Home
Guides and Tutorials
Tornado Cash's frozen USDC | Dune Arcana #1

Tornado Cash's frozen USDC | Dune Arcana #1

In the inaugural session, we investigate the implications of OFAC's decision to sanction addresses related to the tornado.cash protocol.

Related videos

The FTX Saga | Dune Arcana #6 | How to track on-chain balance and volume with open data
Automated Market Maker (AMM) | Dune Arcana #5
A Primer on L2 (ft. MSilb7) | Dune Arcana #4

Transcript

Boxer  0:00  

Okay, well, nobody's watching yet. Oh, I see what you're saying. It's a bit stressful. So, all of this is live now. So, interesting…22. Okay, welcome everyone to this first Dune Arcana session.

Boxer  0:32  

I'm basically just going to be an observer today. So, I'm just gonna have…so for everyone who doesn't know me, I'm Boxer. I'm part of the Wizard Relations team at Dune. I'm going to be hanging out in the chat. 

So, if there are any questions, do leave them in the chat, and I'll make sure to get them to Jackie. But Jackie is going to be our host today. So um, the word is yours.

Jackie  0:54  

Thank you. Thank you. My name is Jackie, I go by @agaperstepitchday on Twitter. I'm really excited to be here to do our first Arcana session. Thank you, Boxer, for moderating the chat for today. We're just gonna give it like a few more minutes for people to show up. 

But as you all know, today we're gonna talk about Tornado Cash's, frozen USDC, and like, do a little bit of on-chain sleuthing and see how we can understand what it actually means.

Boxer  1:33  

I would say you can just go ahead and start. Okay. Yeah, I'm just going to drop off, and yeah, if there's anything interesting, I'll pop back in and get you the questions. Okay, cool. All right. Let's go.

Jackie  1:49  

Turn this on. Hopefully, we can see the presentation. Okay, awesome. Awesome. So happy to hear. So, as we all probably have heard, last Monday on August 8, the US Treasury's OFAC — the Office of Foreign Asset Control — came out and announced that they are sanctioning Tornado Cash. 

And in turn, they added Tornado Cash (associated Ethereum wallet) addresses to this list, the SDN list, this Specialty Designated Nationals list. So yeah, what does it mean to have an OFAC sanction? 

What exactly is Tornado Cash, and what does it means to have OFAC sanctioning Tornado Cash? That's what we're going to talk about today first. 

Okay, so, OFAC is the Office of Foreign Assets Control for the US Treasury Department. They are responsible for economic sanctions against international terrorists, criminals, and individuals generally deemed as posing a national security threats to the US. 

So think about Cuba, North Korea, etc. And once you're added to this SDN list by OFAC, you're pretty much screwed because any US persons, whether you're a citizen with a residence or a business, you are prohibited from interacting with any entities that are on this list. 

Yeah, so that's what it means by an OFAC sanction. And now, let's quickly talk about Tornado Cash. So, before talking about Tornado Cash, let's take a step back into cryptocurrency and transactions. 

So we know with cryptocurrency transactions…let's say I have some ETH. I'm sending Boxer, let's say one ETH over the internet. So by the obvious property of public blockchain, everything is public and visible and will forever be there. 

When I send this one ETH to Boxer, everyone else can see that. So by that, like all of my transactions, any malicious party will be able to see it. So, if we want to protect our privacy, there arise the need for privacy tools. 

Tornado Cash is a type of privacy tool mixer, and you literally make the money into a pool. And then when it comes out to the other side, it's not so like…everything is super public. You can see who sent who money.

With Tornado Cash, how do you achieve that? There's different pools, so that could be like 20, like 100 ETH…whatever, a million. 

So, with like 100 ETH pool, when you want us to only deposit 100 ETH and only withdraw 100 ETH. Not 99, not 101, only 100. And then they're already pre-exists a large amount of money instead of that pool. So effectively, when you deposit into this pool and then try to withdraw, a few days or weeks later, you can't really tell like where the money comes from anymore. 

