Post Mortem of the Post Mortem
There is a lot I think I did wrong in the last 72 hours. I wanted to document the thought processes and timeline so that hopefully others can learn from my mistakes; all times recorded are in my local time
28/02/2020
05:33 AM alerted to slippage tx 0x8f102 of ~445k to ~25k
05:34 AM contact 0x431 for assistance
05:36 AM 0x431 executes counter trade tx 0xa1f405 of ~89k to 465,242
~ begin tracking down 0x44e
07:09 AM @fiatminimalist tweets;
07:29 AM response;
~ continue tracking down 0x44e, at this point the focus is on finding 0x44e
10:07 AM manage to make contact with 0x44e start discussion on the slippage transactions.
~ begin planning steps to recoup 0x44e for additional losses incurred
29/02/2020
01:12 AM tx 0xa1f405 starts circling twitter
03:31~ AM write and release gist of the two known txs; at this point, detailed investigation is still underway, as the focus has been on recovering 0x44e https://gist.github.com/andrecronje/decacace45d41dd0c6de11ea1d6d6b57
02:57 PM Still collecting data; multiple transactions across multiple data sources. At this point, only documenting
~ continue debugging, notice there were more slippage transactions (roughly $150k unnaccounted for)
~ continue debugging and notice 0x818 interaction. Withdrawals show their exit position is around $150k
(0x818 deleted all chats, so unsure what time contact was made)
04:40 PM Release results of transaction sequence;
https://medium.com/@andre_54855/post-mortem-28-02-2020-6d675a85a33b
Now at this point, I’ve already made 2 big mistakes;
- I was working on other people’s schedules based on social pressure and not my own
- I was trying to have my own biases answered by the chain of events I was witnessing, those biases being that 0x44e lost money, and that 0x818 was responsible.
#1 was causing me to make rushed mistakes, something I know I should never do when auditing data. #1 was also allowing me to validate #2.
At this point, I have accepted the sequence of events, however I still don’t understand the reasoning.
01/03/2020
11:31 AM Continue my investigation, start noticing more irregularities in both 0x44e and 0x818’s actions.
~ Rest of day documenting txs based on chronology and timing of events instead of per user sequences.
Further results to be released by @kermankohli via https://defiweekly.substack.com/
Reflection
I made assumptions on what occurred based on my own bias. I should have excluded this from my findings.
I rushed work to fit by other peoples timelines. I should have paced myself instead of the urge to “please” and instead have been more thorough.
These analysis’ takes time, and require thorough investigation. While I was happy with my reactive instincts (step 1: make user whole, step 2: try to recover funds), I could have ended up causing more damage if I had continued through with them. It is not always about pleasing the vocal community, sometimes the right decision is the one no one talks about.