licensing for NFTs; science of blockchains, DeFi security
1. *New* resource: ‘Can’t be evil’ licenses, an easier way for creators to license NFTs
Miles Jennings et al
Two decades ago, copyright licensing regimes were overly restrictive for many creators, and didn’t keep pace with what the internet and then-new digital technologies made possible: sharing, remixing, adapting, extending, reusing. Until Creative Commons (CC) released free, public licenses with different levels of permissions granted by the original creators or copyright holders… which helped unlock tremendous shared culture and knowledge production.
Today, we’re in a similar moment with NFTs: Copyright vulnerabilities have led to significant confusion around NFT licenses and a number of legal problems. Many NFT projects omit licenses altogether, or draft licenses with terms that create more ambiguity than they resolve. And not every creator chooses to go CC0… So how do NFT creators then protect (or release) their intellectual property rights? How can NFT holders better understand their baseline rights? And how can more creators and NFT projects unleash the creative and economic potential of their projects?
To help address this, we released a new set of “Can’t Be Evil” licenses for NFTs, inspired by the CC approach — where creators can choose from six tiers that grant different types of rights with different degrees of permissiveness. Since most early-stage projects don’t have access to legal resources, we worked with some of the top web3 IP lawyers to design the licenses — which are free, forkable, and easy for creators to incorporate (on-chain!) into their projects:
2. Field notes: Science of Blockchain Conference
with Anne Brandes, Elena Burger, Valeria Nikolaenko, Carra Wu, Guy Wuollet
The Science of Blockchain Conference (SBC) focuses on technical innovations in the blockchain ecosystem, and brings together researchers and practitioners working in the space across cryptography, secure computing, distributed systems, decentralized protocol development, formal methods, empirical analysis, crypto-economics, economic risk analysis, and more. The event is co-chaired by Stanford professor (and a16z crypto senior research advisor) Dan Boneh; a16z crypto head of research Tim Roughgarden was also on the program committee and gave an invited talk — on the paper we shared with readers, in our last newsletter (here).
Here’s a quick mix of some of our team’s field notes/ links/ themes from SBC ’22, in no particular order:
Peiyao Sheng on an analysis of different blockchain protocols, figuring out which have better forensic support that helps detect a validator’s misbehavior with evidence (paper)
Pratyush Mishra’s talk on arkworks, a Rust ecosystem for zkSNARKs that’s used widely in many crypto project implementations (GitHub)
Srivatsan Sridhar on changing the download rule in longest chain consensus in order to mitigate bandwidth congestion during spamming attacks on the network (paper)
Ethereum cofounder Vitalik Buterin on responding to — and surviving — 51% attacks (attendee tweet with slides)
David Tse on reusing Bitcoin hash power to enhance the security of PoS chains (paper)
John Adler’s talk on accountability — in this case, the ability to identify and punish attackers — in PoS systems (workshop abstract)
Phil Daian on the evolution of the maximum extractable value (MEV) “dark forest”, covering everything from the frontrunning problem’s theoretical outline, to its initial identification in his Flash Boys 2.0 paper, to the emergence of the MEV research organization Flashbots, to present-day considerations relating to transaction censorship resistance and creating a robust builder and proposer market for transaction bundles post-Merge (workshop abstract / slides)
A theme: “asymmetric and subjective trust assumptions (not all nodes are equally trusted, not all nodes trust equally) and view-based protocols (nodes interpret their view of the state locally, and eventually a view-merge determines canonical DAG aka directed acyclic graphs, fork choice, etc.)” [a related paper]
3. Field notes on DeFi Security
A number of security researchers and practitioners gathered at the first annual DeFi Security Summit at Stanford last weekend (preceding SBC ’22) to discuss reflections on past security incidents and secure development process, to safeguards such as bug bounties and insurance.
Some quick notes on themes, with links to talks:
Kurt Barry, Jared Flatow, and storming0x explained their secure smart contract development practice at MakerDAO, Compound, and Yearn, respectively. A common theme was the Swiss cheese model, which layers together various complementary security measures.
Christoph Michel discussed the evolution of price manipulation attacks (with an interesting CTF challenge as a bonus!); and Yoav Weiss explained various bridge exploits. Mitchell Amador preached the importance of strong incentives for getting more security talent to keep this space safe.
Another theme was setting correct expectations for auditing practices. Common messages from auditors were that instead of “audits”, they should really be called “time-boxed security assessment”; as well as the observation that auditing engagements “are more alignment rather than liability”.
Developers expressed concerns about common auditing weaknesses such as long lead times and insufficient incentives to secure codebases. Sherlock proposed an interesting approach that could address these issues by combining the effectiveness of audit contests and legacy audits to get the “best of both” worlds.
view the agenda (with links to some talks)
--Sonal Chokshi, Robert Hackett, Stephanie Zinn, Tim Sullivan, and a16z crypto team
You’re receiving this newsletter since you signed up for it on our website(s) or elsewhere (you can opt out using the ‘unsubscribe’ link below). Please note that this newsletter is provided for informational purposes only, and should NOT be relied upon as legal, business, investment, or tax advice. Furthermore, the content is not directed at nor intended for use by any investors or prospective investors in any a16z funds. This newsletter may link to other websites or other information obtained from third-party sources, but a16z has not independently verified nor makes any representations about the current and enduring accuracy of such information. Please see a16z.com/disclosures for additional important details, including link to list of investments.