Open in app
Andre Cronje

Sign in

Open in app

Post Mortem of the Post Mortem

Andre Cronje

Mar 3, 2020·3 min read

There is a lot I think I did wrong in the last 72 hours. I wanted to document the thought processes and timeline so that hopefully others can learn from my mistakes; all times recorded are in my local time

28/02/2020

05:33 AM alerted to slippage tx 0x8f102 of ~445k to ~25k

05:34 AM contact 0x431 for assistance

05:36 AM 0x431 executes counter trade tx 0xa1f405 of ~89k to 465,242

~ begin tracking down 0x44e

07:09 AM @fiatminimalist tweets;

07:29 AM response;

~ continue tracking down 0x44e, at this point the focus is on finding 0x44e

10:07 AM manage to make contact with 0x44e start discussion on the slippage transactions.

~ begin planning steps to recoup 0x44e for additional losses incurred

29/02/2020

01:12 AM tx 0xa1f405 starts circling twitter

03:31~ AM write and release gist of the two known txs; at this point, detailed investigation is still underway, as the focus has been on recovering 0x44e https://gist.github.com/andrecronje/decacace45d41dd0c6de11ea1d6d6b57

02:57 PM Still collecting data; multiple transactions across multiple data sources. At this point, only documenting

~ continue debugging, notice there were more slippage transactions (roughly $150k unnaccounted for)

~ continue debugging and notice 0x818 interaction. Withdrawals show their exit position is around $150k

(0x818 deleted all chats, so unsure what time contact was made)

04:40 PM Release results of transaction sequence;

https://medium.com/@andre_54855/post-mortem-28-02-2020-6d675a85a33b

Now at this point, I’ve already made 2 big mistakes;

  1. I was working on other people’s schedules based on social pressure and not my own
  2. I was trying to have my own biases answered by the chain of events I was witnessing, those biases being that 0x44e lost money, and that 0x818 was responsible.

#1 was causing me to make rushed mistakes, something I know I should never do when auditing data. #1 was also allowing me to validate #2.

At this point, I have accepted the sequence of events, however I still don’t understand the reasoning.

01/03/2020

11:31 AM Continue my investigation, start noticing more irregularities in both 0x44e and 0x818’s actions.

~ Rest of day documenting txs based on chronology and timing of events instead of per user sequences.

Further results to be released by @kermankohli via https://defiweekly.substack.com/

Reflection

I made assumptions on what occurred based on my own bias. I should have excluded this from my findings.

I rushed work to fit by other peoples timelines. I should have paced myself instead of the urge to “please” and instead have been more thorough.

These analysis’ takes time, and require thorough investigation. While I was happy with my reactive instincts (step 1: make user whole, step 2: try to recover funds), I could have ended up causing more damage if I had continued through with them. It is not always about pleasing the vocal community, sometimes the right decision is the one no one talks about.

Andre Cronje