Two booming DeFi protocols published similar code. Was it copied? – DL News

Please fol­low and like us:
Pin Share

  • Rid­ing the hype sur­round­ing Eigen­Lay­er, liq­uid restak­ing pro­to­cols are grow­ing at a rapid clip.
  • Code pub­lished by two liq­uid restak­ing pro­to­cols, Ren­zo and Kelp DAO, looks similar.
  • One of the pro­to­cols told DL News that its code was copied.

Near­ly-iden­ti­cal lines of code pub­lished by two pro­to­cols that sit atop Ethereum’s frothy liq­uid restak­ing busi­ness have raised ques­tions about their author­ship amid a long-run­ning debate about crypto’s cul­ture of open-source development.

A DL News analy­sis and inter­views with devel­op­ers not involved with the sit­u­a­tion found iden­ti­cal “com­ments” that are nes­tled in the two pro­to­cols’ code — a kind of note-to-self left by devel­op­ers — that sug­gest one team copied it from the other.

The code, pub­lished by com­peti­tors Ren­zo and Kelp DAO, enables so-called native restak­ing.

The fea­ture lets users cir­cum­vent the deposit caps that lim­it access to Eigen­Lay­er, the multi­bil­lion-dol­lar pro­to­col that pio­neered restak­ing on Ethereum.

Stay ahead of the game with our week­ly newsletters

It’s a heady time for the liq­uid restak­ing busi­ness, and pro­to­cols that lever­age Eigen­Lay­er are rid­ing the hype. Sev­er­al have debuted in the past cou­ple of weeks, and old­er pro­to­cols, such as Ren­zo, Ether.Fi and Kelp DAO, are grow­ing at a rapid clip.

Ren­zo has offered native restak­ing since Decem­ber, while Kelp DAO teased its own native restak­ing fea­ture last week.

Not open-sourced yet

“Kelp DAO’s native restak­ing solu­tion is not live and final code repos­i­to­ries are not open-sourced yet,” a Kelp DAO spokesper­son said in an emailed statement.

“Sev­er­al inter­me­di­ate ver­sions of the code are used for testing/R&D before main­net launch. Devel­op­ers should use the final code base deployed on main­net as a reference.”

Join the com­mu­ni­ty to get our lat­est sto­ries and updates

Kelp did not respond to a request to com­ment fur­ther on the similarities.

Mean­while, Ren­zo chief tech­nol­o­gy offi­cer James Poole told DL News that Ren­zo code was pro­tect­ed by a licence that pro­hibits com­peti­tors from using it “in production.”

“There’s no doubt that sec­tions of Renzo’s code was copy-past­ed into Stader/Kelp DAO’s source code,” Poole said.

“If there was any ques­tion about the prove­nance of our code base, we would be hap­py to share our full GitHub repos­i­to­ry with a third par­ty for review purposes.”

Comments and timestamps

The sus­pect code was pub­lished on GitHub, an online plat­form that lets soft­ware devel­op­ers cre­ate, store, and share their work.

Time stamps on GitHub show that some of Kelp DAO’s native restak­ing code was added in Jan­u­ary, sev­er­al weeks after sim­i­lar code was pub­lished by Renzo.

But devel­op­ers can back-date their addi­tions. Fur­ther­more, Renzo’s code was, some­what unusu­al­ly, added in a cou­ple mas­sive chunks, while that of Kelp DAO shows steady, “organ­ic” growth, accord­ing to the devel­op­ers who spoke to DL News.

That’s because Ren­zo devel­oped its soft­ware in a pri­vate repos­i­to­ry, Poole said.

“Many projects in the space fol­low the same mod­el for com­pet­i­tive and opti­cal rea­sons,” he said. “Devel­op­ing code can be a messy process.”

Giv­en the lim­its of pub­licly avail­able data and the ease with which some GitHub data can be fal­si­fied, it is dif­fi­cult to prove who copied whom, Mol­ly White, a soft­ware engi­neer and affil­i­ate at Harvard’s Berk­man Klein Cen­ter for Inter­net & Soci­ety, told DL News.

But an audit of Ren­zo code pub­lished in Decem­ber by cryp­to secu­ri­ty firm Hal­born sug­gests Ren­zo did not back­date its addi­tions, White said.

