Yearn Finance founder Andre Cronje has received quite a bit of criticism lately for introducing some smart contracts that have lost users’ money. Cronje defended himself in a blog post and explained why he felt that he should not be held responsible for those who “imitate” his test contracts.
Cronje will often place large disclaimers asking people to handle them with caution and not just get in because he built them. Given the permissionless nature of these products, little can be done to prevent this from happening. Even so, Cronje was sometimes criticized for not providing contracts on test networks where real money could not be lost. His saying “I test in prod” also disapproves some people as it seems to imply a negligent attitude towards safety.
Cronje stated that he is actually testing software in several steps. “[The statement] exists to discourage people from just using systems without investigation. That doesn’t mean I don’t test, ”he wrote.
Before a contract reaches the mainnet, it goes through a rigorous process of unit, interaction and composite tests. These ensure that every part of the contract works as intended, except for individual functions.
However, an essential part of this process is testing in production to achieve the most realistic conditions possible. He explained that the mainnet has the best possible tools and conditions that cannot easily be replicated locally. “I discovered problems on the mainnet that I never ran into locally. I was unable to replicate mainnet systems locally, and I found bugs locally that I couldn’t replicate on the mainnet,” he said.
In addition, there are many versions of existing products such as Yearn Finance that have been deployed on the mainnet without being discovered. “There are over 22 longings in the ETH mainnet. There are over 5 YFIs in the ETH mainnet, ”he added. Speaking to Cointelegraph, Cronje said the reason his main projects never got hacked was, “Ironically, because I’m testing in Prod.” With this approach, he is able to go through the problems that actually arise instead of relying on auditors to review the preproduction code. “And if people just wait for me to actually bring the product to market, everything will be fine,” he added.
One case of burns on Cronje’s smart contracts involved one of those test playgrounds that were at least a few weeks away from publication.
Cronje addressed these problems and remarked: “I do not build for speculators.” While he said he couldn’t rationalize the people who stormed into his test labs, he seems to have admitted that a more pragmatic approach might be needed. “I have more to think about,” he concluded.
In the meantime he promised not to use his known deployer address for further tests. Given the number of previous contracts that went undetected, this may be enough to prevent further unfortunate events.
The post follows another case of people losing money due to one of their contracts, an unnamed project that is often referred to in the token ticker LBI. The contract was posted on the mainnet on October 13th and immediately sparked a flood of people who put their money into it. Many called him “the new YFI”.
The price of the token fell immediately afterwards, and many stories of people lost a small fortune. A flurry of criticism against Cronje was raised by many market participants, blaming him for the loss. It’s worth noting that this drop in prices wasn’t due to any kind of malfunction, as the contracts themselves weren’t compromised.