Launch App

Twitter Spaces With the Sommeliers: Sushi AMA With Joseph Delong

Sushi CTO Joseph Delong details a coming big phase change, future liquidity sharing, and how its product offerings fit in our latest Twitter Spaces AMA. Launched in August 2020, SushiSwap is both a cryptocurrency token and a decentralized exchange called an automated market maker (AMM). Sommelier co-founder, Zaki Manian, invited SushiSwap CTO, Joseph Delong, to talk about how all the pieces fit together and what people can start building on it.

Joseph describes his company’s most recent innovations:

“Bento Box is a brand name for something we’ve built. I understand these brand names can be confusing. We’re going to call it an application vault, like calling it Kleenex versus a tissue. An application vault is a vault that allows you to deposit tokens and the underlying tokens get exercised in strategies and, there’s an accounting mechanism on top that makes available a virtual balance for DAPS. So, for instance, Kashi -- which is our lending protocol that does isolated lending -- when I deposit collateral or a lending token the literal underlying token is not made available other than as a virtual balance to the application. The literal underlying tokens, up to 80% of them, are taken and invested in yield strategies that go back to the user who is entitled to the share. And then when the application needs some of the actual underlying tokens it’s made available instantaneously. This design pattern has been kind of winked at a couple of times in different ways that people designed it -- just not at this scale.

Zaki asks him to break down the idea.

Joseph explains: “There are two sides to this. The strategy side and the application side. The strategy side is what happens to the underlying tokens and the application side is maybe how tokens come in and also how they can be interacted with.”

Zaki processes the information and says: “OK, so I lend tokens on Kashi, they go into a strategy, and there are other applications living inside a Bento Box that draw on the liquidity inside of Kashi for different use cases.”

“Yes, right,” says Joseph. “The idea is let’s say we have deployed our AMM onto Bento, which is coming with Trident and we have let’s say $2 billion worth of ETH. We’re never going to need to access at any particular moment that much ETH. Two billion dollars worth of ETH is quite a bit. We're probably only ever going to have swaps that are in the millions, like tens of millions maybe. And in doing so the underlying ETH, up to 80%. So, in this case $1.6 billion would get taken and put into a strategy and then $400 million would be made available for applications when they need it.”

What a strategy can do with these tokens

The first one that SushiSwap has built is xSUSHI. Joseph explains: “It just takes the SUSHI underlying and wraps the SUSHI into xSUSHI, our yield-bearing token that is also governance. It’s making like 5% APR. So, if you’re holding SUSHI you ‘re not holding this yield-bearing asset. When you deposit it into the Bento Box, it gets wrapped behind the scenes and turned into the xSUSHI up to 80%.”

Zaki summarizes for verification: “So, a strategy is: I’m putting SUSHI into Kashi and it’s getting wrapped into xSUSHI and also available to provide liquidity on the end. I think this is maybe the biggest misconception I figured out talking to you about SushiSwap, is everybody’s like it seems like a disparate combination of different applications. And, maybe it is right now but the whole vision -- and what’s imminent -- is the fact that all these applications are actually sharing liquidity with each other.”

Joseph confirms the applications definitely will be sharing liquidity with the arrival of Trident: “Trident will be our next generation AMM that will be on Bento Box and that will be with Kashi. So, now in the sense of fractionalization, they will be sharing the responsibility of fractionalization for making funds available when applications need them.”

Zaki observes: “The other piece right now is I think the vision here is that you’re trying to make a call to the community for more strategies, right? The strategy that you outlined with xSUSHI sort of is native to the SUSHI ecosystem. So, what’s the process for getting a new strategy into the system. I'm a user, I have an idea for generating yield. How do I get that bootstrapped into the ecosystem?”

Joseph explains:

“We have the xSUSHI strategy built, we have also built an Aave and a compound strategy which will just take tokens underlying and wrap them for that specific service. We also have a Yearn one on the way built by Yearn that will just take the underlying tokens and put them into the individual Yearn vaults.”

Yearn, Aave, and compound strategies

Zaki projects a few months ahead and imagines that Trident is launched. “Let’s take ETH for example. I put ETH into Kashi with the desire to maximize yield. Is the idea that some of that liquidity would go into a Yearn pool and some would be in Trident?”

