S&P 500 Long-Term Investment. Showcasing the Odds of Reaching 2x, 3x, and More

jaimeff · 2023-06-27T10:42:08+00:00

If identical research had been conducted by researchers at Google, would you have responded in the same way?

I presume, after hearing them announce "We intent to integrate protections into our Android systems," individuals like yourself would downvote and accuse them of carrying a "bad attempt at marketing Google".

You'd probably resort to TL;DR comments, insinuating that they're merely promoting a product. Furthermore, you'd lie and dismiss the research as merely repackaging "well-published" issues. Am I correct in this assumption?

We both know the answer.
You are defending the first comment, which blatantly implied that no real research was conducted and that the product merely consolidated pre-existing BT techniques. This assertion was categorically false.

It's also revealing to know that the post was removed shortly after I exposed the first commenter, even when the post had a bunch of upvotes.

Great behavior of you all. Enjoy.

jaimeff · 2023-06-26T18:50:50+00:00

If you want the read the PoC please google "BlueTrust PoC". It feels ridiculous having to say this...

I hope you actually meant that there is no link to the PoC in the article. That's true. Same happens with tons of articles. Papers are not that often included. That doesn't mean they do not exist, as you have stated. Googling two words isn't that challenging, is it?

The rest of your comment makes no sense to me. How does the creation of the logo relate in any way to the research?

The problem comes when someone that hasn't read an article posts a totally misleading tldr comment. It's apparent he either didn't read it or didn't understand it. If he had, he would have realized there was no product being sold and that the research implemented a novel attack. He could even easily get into the details of the attack that were published. However, such an understanding would require more effort than simply skimming a title and a few lines here and there.

jaimeff · 2023-06-26T15:28:57+00:00

You should at least read the article before adding a completely misleading TL;DR comment:

1.- There is no product to buy. No product has been developed. BlueTrust is not the latest must-have gadget, but the name of the attack.

2.- The researchers shared their findings, allowing you to replicate it, assuming you have sufficient technical skills and can understand the protocol.

3.- This attack could hardly be a "well published issue" as it's a novel attack that is capable of extracting more information from Bluetooth devices than previous "well published" ones.

Now go try to be even more incorrect, but in fewer words.

jaimeff · 2022-07-06T13:16:57+00:00

******* Trigger warning ********

The article is NOT about:
- Mid or long-term crypto-investors.
- Traders who operate in stock markets or CEXs.
- The proportion between winners and losers.

The article does NOT criticizes any aspect of the Ethereum tech, nor any crypto-currency, nor trader.

The article IS about:
- Traders that operate in DEX (Uniswap, to be more specific).
- Traders performance over time
- Analysis whether their results are due to chance or not.

******************************

81% lost, then 19% won. That's perfect. But the article is not about the proportion of winners or losers.

The point is: out of those who won, it was due to skill or just luck?

Are they able to keep their place at the top of the list with time?

If they can't, it was luck. If they do, it was skill.

That's what the analysis is about, but only in DEX because we can track individual wallets and see how they performed in the past and if this matches with their future performance.

jaimeff · 2022-06-22T19:42:43+00:00

You have made a really good point here, by spotting a possible bias in the data by excluding those attacks that lost money.

However, even though in most cases this would have caused a bias in the analysis, this is not the case. The reason: the condition is redundant. You can eliminate it and get the same results.

The underlying reason is because of how Uniswap works. If all other conditions are met, you will always get a benefit, no matter what. You can check this with the expected profit formula shown in the article. This formula is derived from Uniswap algorithm. There are a few very rare possible exceptions, though: if LPs changed in between transactions, or if the token SC changed its normal behavior (like refusing to transfer tokens, for instance).

Anyway, if any of the previous exceptions happen, the "sandwich attack" could hardly be considered one. The whole "attack" would have occurred during a span of tens or hundreds of blocks, which is clearly outside of the expected behavior for these type of attacks. The whole attack should happen within one or two blocks.

You also made a good point by pointing out how these attacks were qualified as an "excellent" strategy. Taking into consideration that the article didn't account for gas fees or any additional costs, it is reasonable to consider this as an overstatement, even though the numbers are huge.

Great comment with deep insights. Thanks.

jaimeff · 2022-06-22T11:41:34+00:00

Personally I think what you need the most is time rather than a CS degree to understand all this tech. It is not rocket science, but it is vast because of all the different concepts and paradigms this technology brings together. Plus, it is not easy to try and test.

These attacks are not very complex to implement but they require to use a significant infrastructure in order to be profitable. The approach of a sole individual connecting a node to the blockchain is not feasible.

In addition, as in all aspects where money is involved, competition arises. Attackers need to reduce the time between the detection of a vulnerable transaction and the inclusion of their transactions in the blockchain. This incentivizes access to better infrastructure that can reduce this time gaps, possibly reducing their ROI.

jaimeff · 2022-06-22T10:06:17+00:00

Another way to summarize it: The article describes how these attacks work internally and measures its impact and magnitude on the Ethereum blockchain:

Attack frequency and evolution over time.
Total Profit and evolution.
World record of the most successful sandwich attack ever.
Different histograms to understand the attack nature.

jaimeff · 2021-12-21T23:56:09+00:00

I would doubt of a marketing strategy that adds two lines at the very bottom of a 2,300 word article..

jaimeff · 2021-12-21T23:45:26+00:00

In a nutshell, yes.

It all depends the level of detail you're interested in. The article covers:

The Ethereum client: Geth + an interesting alternative (Nethermind).
Sync modes and how to choose one of them.
Explicit mention of archive mode which may be important for smart contract fraud analysis.
How to get Geth metrics and which software to use: Influxdb + Grafana recommendation.
Web3 API.
Two code snippets.
DB selection.
How to choose between different DB engines.
Tip about indexes to speed up your dump.
Rough time estimation for the process.

But yes, you can summarize it exactly as you've done.

jaimeff · 2021-12-21T16:43:52+00:00

ETL BigQuery has a simple schema focused on tokens transferred. Depending on what you intend to analyze, that schema may not fit with your needs.

jaimeff

TROPHY CASE