Lessons from getting reckt in Iron Finance

I just got reckt..

After spending time in the DEFI space, carefully learning, putting strategies in place to avoid this, it still happened. And this hurt more than the 50% market drop In May 2021.. Not because I lost more than i could afford, or a large % of my overall portfolio, but because it was money i had no way of getting back, at all, zero.

I thought i had learned all the major risk lessons in DEFI, I even learnt to read the contracts so i could spot the ponzi farms, but I hadn’t learned everything. So here’s some learning’s from this particular loss with Iron.Finance (and if you arnt aware of what just happened, google it, its literately talked about across multiple forums). FYI Iron.Finance No hard feelings on this one, was a great idea that didn’t turn out to work

• Stick to your own Rules
• Don’t assume everything has been stress tested before launch
• An Audit only looks for known risks
• Assume 99% of DEFI will fail
• LP is more dangerous than most people know

Lets start with “stick to your own rules”

After playing with DEFI I had the following in place:

• Take profit often
• Assume everything is a ponzi
• never invest more than you want to lose

I have more, but the above is relevant here. Firstly, i got into TITAN at $3, and Iwas following all these rules. However, i quickly doubled down by reinvesting the profit into LP. So I effectively broke rule 1. On top of that, the steep price rises i also held onto the TITAN i had generated with the plan to sell when it hit $80.

Lesson (re)Learned: Take profit often!

Assume everything is a ponzi. Now in this case i don’t believe Iron Finance is a ponzi, even at this stage of its demise. At the first start of trouble, TVL being removed being the sign i was looking for, i would pull everything out. I didn’t do this, I had the chance, by this point i was already wanting the project to succeed because crypto is in need of a decentralized stable coin.

Lesson learned: Even if you like the project, use your PONZI risk strategies to protect yourself.

The one rule i did follow was never invest more than you want to lose. I only invested profits i had made elsewhere.

Don’t assume everything has been stress tested before launch.

The post mortum is still to come out at this time of writing, but it’s pretty clear someone found an exploit. I guess i assumed the developers had stress tested their mechanics before deploying. Maybe they did, but they missed this. This is even more relevant for a project with custom code.

Lesson learned: Assume exploits exist

An Audit only looks for know risks

I used to be an auditor. I know this! Why didn’t I apply this learning before..

An audit is there to look for KNOWN exploits. Sure in cases they might ask the “what if someone does this” questions. But auditors are looking for exploits they have seen before. With this project, the mechanics (although not completely new) weren’t the usual you’d find in many other projects.

Lesson learned: Audits don’t mean s**t if someone is trying something new

Assume 99% of DEFI will fail.

Every project is learning as they go. There are very smart people out there who don’t give a S**T about you or the project developers, and will happily burn it to the ground if they can make some money (or for fun). Projects only learn when mistakes are made, and clearly alot of projects will launch too early before they stress test. Hell, iron finance launched before their audit was complete, assuming because their code had been audited on BSC it must also be safe on MATIC, err that turned out to not quite be true.

Aside from people wanting to abuse things and alot of ponzi schemes, im also talking about legit projects here trying to solve a real world problem. Business fail, and in DEFI you fail fast.

Lesson Learned: assume the project will fail, plan for this

LP is more dangerous than people know

Now my plan here was if Titan dumped, to remove LP, and sell remaining Titan. The pairing should hold and i at least get some money back.

Never did i think one of the pairs would go to zero. Not even some ponzi farms has the token gone to zero as quick as Titan did. I didn’t follow this rule, largely because as explained above, i didn’t follow my “assume everything is a ponzi” rule and remove my LP at first sign of trouble. The network was so congested i might not have even been successful to execute it (topic for another blog).

With one token going to zero. My LP was suddenly worthless. This is what hit home hardest, i had not thought of this risk, and as such i have zero way of getting anything back after getting stuck with millions of TITAN worth zero.

The only money i managed to get back was the stable coin pairing of IRON/USDC. Because IRON still holds some value, but alas still a loss.

Where to go from here?

I’m still going to be playing around with DEFI, but going to need to take a break to recover mentally from seeing such high profits all disappear along with my initial capital. Seeing a 50% drop in the crypto market is no big deal for me, i have long term horizons and know I will make gains long run when it recovers. The only thing i missed out on there was selling near top to buy back in at a lower price (opportunity cost, not a real cost) .

But this, this was a wake up call there are somethings you cannot get your money back from.

I have no blame for the Iron Finance team. I don’t think they intended on this to happen, they had WAY more to gain $$$ wise from this project being a success.

I hope the Iron team share the code base with others, and the post mortum, so another project can give this idea a go with more thought out security and stress testing.