needs to get token X out of the AMM's token holdings the most of X you can ever get from the AMM is what is inside the AMM when you trade. If the value of whatever you are selling wildly exceeds the amount of X within the AMM then you are going to lose money. This is how AMMs work.
The A is for automated. It is going to give you a quote. Yes that quote might suck. Automated. Thee is a formula inside and you get offered whatever price that formula gives. If you ask an automated system to do something that will hurt you it can turn an automated market maker into an adversary market maker. But this is fundamentally your fault because you (are supposed to!) know how the automated thing works.
Yes many front ends display warnings about this. Yes people monitor "slippage" in many contexts. But this situation is not really about slippage. That word conveys the idea the price is moving a little, inadvertently, and the "right" answer is for as little movement as possible.
But if you want to sell a boat load of one thing in exchange for something else and the tool you decide to use cannot provide you much of that something else for reasons you are supposed to understand at the outset the issue is not captured by the idea of "slippage."
This is user error in much the same way you can slam a nail into a piece of word by whacking it repeatedly with a screwdriver. But you should use a hammer. Is a screwdriver a bad hammer? Maybe. "Why is the wall all marked up around that picture you just hung?" "I had a bad hammer and it slipped" is not really an honest answer if what you mean is "I repurposed some random object to bang the nails in and kept marking the well." User error.
Work in the sense of the first law of thermodynamics is not the same as work in the sense of something useful for an economic system. The screwdriver approach probably generates more heat but nobody would suggest more useful work was done. Further, screwdriver marks up the wall creating more mess to clean up later. Perpetually promising people you will make them safe while consistently failing to do so can cause more "waste heat" to escape the system than just the failed safety efforts.
The Response
If you want "fix" problems like the Aave trade above you need some combination of a gating mechanism that can block "bad" trades and a mechanism to reverse trades after the fact. Making DeFi reversible breaks just about everything. And censoring "bad" trades similarly raises a lot of questions. Hybrid approaches mix the problems.
This is all kind of obvious. If you want self-custody and unilateral control over your assets you do not want your transactions to be reversible or trading activity gated by external processes. Nobody seems to think Aave should have actually prevented the trade. And everyone acknowledges the front end issued a warning and the user, whoever they are, "accepted the quote" before transacting.
Following this incident many people talked about how there need to be better ways to prevent this. But of course nobody wants to add, say, a manual committee that can block AMM trades. And there is near-zero support for reversible transactions in general.
Everyone wants their own bad transactions reversed. But everyone also acknowledges a market in which anyone can undo a transaction afterwards is not much of a market. Without finality and risk transfer markets serve no purpose. Realizing losses on some trades is the price of liquidity.
History
But why do we argue users are too coddled? It is time to review a bit of history. In 2022 Celsius and FTX both blew up and took a lot of user assets with them.
Both of these were high-profile projects with billions in user assets and extremely visible CEOs. They held events, did podcasts, hired celebrities for advertisements and spoke about regulation and compliance a lot.
Both were also frauds of similar sorts. Both companies ended up in bankruptcy court. Both CEOs are currently in prison.
Many people claimed they could not possibly have known these were frauds because famous people endorsed them and they advertised widely. How could anyone so high profile be a scammer? Right.
If you loose money in something and then claim you are not responsible for the losses because how could you have possibly known a product with paid celebrity endorsements might be fraud...you do not need more protection. You need more reality. Losses are probably good for you overall.
Does having famous actors and athletes in your advertisements mean you are surely a fraud? Of course not. Does it mean they are legit? Also of course not. All it means is you were able to reach a deal with those people's agents to pay them to appear in your advertisements.
Anyone who believes it conveys any stronger sort of stamp of approval than that is not going to benefit longer term from more protection. More protection just ensures when they eventually have a problem it will be worse. If it looks too good to be true and all that. Users of these and other platforms were effectively scammed in traditional ways – appeals to authority, appearance of wealth, playing on users resentment for "the rich" or "the system" etc. – and predictably got screwed.
False Hope
You do not help these people by giving them the mistaken belief some newfangled technology solution will prevent their next self-inflicted wound. Most people do not like being told what to do. And they especially do not like being told they cannot do something after they have decided to try to do that thing. Most people also do not like admitting mistakes.
These are well known features of humans. But playing on someone's refusal to admit they make mistakes by blaming software that behaved exactly as it was supposed to and promising to improve "safety" going forward is scamming those people as much as, say, Alex Mashinsky's claims Celsius paid higher yields because banks were stealing your yield. Celsius was a fraud and so are claims AMMs can be made "safe" in the sense that users will never experience large losses and regret after using them.
