Web3 Legal Earthquake: The Tornado Cash Precedent Everyone's Miss!

Intro

The crypto industry is teetering on the brink of a covert seismic shift. During the last bull run, 'Decentralized' was merely a buzzword. Everyone in the space was busy pumping and building cult-like followings out of thin air. It was the era of complicit silence.

However, the Tornado Cash case has just set a precedent, a precedent that finally brings a touch of regulatory clarity. It introduces a new mantra for builders in the space - RESPONSIBILITY.

Let’s dig into it!

The Big Precedent

Aug 2023, the United States Department of Justice published this indictment from the Tornado Cash‘s developers Roman Storm and Roman Semenov trial. And successfully, the U.S. Attorney's Office, Southern District of New York published this Press Release. The legal resolution from the Tornado Cash dilemma can drastically change the space as we know it.

Tornado cash developers, for the first time in the dapp ecosystem history, are charged for Helping Hackers Launder $1B, Including Infamous North Korean Attacks, not primarily because they built Tornado Cash Privacy Tools, but because Tornado was un upgradable contract and even if “Ruled by a DAO” developers had the keys to update it and comply to the requests of the OFAC. But they didn’t update it to block terrorists by using the app and on the contrary they publicly said they could not actually control it.

👇 Quoting the indictment:

The defendants and Pertsev, the Netherlands third dev, recognized that they did not incorporate KYC or AML programs as required by law, and so they made misleading public statements to minimize their ownership and control of the Tornado Cash service, and their operation of the Tornado Cash service as a business from which they expected to generate substantial profits,"

This recognition included a message that Storm sent Semenov saying they "should never ... talk as if we own tornado,".

👉 Full Story in my article “How Crypto Privacy Battles Will Redefine Your Tomorrow”

Why is it important?

The Tornado Cash precedent highlights the future of US law in Decentralized Application cases, taking advantage of teams who have upgradable control over the applications without recognizing DAOs as a thing.

With this precedent, U.S. lawmakers can exploit the weak point of most DAOs and projects in the space - the team. They can pressure teams to make updates (if they're able) without the consent of the DAO, undermining the authority of most DAOs. This is particularly true for DAOs that are essentially off-chain forums with snapshot voting, where teams promise to relinquish control to holders. This situation reveals that real control has always resided with the teams.

In this article, I’m going to explain why upgradability in smart contracts makes dapps apps and speculate about the implications for lawmakers in the near future.

Contracts Upgradability Debate

Since the invention of Ethereum, Smart Contract development has evolved, experimenting with different structures and standards.

In the early days developers got smart contracts as not mutable executable code on Ethereum, like persistent script. But in 2018 applications started to idea to explore upgradability in Smart Contract. Most applications and teams reacted positively to the upgradable idea, giving good actors the possibility to solve bugs and sometimes save people money.

Protocol upgradability at first glance is a way to also update existing applications without the need to ask users to move their money and spend on gas fees.

From a developer perspective, it is a strong win-win, but we’re in crypto. This is not a regulated Web2 environment, we’re in the unregulated Wild West of Web3, with 90% of Off-Shore companies and anons behind our money flow. In this wild west “Protocol Neutrality” is fundamental and power to teams is a huge point of failure, EVEN if they’re trying as much as possible to act in goodwill. There is no shared goodwill here!

Protocol Neutrality

Protocol Neutrality is the fundamental structure that a Smart Contract should respect to be called a Decentralized Application and live in the Ethereum Network resilient from off-chain attackers and securing its utility from bad actors, politics, rogpulls and censorship.

To explain as easily as possible the points of failure of the concept of Upgradable Contracts, I take as an example the most decentralized applications in the space, Uniswap V1

🦄 Uniswap V1 has 0 upgradable features and is the simplest AMM existing in the space:

  • All Liquidity Pools (LP) are simple ERC20 - ETH

  • No need for complex routings between LP, the maximum routing possible is ERC20 A > ETH > ERC20 B

  • A simple forkable interface is needed with minimum off-chain computation to route tokens.

  • It doesn’t depend on any other protocols to work, and it does not rely to oracles or any external source of data to work.

👉 Github Repo

👉 Etherscan

By this contract What you see is what you get:

  • Users can predict 100% what happen by using it or storing their money on it

  • Nobody can change the rules

  • Nobody can steal LP money

  • Nobody can stop it from working

  • Nobody can stop anyone from using it

  • Nobody is responsible for what happened in the contract

The only point of failure and censorship attack can be done by the entity that hosts the interface to help users interact with the Uniswap V1 contract, but in this specific case:

  • Anyone can fork the code and host it locally without the need for complex computational resources.

