Things I wish I knew before building Ethereum #DeFi dapps

On the 31st I started asking certik and cryptomoniak’s on telegram (was fortunate enough to have their contact details) for quotes.

Had to followup with certik and cryptomaniak 3 times each.

By 4th of Feb, I didn’t have any quotes yet, so I started emailing;

Mailed an audit request to openzeppelin via their email audits@openzeppelin.com. Received a same day response saying they will get back to me in 1–2 business days. I will update this post when they do.

Mailed trialofbits, they responded same day with a quote, 1 engineer-week $16,000. They would perform “rapid risk review using manual and automated techniques and file security issues”, I unfortunately had to reply and tell them that was too expensive for me. I received another response recommended I use the following tools;

https://crytic.io/
https://github.com/crytic/slither
https://github.com/crytic/building-secure-contracts

Not an audit, but at least helpful!

Mailed quantstamp via their online form, no response yet.

Mailed sigmaprime, same day response and after a few back and forth emails, same day quote. They said they would require 11 person-days, report delivery on the 26th total engagement $27,500. Will need to mail them as well and tell them I can’t proceed.

Currently waiting on the certik quote, received the cryptomaniak’s quote for $5,000.

So recap;

I’ve asked cryptomaniak’s to please proceed with their audit. I created a funding request on gitcoin and on metacartel, but neither have had responses, so I don’t really assume anything will happen there.

Now for all of the above, this is not a full system audit, for all of these quotes, I asked to audit a single file, 359 lines of solidity code. Even at the most viable option from cryptomaniak’s that’s $13/line of code.

So if you have a bigger project, expect $50k+ for an audit.

TLDR

Almost $20,000 out of pocket for my free, fee-less, open source project. No immediate signs of community support or ethereum funding, but I guess I’m just talking to the wrong people or they just aren’t interested in iearn.finance. I do think I have a better “crypto network” than most though, so I don’t know how hard this has to be for a complete new entrant into the space.

Lessons learned.

Quick fire round of some more obvious but should be mentioned stuff;

4. VC’s I spoke to won’t fund your free, fee-less, non token system

Again, obvious, but should be stated. Respect for pooltogether, no clue how they managed it.

5. Tokens help bootstrap

I hate tokens, I’ve been vocal about them, both systems I’ve designed iearn.finance and xar.network are both token free, feeless systems, and both struggle the most because there is no “token network effect”. Want to build a community super fast? Add tokens (or get a VC behind you)

6. You won’t get community support unless you already have a community, which you can’t get without support

Cyclical I know, but don’t expect communities to help you with the above.

7. Easier to “fake it till you make it”

All these “our AUM has grown so much” or our “rates are so high” are semi “fake it till you make it”. Self provide initial AUM (from VC, funding, or community ~ aka token) and use those rates to increase other depositors rates. pooltogether is a good example with their 250k “self starter fund” for example.

Same model would work for iearn.finance but I don’t think the bit of money I can spare will help entice people…

Cheat Sheet

Launch a token, premine 50%, lockdrop the other 50% for AUM providers once off, get funding with the 50% of tokens, get a few VC’s, use $20k to build the product (or just copy iearn.finance for free) throw all the capital you raised into the “starter fund” to create massive interest rates (2x what others are offering). Because your rates are so high add system tax (15% of interest above the nearest competitor), which no one cares about because they still make ~2x-15% vs your competitors. Pay those taxes out to token holders which grows with AUM (which you already increased because of your 50% lockdrop) so you have network capture value.

Don’t do it the way I did it, which was hard, cost me a lot of money, and has created very little network effect.

Lessons learned.