That's what I mean by a mixer. That's what Tornado Cash does as probably a lot of us know. 

Tornado Cash is just like living, breathing code smart contract code that are on the blockchain. So when OFAC is saying, “Hey, we're going to sanction Tornado Cash as a protocol,” what does that actually mean? Right? 

Let's see a few tweets or news for the day. On August 8, probably a lot of you have seen this banteg tweeted that Circle…Circle is the issuer for USDC. It has just frozen 75,000 USDC, belonging to Tornado Cash. 

And then also Jeremy, the CEO of Circle came out and said to comply with the US Treasury’s sanctions against Tornado Cash, and they've blocked related addresses. It’s really when OFAC is saying, “Hey, we're going to sanction these, this protocol or these addresses.” 

It's really up to the counterparties or other people that are interacting with Tornado Cash to comply with this regulation. So in Circle's case, Circle has decided to blacklist these list of addresses and basically blocking them from taking any actions. 

So yeah, if you don't quite understand what that means yet, let's go to some on-chain examples to further help understand. How can Circle, as a centralized entity, comply with a regulation and enforce this rule?

Jackie  6:29  

Alright, so here, I have a screenshot of a transaction that blacklists a particular address associated with with Tornado Cash. 

Don't worry about how I'm getting getting this transaction. We'll cover that how later on. We can also go and find this transaction. But let's go here first…to see. Okay, so here, I have a blacklisted event. And then we can see the address being blacklisted. 

So, a quick word on this, we have topics, right? We have topic zero and one for the event logs that is being broadcasted. The first position of this topic is always going to be an encoded string version of this string, event declaration that you see up here. 

And then, from the second position on, it's going to be whatever parameter belongs to that event. So here, there's only one parameter, the address being blacklisted. So, this is the address that is being blacklisted by USDC. 

Or Circle, in this instance, and then we can open this address and see. So, on Etherscan, we can see, “Hey, this is indeed a contract address associated with Tornado Cash.” 

And it's even had a tag of sanction. And then we can see, “Hey, it's like a Tornado Cash, USDC pool.” So just know that this is actually a 1000 USDC pool. I don't know why they wrote it like like that. We can verify by clicking into it. This is just like a withdrawal transaction. 

How do I know to withdraw the…it says withdraw here. And then if it add up the…the money here. It equals to 1000 USD, see? This is like a 1000 USDC Tornado Cash Pool. 

Alright, so going back to the transaction. This is how Circle is blacklisting addresses, but what does it mean when they blacklist an address, right? To understand that further, let's go to USDC Contractor Online to help us understand the effect of Circle blacklisting and addressed. 

What I am going to do here is I'm on Etherscan, and I'm going to type USDC. And I'm going to click into the USDC. Contract page. 

So, all the transactions are going to be recorded here. And I'm going to the contract tab. And then, here is what I can see the code that generally dictates the behavior of USDC. 

But if you notice, this is actually a proxy contract. I'm not gonna let…yeah, let's just like quickly talk about like contract. So, when a contract is being deployed on-chain, as we all know, the immutability of open public blockchain, it cannot be changed. 

If I want to like add on more behaviors or something, a pattern that I can do is deploy a proxy contract, and then that proxy contract turn and points to another contract. So, anytime I want to update the behavior, I just change the contract underneath, so the proxy contract will remain the same in terms of address. 

That's what it means by proxy contract. And then, with Etherscan, we can investigate what type of actions that you can do. So, these are the functions that you can call actions. 

And you can conduct with USDC as a token, so like you can approve…so like if I approve 10 ETH to Boxer that means I allow a Boxer to spend 10 ETH in my wallet, and then you can see a blacklist. I can call it a blacklist function to blacklist the address. 

And then some other really common common functions are like transfer. So I transfer 10 ETH to Boxer…that's a function that I need to call. 