  • Even if states are able to censor public RPCs users can set up an Ethereum Node for ~$100 and use the app locally.

Uniswap V1 is the best example in the space of Protocol Neutrality, it’s smart contracts are free from countries, policies, or bad actor control.

This setup let Uniswap Labs act as a good player in the space, both legally and technology, and also this setup let Uniswap, especially the V2, the protocol with more applications built on top.

👉 I wrote an interesting Paper back in 2020 about the “Responsible DeFi Manifesto,” underlining the risks of building on top of upgradable applications. At the time, the buzz “DeFi Lego” was very popular, and naive people and builders lost billions on it.

In fact, Uniswap Labs always acted super smart in this direction, understanding the implications of Protocol Neutrality since the beginning and approaching every innovation via deploying new versions and letting users decide what version to use instead of updating the rules on top of them.

Hayden Adams Uniswap Labs Founder
Hayden Adams Uniswap Labs Founder

Points Of Failure

When a team decides not to respect “Protocol Neutrality” by leaving points of failure like Oracles or Upgradability, the team obtains an amount of power on the money of its users.

Until now the space never had a legal precedent to say “Power = Responsibility.”

With the Tornado Cash precedent, from now on, IF a team has the keys to make upgrades, they MUST follow what regulators want and have full responsibility for what happens in their application.

Upgradable contracts give countries a fundamental point of attack, the team members, and the companies who host the privilege of the applications. It is safe to say to any reader to DYOR and pay attention to using any upgradable contract from now on.

DAO Cults

The DAO’s “Decentralized Autonomous Organizations” concept, by definition, means an organization that is Decentralized (On-chain) and Autonomous (Must work independently from external actors).

In the crypto space, this concept has largely failed, turning the idea of DAOs into a mere lure to attract investors and create tokens. Teams often market DAOs as a method of outsourcing decision-making, but in reality, they retain control over app updates, treasury, and assets.

While DAOs began as an innovative concept, they have now devolved into a cult-like phenomenon centered around community decision-making, which in reality, is virtually non-existent. The stark truth is that no existing DAOs are genuinely decentralized or autonomous.

Here are the common DAO models:

Snapshot Model: Trust-based Governance

A commonly adopted governance model for DAOs in Ethereum is the "snapshot" model, where a small group of entrepreneurs host a multisig wallet and promise to adhere to the results of off-chain voting. This form of governance places full trust in the team to follow the community's decisions. However, it introduces a significant risk of failure as it relies heavily on human decision-making and has no legal enforcement mechanisms to ensure that the team acts in the community's best interest.

Moreover, the snapshot model of governance is akin to an app being controlled by a proprietary off-shore server of a company, promising to act as users decide on the platform.

Castle Model: Upgradeable Features Governance

Another governance model is the "castle" model, which includes upgradeable features in the protocol that only activate if a certain voting threshold is met in a proposal.

At first glance, this approach seems to foster flexibility and adaptability within the protocol. However, permitting upgradable features, regardless of who possesses the upgradeability rights (team, delegators, or holders), introduces a significant point of failure and potential vulnerability for the entire protocol.

This is contrary to one of the fundamental principles of blockchain, which is that using a protocol or contract should only involve interacting with the contract as it currently stands. Allowing functionality upgrades in this approach enables the modification of usage terms after interaction, leading to a total loss of trust in the contract as written.

Risks of Current Governance Systems

Besides being expensive to maintain, these systems often fail to generate added value for investors and the team outside of an excuse to create a token. Particularly with upgradable systems, they risk undermining the protocol's credibility, potentially leading to its downfall.

The DAO idea currently is just an expensive failure, from a way to explore how to get people involved to an excuse to have a token and hoping to have fewer legal consequences in upgradable contracts, but this is not how the law works.

DAO Failure

Most founders who have experience with DAOs agree that the best governance approach is to minimize governance or to have no governance at all for the future of the decentralized applications they've built.

👇 An example of this claim is from Brently.eth, former ENS:

When it comes to protocol governance, DAOs should not be a way to "get people involved," with low value activity done inefficiently with a DAO to show it's "active" or "engaging the community," but the opposite: they should do the minimum required for the protocol and no more, with the goal of eliminating themselves eventually if possible. I call this "DAO minimalism".

Web3 protocol governance should be the exception rather than the norm. The whole point of web3 is to get rid of arbitrary gatekeepers. Web3 is about protocols that just work exactly as expected. Thus, the best web3 protocol governance DAO is the one that doesn't exist because the protocol is self-running and has nothing to govern….

