Two booming DeFi protocols published similar code. Was it copied? – DL News

  • Riding the hype surrounding EigenLayer, liquid restaking protocols are growing at a rapid clip.
  • Code published by two liquid restaking protocols, Renzo and Kelp DAO, looks similar.
  • One of the protocols told DL News that its code was copied.

Nearly-identical lines of code published by two protocols that sit atop Ethereum’s frothy liquid restaking business have raised questions about their authorship amid a long-running debate about crypto’s culture of open-source development.

A DL News analysis and interviews with developers not involved with the situation found identical “comments” that are nestled in the two protocols’ code — a kind of note-to-self left by developers — that suggest one team copied it from the other.

The code, published by competitors Renzo and Kelp DAO, enables so-called native restaking.

The feature lets users circumvent the deposit caps that limit access to EigenLayer, the multibillion-dollar protocol that pioneered restaking on Ethereum.

Stay ahead of the game with our weekly newsletters

It’s a heady time for the liquid restaking business, and protocols that leverage EigenLayer are riding the hype. Several have debuted in the past couple of weeks, and older protocols, such as Renzo, Ether.Fi and Kelp DAO, are growing at a rapid clip.

Renzo has offered native restaking since December, while Kelp DAO teased its own native restaking feature last week.

Not open-sourced yet

“Kelp DAO’s native restaking solution is not live and final code repositories are not open-sourced yet,” a Kelp DAO spokesperson said in an emailed statement.

“Several intermediate versions of the code are used for testing/R&D before mainnet launch. Developers should use the final code base deployed on mainnet as a reference.”

Join the community to get our latest stories and updates

Kelp did not respond to a request to comment further on the similarities.

Meanwhile, Renzo chief technology officer James Poole told DL News that Renzo code was protected by a licence that prohibits competitors from using it “in production.”

“There’s no doubt that sections of Renzo’s code was copy-pasted into Stader/Kelp DAO’s source code,” Poole said.

“If there was any question about the provenance of our code base, we would be happy to share our full GitHub repository with a third party for review purposes.”

Comments and timestamps

The suspect code was published on GitHub, an online platform that lets software developers create, store, and share their work.

Time stamps on GitHub show that some of Kelp DAO’s native restaking code was added in January, several weeks after similar code was published by Renzo.

But developers can back-date their additions. Furthermore, Renzo’s code was, somewhat unusually, added in a couple massive chunks, while that of Kelp DAO shows steady, “organic” growth, according to the developers who spoke to DL News.

That’s because Renzo developed its software in a private repository, Poole said.

“Many projects in the space follow the same model for competitive and optical reasons,” he said. “Developing code can be a messy process.”

Given the limits of publicly available data and the ease with which some GitHub data can be falsified, it is difficult to prove who copied whom, Molly White, a software engineer and affiliate at Harvard’s Berkman Klein Center for Internet & Society, told DL News.

But an audit of Renzo code published in December by crypto security firm Halborn suggests Renzo did not backdate its additions, White said.

“The Halborn audit and the verifiable timing of it does make me lean much more strongly towards Kelp taking from Renzo rather than vice versa,” she said.

Kelp did not respond to a request for comment regarding White’s conclusion.

Like Uniswap v4, Renzo’s code is covered by a Business Source License, which protects the code in question from being used and profited from by others for a certain period of time.

But that shouldn’t prohibit its use for testing purposes, according to Moish Peltz, an intellectual property lawyer at New York law firm Falcon Rappaport & Berkman.

“My reading of BSL is that it allows non-production use,” he told DL News. “But the specifics would depend on the actual code at issue.”

Code for Kelp DAO’s native staking feature is protected by the more permissive GNU General Public License, or GPL, which allows for competitors’ commercial use so long as their copy also uses GPL or a similar licence.

The open source debate

It’s the latest example of an issue that has bedevilled an industry that extols open-source development: to what degree should projects borrow or use one another’s code, or tolerate when a direct competitor does so?

‘If you’re just forking to rug pull or to make a quick buck, then that will probably cause an argument. And you’re an asshole.’

Copying or borrowing another project’s code is generally encouraged in crypto, according to Matias Nisenson, CEO of DeFi Wonderland, a developer collective.

“It’s all about the value you’re providing to the ecosystem and to the original developers,” he said. “If you’re just forking to rug pull or to make a quick buck, then that will probably cause an argument. And you’re an asshole.”

But developers who copy others’ code in good faith, believing they can improve upon the original developers’ work, are often celebrated, so long as they respect the licences that govern how the code can be used, he continued.

There are myriad examples in action: Reflexer, the team behind the experimental RAI and HAI stablecoins, encourages forks. The Spark protocol copied code from lending protocol Aave and now sends Aave a portion of its revenue.

“It’s always welcomed to first check with the devs and see how they feel about your ideas,” Nisenson said.

“The opposite scenario could also be true, that someone wants to add value to an ecosystem and the original developers are not open to their ideas, so you fork it and build your vision. That’s fair game.”

Nevertheless, crypto’s borrow-as-you-like ethos occasionally causes friction. The issue flared up several times just last year.

Open source advocates criticised DeFi titan Uniswap for announcing a new iteration of its decentralised exchange under a Business Source License, putting a four-year hold on its commercial use by competitors.

Executives at crypto credit protocol Maple Finance complained that Circle used their code without attribution. Circle told DL News at the time that it hadn’t copied Maple code.

And Stader Labs, the parent company behind Kelp DAO, defended itself against accusations its liquid staking protocol was a “fork,” or copy, of competitor Rocket Pool.

Stader said the code in question was just a fraction of a much larger, Stader-built product.

“Incorporation of open source elements is a very common practice in software development, and even more so within the open source blockchain ecosystem,” Stader wrote in a blog post.

Aleks Gilbert is DL News’ New York DeFi correspondent. Have a tip? Contact him at aleks@dlnews.com.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *