One-character bug gives away $90m in COMP tokens – recipients can keep 10% or consider themselves doxxed Robert Leshner, founder of decentralized finance biz Compound Labs, has asked for the return of roughly $90m worth of COMP tokens after a smart contract bug distributed more of the cryptocurrency than it should have. COMP tokens get distributed on a daily basis to users of the Compound protocol. They grant holders a say in the …
^^^This. By all the unholiest of Cthulhu's mom's naked selfies on her Instagram, a thousand times this. I wish I dealt in such craptocurrencies so I, too, could collect a fat sack of cash & be forced to pay the taxes on a monster windfall. What a doofus!
Worse they could do for a non US resident/citizen who isn't subject to taxes is require the company to withhold taxes (assuming this is a US company)
If that happened, those people could get them back - they might have to hire an account to file a US tax return for them to claim the amount as a refund.
I had to do that when I consulted in Canada one year, though as it turns out it would have been cheaper if I'd let them keep it and claim that as a foreign tax credit on my US tax return.
Because just about everybody who is neither an American citizen, a Green Card holder nor otherwise resident in the USA can give them the finger with impunity, by last count that is still about six billion. And the Infernal Revenue Service is well aware of its limits is there are already repercussions about taxing "accidental Americans".
The threat is based on the fact that the three quarters of coiners that aren't scammers are scared sh*tless of big government knowing their names and stuff. This despite the fact government already knows all that. They were busy the day the wit sharpener was in town.
... because it's still considered theft.
You see what happens if a bank accidentally credits your account, and you withdraw it and refuse to return it...
https://www.money.co.uk/guides/can-you-keep-money-accidentally-paid-into-your-bank-account.htm
Similar stories exist in Russia, New Zealand, USA, India etc...
Yeah, but this wasn't accidental, was it?
"Do you want us to implement this code, dear users?" "Yes." "Oops, we got the code wrong." "So what?"
The only thing that will stop cryptocurrencies being never-ending ROFL for no-coiners is that they're a crime against humanity and hastening its extinction via climate change.
“Crying to meatspace courts deeply undermines the 'code is law' principles that DeFi was founded on. This is a slippery slope that ends with the end of DeFi." - the founder of Compound in June.
If you say "code is law", don't come crying when you get one character wrong three months later.
Even if this were theft (and that's not clear at all), the IRS doesn't care in the slightest. In fact, the law is clear that taxable income generally includes income from illegal activities; failing to declare that income and pay tax on it if owed is an additional crime atop whatever crimes were involved in the income production itself. Unlike those original crimes, the IRS *does* care, very much, about the additional crime of income tax evasion. I wouldn't worry at all about this jackass telling the IRS I made a big pile of money; I would be very concerned about the IRS (regardless) if I owed tax on it and failed to pay it.
Threatening to publish people's personal information, if that is not already in the public domain, is most likely extortion. That too is true even if keeping the coins is theft: you can't threaten to kill someone who stole from you unless they give back what they stole, nor can you threaten to do anything else to harm them that you couldn't already do legally.
So the right response here is "go ahead, make my day". As the recipient of these coins, you liquidate them and declare the proceeds as income and pay tax on it in your jurisdicion. And then you press charges against Leshner for extortion (and if he makes good on the threat, for whatever crime doxxing constitutes in your jurisdiction). With all that cash in hand, I expect you'll have no trouble changing your telephone number, address, etc. if it's a real problem.
Regardless of one's political ideology, if one's been dodging taxes for years, the best thing to do upon receipt of a giant windfall would be to report it and pay the tax owed. Otherwise you're only digging a deeper hole. The fact that the IRS knows about this particular windfall doesn't change anything, though as other posters have mentioned it just makes the obviously correct move even more obvious. And if you happen to owe back taxes for some reason, it would seem that the sudden appearance of a giant sack of cash -- somewhat less giant after paying the tax on it but still quite substantial -- would make for a good opportunity to contact your lawyer and approach the Beast about a settlement you can now afford. Guh.
80 million dollars could have bought a lot of testing, but no amount of testing is going to hit every edge case. I think adding an escrow step before letting the funds clear is probably a good idea, for any time an algorithm is automatically handing out loads of cash. Plus some run-time sanity checks, to make sure that final values are within the right orders of magnitude.
80 million dollars could have bought a lot of testing, but no amount of testing is going to hit every edge case.
Some sensible unit tests might have caught this though. For example, ones looking for fencepost errors in iterations, and testing with limit values (such as zero) are commonplace, and would almost certainly have picked it up. It's not like using the wrong comparison operator is an unheard-of mistake.
Of course, this implies that the developers would know how to write code that is unit-testable, and know what a unit test is. I would imagine the sort of changes that get put into crypto protocol updates are discrete and testable though.
It's a smart contract is it not?
A contract with a loop hole, that loop hole was unintended, but was in the contract and agreed upon by deploying it. So are the saying because its code, if there are loop holes, which they are defining as bugs, they can say it wasn't wanted? But in the real world you could execute that loop hole, as you agreed to said contact. You could take them to court over it, but it's in the agreed contract.
Or are they saying their contracts are not legally binding and there is nothing to stop them just changing things and ripping you of if they wish?
In English law, a contract needs to show consideration from both parties. A contract that gives one party everything while they give nothing back in return, would be deemed invalid, and if challenged in court would result in the court returning both parties to the state they were in before the contract and therefore all monies returned.
So...if someone were to, let's say, bung a load of money into your bank account by accident. They could ask you nicely to return it to them, or if you got a little stupid and tried to keep hold of it, take you to court and get it back. If you went total chav about it and spent the lot of it on shiny things, then the courts are likely as not to bang you away in prison for a while.
As the jurisdiction is likely America in this case, I assume the legality of the situation is in favour of whomever has the most money.
Which is fairer than the British system, whereby the legality of many situations are primarily determined by which school you went to, and the social circles you travel in.
The consideration was given when they joined the scheme. In exchange, they were offered the chance to be rich via having a say in what the scheme did.
At least some of them have now achieved that :)
They didn't write the crap code they were offered, they just said yes to it being implemented.
> In English law, a contract needs to show consideration from both parties. [...]
> So...if someone were to, let's say, bung a load of money into your bank account by accident.
I don't see the connection. If someone bungs a load of money into your bank account by accident, that's nothing to do with a contract - at least, not one that you were party to.
The financial value of any asset is defined as the present value of all future income it distributes to its owner. In most cases that's not known with certainty, but an upper bound is often known. That's the case with debt securities, and also with assets that cannot generate income. The latter would include these coins, so they have no financial value. They may have value to speculators, as ordinary goods, as pieces of art, as collectors' items, etc., but that's not financial value.
The law, in most places, recognises income from selling such crypto tokens for fiat currency, as capital gains, and taxes those accordingly.
My guess is that the main impact of this will be to nail the real-money value of these tokens to the floor, as the "supply" has suddenly been inflated.
> Otherwise, it's being reported as income to the IRS, and most of you are doxxed.
Wow.
> it would be a good idea to commit to rigorous testing and auditing prior to major code changes
Double wow.
This idiot shouldn't be in charge of a tuck shop let alone a currency or contracts. Between the scammers, the criminals and the just plain stupid is there anything redeemable about crypto?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
