Odysseus

You know, my assumption is that, you know, they want to allow their customers to go to market very quickly.

And as...

you know, easy as possible.

So they were, you know, doing that and then they never circled back to these default configurations as the team grew and their ability to execute better grew.

They didn't circle back to say, okay, now we need to step it up, right?

Because they were offering it as a service, right?

It's not Kelp Data who was running the servers, right?

And then Kelp, of course, should have investigated or understood better.

And I think that's

There's, I think, two reasons why bridge hacks have historically been the worst.

On one side, you have bridges being a huge pile of money sitting in one contract.

But on the other side is that the mental models are very weird.

It's not easy to reason about IOUs and where the attack vectors are and who you need to trust.

which I think also is what resulted to Aave maybe not risk assessing it properly.

I'm sure that for a lot of users, they don't know they have IOUs.

Yeah, it's, you know, I think it's just a result of the same reason why roll-ups are not great, the same reason why bridging sucks, why even account abstraction is not great is because the protocol was unable to coordinate and make decisions about these things, right?

And it just passed it back to the app layer to coordinate and then things had to be bolted on in, you know, weird ways, right?

And because the protocol couldn't offer better assurances,

People just regressed to the quickest, easiest, cheapest, better UX solution, which is you just have a multisig that decides things, right?

I think it has, actually.