It is worth retelling an anecdote from a major bank trading floor about two decades ago. Everyone in the story is a professional at a top-tier financial services business trading derivatives wholesale every day for years. A salesperson agrees details for some trade with a client and once the trades are booked there is an unexpected loss. Upon investigation some of details are just wrong. The prices make no sense, the risks are wrong. Something, somewhere, went haywire.
This is concerning because many people at this large bank depend on that software every day. A few people on the trading desk look it over and reprice everything and it is not a system problem. The software seems fine, giving identical correct answers at least on their computers. How did the details get agreed so wrong? The salesperson is equally flummoxed. So now everyone walks from the trader's desks over to the salesperson's desk. The problem is obvious immediately. A setting – the current date for pricing – has been changed from today to a random date in the future. When pricing the trade the computer thinks it is not today but some other day. So all the calculations are with respect to some random future time and the resulting numbers are wrong.
Ok. So the reason the computer gave "wrong" numbers is now clear. The following exchange then occurs:
Salesperson - How was I supposed to know the date changed?
Trader - It is literally flashing in red at the top right of the window.
Salesperson - I did not do that on purpose.
Trader - I believe you. Not sure what else we can do though.
Sales manager - Install a metal fist under his desk and punch him if he changes this again.
At this point someone goes back to the client and resolves the error and everyone moves on. This was an honest mistake – the client did not trade on mistaken details and the bad numbers were agreed post-trade for reasons that every options trader already knows and nobody else really cares about – and it was easy to fix.
But the errant field was literally flashing in red while all the other text was black and not flashing. Everyone involved was an experienced professional. The system was not new. How much protection do you need?
As a brief aside for people without derivatives trading experience: it is completely normal for a client to ask what something will be worth in a week or a month if X happens. Users need the ability to change the date easily. And users, including everyone in the story, knows completely removing the field is not an option.
Safety in Low Expectations
Promising users exceptionally safe systems makes them lazy. Everyone knows people are more likely to make mistakes when they are more relaxed. When they assume they know what is going on. When their guard is down.
Promising people you will work towards a degree of safety you will not achieve is doing those people a disservice. Celsius, FTX and many others prospered for a while because they sold a story users wanted to believe. But reassuring people it was not their fault because they could not possibly be expected to understand? That is both insulting and counterproductive.
We think a lot of web3 users that lose money in scams and due to other mistakes should be forced to accept more responsibility. The term "victim blaming" is misplaced here. That term relates blameless victims. Many – not all, we said "a lot" – web3 users are in on it. Celsius claimed to generate legal and compliant yields many percentage points above the regulated financial system by undertaking all sorts of nebulously described strategies and waving their hands a lot. "Banks are stealing your yield and we do not do that" is a transparently suspicious sales pitch. Doubly so when you explain you do not need all the sames licenses and regulatory oversight as the traditional financial system. And because you do not need all of that machinery you have lower compliance costs and can pay more yield.
In that case users are at least somewhat in on it. "I am going to use this unregulated service because the lack of regulation lowers costs so I get more yield" is not a blameless strategy! Such a person may well be victim of fraud but they are also partially to blame. Same with FTX users. Yes they were lied to but the whole thing was sufficiently suspicious it is unfair to equate FTX users to pedestrians that are randomly struck by a vehicle. Yes SBF is more responsible for FTX's fraud, and Alex Mashinsky is more responsible or Celsius' fraud, than those platform's users. But blame is shared. If you are hit by a bus, or threatened with a weapon and robbed, while waiting on the pavement for a light to change it is 0% your fault. This is decidedly not what happened with FTX and Celsius. We are not saying it is entirely on the user. Or even that all users are somewhat to blame. But in general this is not a blameless victim situation.
Similarly, if you make a bad trade on an AMM you need to own the loss. People who believed Do Kwon had discovered alchemy with Terra need to own those losses too.
If a used car dealer lies to you then maybe you deserve a refund or free service or something. But if you just bought an incredibly cheap vehicle "as is" that is, and should be, on you. Local laws may limit that but, again, that will not apply if a product is pitched as better because it is exempt from all those laws.
Yes, of course software should warn you if the thing you are trying to do looks reasonably-likely to be a mistake. But warnings have consequences too. Everyone knows if a warning pops up too much we either ignore it or disable it. Bad warnings are known to be harmful.
You can buy big heavy super-protective mountain- or motor-biking safety equipment. But it is uncomfortable and hot and heavy and you are not going to wear it all the time. Something simple you will actually use is safer for most people because protection only works if you use it and kit in your cupboard at home provide precisely zero impact protection .
Users should be a bit afraid. And everyone around web3 products should spend more time acknowledging this and less time waving their hands and talking about banning self-inflicted wounds. Industry efforts are too much about ease of use and comfort and false promises technology can fix everything. A bit more fear and personal responsibility would go a long way here.