Joseph says: “Let’s back up. Without Kashi or Trident Bentro still makes sense. So, my tokens come in and what I get back is a share and those share values get made available to the application on top. And, so if I’m depositing tokens to lend on Kashi -- and Kashi is a great example because utilizations are pretty high -- the unutilized balances that I would be lending would then be taken and put into a strategy. So, as long as the literal underlying tokens aren’t taken out of the Bento Box, there’s this capability to float and that’s how we get to put them into strategies. My favorite example is just an analogy but like a bank, I deposit money in a bank. I go to the bank’s website and I see a balance on the web page. But they don’t literally have my money in a shoebox put to the side. They have the capability to return that money to me essentially at any time on the basis that some of it has gotten invested, some of it is in a vault, some of it has been lent for mortgages. Bento Box is kind of like the same thing. Bento Box is more like an accounting system that allows you to use strategies.

‘So, for people who would want to build a strategy, I would say that we’re still working on better documentation, and we’re learning that from working with Yearn. But, approach the team. The first thing would be writing contracts. Those contracts need to be whitelisted onto Bento Box and the strategies that we’re targeting are low- and no-loss strategies. Because there’s really potential damage here to be done across all the applications if there’s a problem with the strategy. It could be really bad. Assuming that an underlying strategy is not a low, no-loss strategy you could go kind of fractional and what they have on top is a share representing the tokens underlying so then they would basically be entitled to less of what's underlying because there would be less there. So if there were a token loss this could be really bad.”

Zaki adds: “Really bad in the sense that the shares of that Bento Box strategy would be worth less than the collateral that was originally put in, essentially losses get centralized across the strategy. I don’t understand why that’s catastrophic.”

Joseph explains: “It’s just not good to go fractional reserve on something. We’re just ultra conservative about low and no-loss strategies and ultra conservative about checking the code base that will make its way as Bento Box strategies. Kind of like the way that Aave or Compound where they definitely need to have the capability to liquidate a token quickly, otherwise they can run the whole system fractional. We are conservative in that same way.”

A conservative approach to SushiSwap’s ultimate goal: Migration

Without a doubt being conservative like that is going to limit the number of strategies that come into the Bento Box world. Zaki observes: “But it does mean that you’re going to be able to hide some of the complexity of liquidity management from the users behind these Bento Box strategies.”

Joseph agrees: “Yeah, 100%. That’s the goal. The real motivation will be when we do a migration from our AMM now into our next AMM and we bring $4 billion from there into Trident and there’s a lot of motivation when there’s a lot more capital, especially when there are strategists who can do this 2-and-20 model.”

The 2 and 20 model

Yearn pioneered the 2 and 20 model when it was 2% of the underlying deposit with a 20% performance fee. And they did this in a really beautiful way.

Joseph explains: “Let’s say I have 100 USDC and I deposit that into Yearn YSDC and I remove it, I don’t have 98 USDC, I have 100 USDC -- if it’s just kind of like a deposit and remove. They take a 2% of principal and 20% performance fee only when they’ve actually provided that to you. So, it’s a kind of accounting mechanism that makes sure that you have gotten up to 2% and then after what you’ve gained they take a 20% performance fee.”

Zaki says: “This gets to what you were saying about avoiding going fractional reserve, i.e., you are taking 2 and 20 but it’s essentially from profit.”

“Yes,” adds Joseph, “and that would be for the strategists who implement. We’re going to make that available to you as a strategist for investing Bento Box. Where you have to be smart and chase these different yields, Bento Box will essentially make that available for you just by being inside of Bento Box.”

Zaki observes that there are a couple of levels of this in the Yearn strategy: “Yearn is also taking their 2 and 20, so I observe that Bento Box has like a fund of funds property there, where you have Bento Box’s strategy fees on top of Yearn’s strategy fees, but you get the other SushiSwap apps that are integrated into Bento Box as a profit source.”

Joseph observes: “In this particular instance with Yearn, they’re just doing the integration, there’s no additional fee. But maybe new strategies or additions that don’t already have a fee built in you can also build in a fee.’