…The worst protocol governance DAO is constantly asking its token holders to vote on things that didn't require a DAO to accomplish.

The least bad protocol governance DAO is active only occasionally for important things that require the DAO.

The best protocol governance DAO is one that doesn't exist.

the end

👉 Entire Post on 𝕏

Furthermore, all of the governance models place the team in a vulnerable position as they become legally responsible for managing funds and determining the protocol's future direction.

This increased responsibility makes them an easy target for regulators in various jurisdictions to exert control over. The Tornado Cash dilemma sets a legal precedent for regulators to sue DAO actors and managers.

Unlike token holders, regulators understand that no real power is vested in these DAO tokens.

Ecosystems Cults

The real issue in the crypto space is that during every bull market, people become blinded by excitement and the pressure to maximize gains before the cycle dumps. They often overlook the importance of decentralization, intrinsic value, and legal considerations. Instead, they create, share, and pump cult-like investments for short-term gains.

  • In 2016-17, with White Papers and ICOs

  • In 2020 happened with NFT-Art

To read the full story of the rise and fall of the NFT Art bubble, I wrote about this in one of my early articles:

  • In 2021 happened with Airdrops, DAOs and Memes

I recall the discussions in the space around 2019-2020, which were largely centered on the existing technology and the projects associated with developing new tech. However, as the bull run began attracting a broader audience, NFTs and meme projects with no technological foundation or plans started to garner most of the attention. Investors realized that due to the pump-and-dump nature of Bitcoin that fuels price volatility, along with regulatory uncertainty, it's not lucrative to invest in long-term projects. Instead, short-term cult-like investments became more profitable.

I discussed deeply this concept in this article:

More than ever before even now, the crypto market is full of new ways to sell to people always the same ponzinomic, but with different names, as an example the friend.tech trend at the moment is the same pasta over and over again as I explained in this tweet:

👉 𝐀𝐟𝐭𝐞𝐫 𝐚 𝐦𝐨𝐧𝐭𝐡 𝐰𝐢𝐭𝐡 𝐟𝐫𝐢𝐞𝐧𝐝.𝐭𝐞𝐜𝐡, 𝐈 𝐩𝐫𝐞𝐝𝐢𝐜𝐭 𝐚 𝐫𝐨𝐜𝐤𝐲 𝐩𝐚𝐭𝐡 𝐚𝐡𝐞𝐚𝐝.

Why have we reached this innovation black hole?

Regulatory uncertainty is one of the key factors. This is largely due to countries' inability to assign real responsibility to teams who maintain control of an application that purports to be decentralized, or to those who promote DAOs as decentralized entities, or even to those who launch unbacked tokens/NFTs with the sole intention of attracting investments from friends and family, only to dump them later.

Web2 or Web3?

Long story short of this huge article:

Since I've been in the space, I've advocated for the idea that if smart contracts are upgradable, regardless of whether it's via a DAO (which is even worse in this case), such applications should not be considered web3 but rather web2.

This is because if a small group of people can exert power over others transacting within an application on Ethereum, they must adhere to their country's laws and bear full responsibility for what happens in their app.

From my perspective, a situation like Tornado Cash was bound to occur sooner or later, which is why I've always promoted the idea of DAOs managing ONLY Application Earnings, with fixed executable via vote choices that can operate even without voting, or better yet, NO DAO at all, but for sure NO UPGRADABILITY!

Following the Tornado Cash dilemma, countries now have the opportunity to clarify, through regulations, the responsibilities of crypto apps based on the special powers that teams or small groups of individuals possess.

The clear lawmakers position is: “If you can update the app to comply YOU MUST and you’re responsible for what happen in your contracts if you don’t”

This will drive technological advancement by encouraging builders to create truly Decentralized Applications like Uniswap V1 or Centralized Applications, without misleading consumers about their level of decentralization.

Clear Regulations and Long Term Success

The Tornado Cash situation looks like an issue (for sure for a lot of companies in the space who taken advantages till now of “no regulations”) but in the long run is the most succesful precedent in the ecosystem to let builders back to build!

The Tornado Cash situation marks a significant stride towards regulatory clarity, definitively outlining the responsibilities that crypto teams bear for their applications.

I'm eagerly anticipating the growth and exploration of killer apps and use cases in this new industry, following this latest dark chapter of Ponzi-like schemes.

In the crypto space, we must always remember that if we continue to build Ponzi schemes and cult-like followings without real utility, the bubble will inevitably burst, leaving us all rekt.

🔮 Follow me at @baseToschi on 𝕏

Subscribe to Based Toschi
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.