“The Hal­born audit and the ver­i­fi­able tim­ing of it does make me lean much more strong­ly towards Kelp tak­ing from Ren­zo rather than vice ver­sa,” she said.

Kelp did not respond to a request for com­ment regard­ing White’s conclusion.

Like Uniswap v4, Renzo’s code is cov­ered by a Busi­ness Source License, which pro­tects the code in ques­tion from being used and prof­it­ed from by oth­ers for a cer­tain peri­od of time.

But that shouldn’t pro­hib­it its use for test­ing pur­pos­es, accord­ing to Moish Peltz, an intel­lec­tu­al prop­er­ty lawyer at New York law firm Fal­con Rap­pa­port & Berkman.

“My read­ing of BSL is that it allows non-pro­duc­tion use,” he told DL News. “But the specifics would depend on the actu­al code at issue.”

Code for Kelp DAO’s native stak­ing fea­ture is pro­tect­ed by the more per­mis­sive GNU Gen­er­al Pub­lic License, or GPL, which allows for com­peti­tors’ com­mer­cial use so long as their copy also uses GPL or a sim­i­lar licence.

The open source debate

It’s the lat­est exam­ple of an issue that has bedev­illed an indus­try that extols open-source devel­op­ment: to what degree should projects bor­row or use one another’s code, or tol­er­ate when a direct com­peti­tor does so?

‘If you’re just fork­ing to rug pull or to make a quick buck, then that will prob­a­bly cause an argu­ment. And you’re an asshole.’

Copy­ing or bor­row­ing anoth­er project’s code is gen­er­al­ly encour­aged in cryp­to, accord­ing to Matias Nisen­son, CEO of DeFi Won­der­land, a devel­op­er collective.

“It’s all about the val­ue you’re pro­vid­ing to the ecosys­tem and to the orig­i­nal devel­op­ers,” he said. “If you’re just fork­ing to rug pull or to make a quick buck, then that will prob­a­bly cause an argu­ment. And you’re an asshole.”

But devel­op­ers who copy oth­ers’ code in good faith, believ­ing they can improve upon the orig­i­nal devel­op­ers’ work, are often cel­e­brat­ed, so long as they respect the licences that gov­ern how the code can be used, he continued.

There are myr­i­ad exam­ples in action: Reflex­er, the team behind the exper­i­men­tal RAI and HAI sta­ble­coins, encour­ages forks. The Spark pro­to­col copied code from lend­ing pro­to­col Aave and now sends Aave a por­tion of its revenue.

“It’s always wel­comed to first check with the devs and see how they feel about your ideas,” Nisen­son said.

“The oppo­site sce­nario could also be true, that some­one wants to add val­ue to an ecosys­tem and the orig­i­nal devel­op­ers are not open to their ideas, so you fork it and build your vision. That’s fair game.”

Nev­er­the­less, crypto’s bor­row-as-you-like ethos occa­sion­al­ly caus­es fric­tion. The issue flared up sev­er­al times just last year.

Open source advo­cates crit­i­cised DeFi titan Uniswap for announc­ing a new iter­a­tion of its decen­tralised exchange under a Busi­ness Source License, putting a four-year hold on its com­mer­cial use by competitors.

Exec­u­tives at cryp­to cred­it pro­to­col Maple Finance com­plained that Cir­cle used their code with­out attri­bu­tion. Cir­cle told DL News at the time that it hadn’t copied Maple code.

And Stad­er Labs, the par­ent com­pa­ny behind Kelp DAO, defend­ed itself against accu­sa­tions its liq­uid stak­ing pro­to­col was a “fork,” or copy, of com­peti­tor Rock­et Pool.

Stad­er said the code in ques­tion was just a frac­tion of a much larg­er, Stad­er-built product.

“Incor­po­ra­tion of open source ele­ments is a very com­mon prac­tice in soft­ware devel­op­ment, and even more so with­in the open source blockchain ecosys­tem,” Stad­er wrote in a blog post.

Aleks Gilbert is DL News’ New York DeFi cor­re­spon­dent. Have a tip? Con­tact him at aleks@dlnews.com.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.