Other pieces of SushiSwap’s emerging tech stack

Of course, Bento Box is a big piece of SushiSwap’s emerging tech stack. Joseph notes: “Also our coming Trident AMM is going to have this capability so you can build your own pools. There is this iPool interface, just a standard Solidity application interface and it allows you to design pools in such a way, say for instance, I’m Amplefourth and since I’m a rebasing token I need to design a pool that each time a rebase happens I need to update the pool in accounting for those rebase token balances. I can implement my own pool design to accommodate something like that.”

Not only does this work around a pain point that the rebasing tokens are experiencing with existing AMMS, Joseph says: “It can expand to say, let’s say that I’m Reflexer Labs’ RAI. They have a stable price, but their price is not stable against a particular asset. It’s stable in the sense of a control loop stability. It’s volatility dampened. And maybe I want to trade against DAI, but a stable swap curve does not make sense for me. I want something more complicated with low slippage, I can design something like that.”

Ambitious! A generic interface on the liquidity side

Imagine an iPool interface that allows the creation of fully customized, fully programmable pools. Presumably Trident will come with some sort of out-of-the-box pools that can be created. Zaki observes: “I assume that the iPool interface does require a liquidity share from different iPool interfaces to look pretty similar to each other. Can you accommodate something as different as Uniswap v3 style non-fungible liquidity position? What’s the limits of this abstraction?”

Yes! SushiSwap definitely supports this. Joseph says: “We’ve built our own version of concentrated liquidity. We have a StableSwap pool that allows you to user configurable in between two and 32 assets. We have weighted pools and we have these traditional constant product pools.”

Zaki observes: “The liquidity shares of some of those things will look different. We’ll have very different behavior then.”

“Oh, definitely yeah,” says Joseph. “So, it’s pretty generic, especially in the add liquidity interface. It’s a method that accepts call data and not necessarily specific parameters. To keep it generic, we had to be pretty liberal with the inputs it would accept.”

Zaki observes: “It’s very ambitious to try and make an AMM have a generic interface like this both on the LP side. I guess having AMM Swap interfaces all look pretty similar to each other, and if someone is building an aggregator that is going to accept all the different Trident pools, the swap interfaces will probably all look pretty similar to each other.”

A new hop or multi-hop router called Tines

The other thing that SushiSwap will do is to integrate its interface into its router called Tines. Joseph explains:

“If I have all these different types of pools then I can’t do the same style routing that I did before -- where it’s like: I have one type of pool, hop or multi-hop, to get the most effective liquidity I have got this capability to start with different roots, r-o-o-t-s, and maybe balance the swap in between two pools. So, for instance, let’s say I have a concentrated liquidity position for USDT and USDC that produces the best price but only to a particular limit. Once you trade out of that top range you basically can’t make a swap any more. So I have to balance that with something else in the AMM to complete the trade or to get the best price, and so maybe there’s a StableSwap pool for USDC/USDT and I balance the trade maybe 70% in this concentrated liquidity and 30% through that. And that’s what Tines is going to be able to do. It’s going to be multi-route as well as multi-hop.

Zaki observes that this is a bit like the aggregators’ role. For example, CowSwap tries to solve an order across multiple AMMs.

Joseph agrees and says:” I think 1inch is analogous as well. And, we just haven’t had this problem at AMMs because AMMs have always been like ‘I have this pool A type and so I’m going to route through all my pool As.’

From the Sommelier point of view, Zaki is excited to learn all about SushiSwap’s growing tech stack because he wants to see whether or not they can develop stuff that will fit into the constraints of Bento Box strategies as they evolve.

Billions at stake. What’s next?

Tines, Bento Box strategies, and Kashi lending are the integrated components of the new SushiSwap under development. What can people expect for the next stages of this system being developed?

Here’s how and why they’re going through a series of audits:

As they have been, and continue to, develop, SushiSwap does verification of the contracts using Sartorius’ suite as well as some of the Sartorius team, Joseph explains:

“That has gone really well. Also, we got better guidance. We hired Moody Gupta and he comes from an auditing background. I think he’s more particular about auditing in that formal verification basically only guarantees you coverage in the same way that tests guarantee you coverage. He likes to see audits. We have audits signed up with Halborn, OpenZeppelin. We have our formal verification. We’re also going to do one of these C4 code contests, this coderie that runs an audit. We’re going to do a few weeks of that. We have a couple of different auditors giving us informal reviews. We’re reaching out to a few more.

