[meowface]

I can't imagine it'd be possible. There're a whole lot of Andy Kaufman-esque / kayfabe / "the most entertaining outcome is the most likely" things going on.

Literally no conceivable parody could work as an actual parody, I think. There are coins people are getting rich off of with names and logos like "Pregnant Butt", "CumRocket", racial slurs, etc.

There's absolutely no doubt in my mind that if it hasn't already happened, coins named "Scamcoin", "Rugcoin", "Ponzicoin", "This is a scam coin, please ignore", "If you invest in this you will lose all of your money and be the laughingstock of your friends, family, and communitycoin" could probably quickly reach million/billion-dollar market caps.

You could make a token with a smart contract which self-destructs itself at a random time, and explicitly disclose this fact, and it'd still probably get a huge market cap and retain it up until the day it explodes. Or you could make one that does this, don't disclose the fact, have millions of dollars flow in without a single person ever looking at the code, and get the same result. (Doesn't matter if you do or don't publish the verified source code; if you do, no one will look at it, and if you don't, no one will notice/care that you didn't before investing their life savings in it.)

Poe's law doesn't even quite describe it, because it's not that you can't distinguish between parody and sincere absurdity. There's just no difference between the two in terms of actual real-world outcome. Whether you make an intentionally or unintentionally terrible coin, and whether or not you're open about it and whether or not people are aware of it, it's still going to receive a ton of investment.

And it pretty much makes sense why this is and will be the case (unless the US government starts cracking down). People are buying because they find it entertaining and think other people will find it entertaining and buy and that they'll think other people will find it entertaining and buy, etc. And then they just wait until their initial investment multiplies a bit and they try to get out before the inevitable collapse. It's a fast-paced psychological arcade game. In some sense it's a distillation of Wall Street to its purest essence, for better and worse.

[brigade]

Scamcoin hit a $70 million market cap within an hour, and PonziCoin absolutely would have hit a multi-million dollar market cap if the dev hadn't pulled the plug.

[meowface]

>Scamcoin hit a $70 million market cap within an hour, and PonziCoin absolutely would have hit a multi-million dollar market cap if the dev hadn't pulled the plug.

Fantastic. I genuinely was just coming up with those on the fly and did no research to see if any existed, but added "if it hasn't already happened" because I was still confident enough that some very likely did exist and very likely were successful.

My post with your reply feels a little like movie scene dialogue. (Perhaps Aaron Sorkin.) What a time to be alive.

[bruce343434]

> Doesn't matter if you do or don't publish the verified source code; if you do, no one will look at it, and if you don't, no one will notice/care that you didn't before investing their life savings in it.

As someone who doesn't know much at all about crypto, it seems insane that apparently coins can be closed source? But how? How does the chain know what code to execute?

[meowface]

The Ethereum interpreter bytecode is stored on the blockchain, but the source code isn't. (It'd be inefficient both for storage and CPU cycle reasons.) Basically like storing a Python .pyc or Java .class file.

There's pretty much a rule of thumb that tokens should always be open source, in part because it's much easier to hide a backdoor if you don't publish the source, and also because cryptocurrency communities generally share the open source, high-transparency ethos. The #1 Ethereum blockchain explorer site has a system that lets you submit source code for a contract, and they verify that the source code compiles to the exact same bytecode.

You can very safely assume that if there's no source, it's malware. For every single instance I've seen where a project doesn't publish the verified source code, it's always been because the code is backdoored.

You can decompile bytecode, but scam projects will often add a ton of obfuscation or even specific things to confuse the decompiler and make it fail to decompile certain parts. Better decompilers will keep getting written, so you theoretically won't ever be able to truly hide what your code is doing even if you don't publish source, but it's sort of moot because verified source code is bare minimum "table stakes" for anyone (competent) to interact with your project.

The caveat being that most investors are non-technical and don't have a clue what any of what I just wrote means and will just invest in whatever if it has a name and a logo. But in that case, they'll invest in a scam project whether or not they publish the source code. And for the percentage who do at least know that no source = scam, they'll still invest in every scam that does have source code, which is most of the scams.

[fomine3]

Generally is it reproducible build?

[meowface]

My understanding is it's always reproducible if you submit the compiler version and flags you used. The (EVM compiler version, flags, source code) tuple should always generate the same bytecode.

(Though I guess it would be hard to imagine how that wouldn't be the case, if you're assuming the same reference compiler is used and that each release, no matter how minor, has a different version. A non-deterministic compiler is probably a bad idea, unless you're trying to make a Malbolge-type language or something.)

In theory perhaps you could discover some major compiler issue where benign-seeming source code generates malicious bytecode for a certain version, and then use that specific version to deploy and verify your contract, but I'm not aware of any such issues. I imagine there would probably have to be an incredibly big fuckup for that kind of bug to occur.

[AlexCoventry]

Most chains have a low-level representation which higher-level smart contrast source code is compiled to. E.g.,have a look at the "contract creator creator code" section on this contract:

https://etherscan.io/address/0x1a2a1c938ce3ec39b6d47113c7955...

[dlubarov]

Ethereum apps are typically written in Solidity before being compiled to EVM bytecode. The EVM bytecode must be public, but one could keep the (more readable) Solidity code private, like distributing an executable without the source. I think it would be unusual though.