“You know, we’re going to migrate a bunch of money into here and it would be really disastrous if we didn’t do that. When you’re bootstrapping, like maybe Sushi in the beginning, it’s not as serious because there’s not much at risk. So, you can kind of get by and use time to audit those contracts. But for this one in particular it’s a very huge deal and so we want to be very secure in our deployment.”

Joseph thinks they’ve got a month more of audits, maybe more. Here’s the migration plan:

“We’re gonna go to Polygon first and not run our migration script. We have a migration script that will take you from our Master Chef contracts and you can migrate from that into a new token. So, we’re going to wait until all the audits come back but we’re going to run some test deployments on Polygon to check out and see how everything is operating. When we’re given the go-ahead we’re going to do a migration from our legacy AMM into Trident.”

And while we’re talking, some general observations

Zaki’s excited to start learning Polygon development and frustrated about an auditor talent shortage.

“It’s been coming up in the Gravity community. There’s an ongoing C4 audit of the Gravity software stack now going on.This mechanism came to my attention very recently as a way of getting code looked at. It’s been interesting to see where communities are forming in the community space. We’ve been coming up against talent limits. Auditors have only so much talent pool. A lot of projects have pulled security inhouse. It’s interesting to find that there are new sources of security people in these communities around stuff like C4.”

It seems the incentives are all messed up, Joseph explains:

“To work at a Tier 1 auditing firm you basically have to be one of 100 people on each that are this good at Solidity, who understand it this deeply. And you basically have to watch people that are basically intermediate make 11 figures while you’re the person who gets paid a salary. It’s really difficult to retain talent like that. I think maybe code contests might be the answer. For instance, we audited Miso, got two audits and a formal verification, and we still had a bug that could have lost a catastrophic amount of funds. And for that we have a bug bounty within Unify who helped us out. And we have basically 10% of vulnerable funds up to $1 million, that’s our cap. And we just made a $1 million payment to Samsung.”

This is the question: Can you provide an incentive? Zaki says:

“The auditor mindset is something that has to be trained. I think the builder mindset and the auditor mindset are two different mental modes. I have a hard time going back and forth between them. The builder mindset is very much a creative flow, it’s about imagining what the code could be doing and how it can change and evolve. And the auditor mindset is like looking at the code as a static object, how can I break it, how can I get it to misbehave. It’s always a challenge to coexist with these in a developer process. I find it extremely challenging. I do think of auditing as the end of the process. It’s not just about we had an incident, we resolved it and paid out the bounty. It’s like what does that tell you about what are the gaps in the upstream software development process and how do you feel? I think that is the other challenge.”

Tier 1 and Tier 2 auditors and other challenges

Beginning in DeFi Summer, the major thing that people aren’t acknowledging with the audit process -- one thing that people just won’t say -- is that there are two tiers of auditors: The Tier 1 auditors that are super high quality, and then there’s the Tier 2 ‘rubber stamp’ auditor. Joseph recalls:

“People complained, especially with Yearn, why didn’t you get this audited? At the speed they’re building Yearn can’t materialize auditors to audit their code. Then you point at all these auditors and say they’re available but they’re Tier 2 auditors. You’re not getting anything except a rubber stamp from them. It’s like plausible deniability for the community to be like “ you didn’t get an audit.” Yeah, but it wouldn’t have saved you at all if I got you an audit from Jim Bob’s Audit Shop. All I would have gotten from my end is plausible deniability. Look, I got an audit. You know, that rubber stamp costs between $40 to $100 grand. So if I’m Andre and I’m not fairly compensated for my work I’m going to write contracts and I’m going to test and prod and you can take the risk or you can not. I think that’s been an appropriate solution that’s been downplayed as super risky, but many teams don’t have the same choice.”

Zaki agrees: “These are the incredible pressures that we’re all under. There’s still so much left to build we’re under incredible pressure to innovate and everything is becoming more complex and we’re ramping up the complexity of the blockchain system rapidly. Tier 1 audit firms have tried to invest in various kinds of tooling, fuzzing, and static analysis tools but, especially in this era, they are constrained by access to talent. These people just don’t fall out of the woodwork. That’s another piece. I think everybody in this space is definitely struggling with trying to find these balances.”

Incident response is part of the deal

The stress of also doing incident response is the other piece. Zaki says: “I know in my life for every incident there are 10X more false positives, where somebody comes to you and says ‘Oh, I think I found something really bad,’ and then you’re like ‘Okay, we looked at it, it’s not really that bad. But you have to pull the fire alarm to an extent on every incident and it’s another under-recognized ongoing cost of running these systems.

“And, the continuous stress of doing incident response. I’ve been doing incident response on Cosmos for three years now and it’s like I don’t see an end to it. I’m pretty sure if I completely disassociated myself with the project, sold all my tokens, I’m pretty sure I would still get paged when people were trying to triage an incident.”

Joseph says: “The only reasonable response I see to this are insurance funds long term. You cannot make bullet-proof code. But, that’s a risk that we can commoditize and sell."

NFT madness

Joseph wonders about Paradigm’s NFT:

“I guess I didn’t understand it. I saw it at first and I messaged David White and I was like I think that this assumes uniformity of the underlying NFT. And then also the same thing that most of these platforms suffer from is a race condition in the end, where some NFTs are more valuable than others and people who are exiting cherry pick those particular ones which drives value down further. He says that that ‘s not true. He thinks that maybe I’m kind of having a mental model similar to NFTX. So, I guess I don’t understand it so far and I still need to read more about it.”

It’s fascinating watching this sort of market evolve, Zaki says. “It’s also sort of annoying to watch the effect it has had on ETH gas prices. It is interesting to me. It seems that we are setting the stages for a trading ecosystem around NFTs that is just as rich and varied as the fungible token trading ecosystem. And, so that’s just generally my take on this research.”

Joseph has been analyzing NFTs from every different angle -- trading, tranching, fractionalization in a bunch of different ways, lending -- and concluded that these things are just a nightmare to deal with.

“Somebody is going to come along and they’re going to invent the AMM of NFTs. I say this tongue in cheek but like forever, everybody was doing this 0x or AirSwap model -- where it’s this OTC trade, and then Uniswap comes along and it’s like, ‘Bam! An AMM, isn’t this cool.’ And it solved so many problems that had come from these primitive DEXs -- they were like thin liquidity and poor mechanism design -- And somebody is going to do that with NFTs, I’m sure of it. But just right now every time I try to approach this problem the nonfungibility creates so many individual problems. And then the illiquidity of them naturally and the high diversity of assets, it’s really problematic if we look to traditional markets. We have to look at other nonfungibles like mortgages, that’s probably the closest thing. But in DeFi we need this capability to liquidate whereas mortgages are like funding essentially. With NFTs it’s slightly different. If somebody perceives their initial loan value has dropped below what their initial loan value is they’re going to default.”

Zaki observes that the cycle of this is similar. He explains:

“How did we get here with fungible tokens? We got here with fungible tokens because we had the 2017 ICO boom which led to a lot of different assets being created -- most of which went to zero but a number of them stuck around and that created something that people could build lending markets on top of and all of these other primitives -- AMMs, lending markets, all of that stuff. I think we’re seeing the same cycle play out in NFTs. We’re right now in this massive asset-creation phase and that lays the groundwork for everything else but you’re right about how hairy the problems are to solve. It is less easy to guarantee for instance even among a blue chip set that for instance liquidations will be possible.”

Joseph concludes: “We basically need bids on them. So, to have bids on them we have to create some sort of highly liquid market, or some mechanism that allows us to have a highly liquid market. And then we can price them to do stuff like lending, I think that’s probably the first problem to solve”.

More articles


© 2024 Somm by Bajanss OÜ –Maakri 36-50, Tallinn, Estonia 10145

Bug Bounty
Privacy Policy
Documentation
Telegram
Discord
Twitter