So now, I'm going to show you a neat tool that people have developed to help us take a step further. I like looking at the code and understanding exactly what happens when an address has been blacklisted. So, I'm going to go back to the Code tab for now. 

And then here in the URL, instead of Etherscan.io, I'm going to replace .io with .death.net and then hit enter.

Jackie  11:03  

So, this is a tool that will help us better read the code associated with the USDC contract. Okay, so let's take a look at the transfer function, which is one of the most commonly called functions of this contract. 

So, let's do Ctrl F. We're looking for a function called transfer. All right, perfect. So, we can see this line. Let me just make this a little bigger, so we can all see it. 

Yeah, so the transfer from transfer function, as you can see, the transfer function, when it's being called the function…it already checks…hey, this particular the sender…so the “from” of this transaction is not being blacklisted. 

And the receiver of this transaction is not being blacklisted. So, you can see when an address is being blacklisted. It effectively cannot do anything it cannot transfer. That's why all the funds…we say it's frozen, and we're stuck inside of this contract. 

So that is how USDC or Circle, as a centralized entity, comply with OFAC regulation on banning these Tornado Cash and burning these Ethereum addresses. That's how they first blacklist these addresses. 

And then second, whenever there's a transfer, it definitely checks to see if the address is on that pending list. And if it is, you can't do anything. So the fund is frozen. 

Alright, so I will pause quickly for a few seconds if anyone has any questions. Okay. All right. Cool. Perfect, then so let me ask a question. A question to…so I already found a transaction where Circle blacklisted USDC. 

Sorry, Circle blacklisted Tornado Cash in one of the addresses associated with it, but how can we go about to find all the that addresses that are are being blacklisted? 

Right. So, if I just go to Etherscan, there's so many different transactions manually. It will take me ages…I don't even know if it's possible to really help me find out. 

So, we can use Dune as a resource and analytics platform to help us find the blacklist transactions for USDC. So, yeah, actually, let me just start a new query. I'm going to go to Dune.com. Sorry, typing dot com. 

Okay, so here, on the top right, I'm going to start a new query. And here, it's telling me it's selecting Dune engine v2 for a more powerful experience. I'm going to do that. Just a quick word on the v two, v one engine. 

Here in the drop down, drop up, and you can see one through six are V1 version of the engine, so these are Postgres SQL engine. Each of the database that we can see here are for separate chains, but in the V2 engines, and number seven we see here is…all the chains are in the same database. It's Spark SQL. 

I believe it unlocks the power of doing crashing analytics, and also, it really speeds up what we do…like aggregation across a really long time horizon. It's a really powerful tool, so today we're going to use v2 engine to query for this. 

So, I always start with a select from. Okay, cool. Now we're here, and we're ready to write some SQL to help us investigate what addresses are being blacklisted by Circle on August 8. So, that is our question in mind. 

I'm going to…let's just build this query together to see how exactly we can do that. So, coming back here one more time to refer to our particular action. We can see, ‘Hey, we see that log. This is an event log that is being broadcasted.”

Okay, so keep that in mind coming back here.

Jackie  15:40  

We can select the role tables and then just filter for Ethereum Chain. And then, these are the basic rules and role-based tables of Ethereum. So Ethereum, if you think about it, it's just really a gigantic database. 

And databases, we have different tables, right. So, we have a transaction table, traces, table locks table. You can read more about these if you just Google Ethereum architecture. 

So, whenever there's a transaction happening…let's say I deposit like $10 for Boxer, then I'm gonna text Boxer, “Hey, I've done it for you.”

So, kind of like the event log, you have some sort of action, and then you're broadcasting to the chain to the world that I have just conducted this auction. Those are the event logs. 

That's the table we are going to query. So select start by clicking the little right arrows here to automatically populate the table name. And then, I'm going to click onto the table itself to help examine what columns I can query. 

Okay, so now we've got the table, select from Ethereum logs. And this is the stuff I need to filter because there's gigabytes (like terabytes) of…so step one, I know that Circle USDC has blacklisted the addresses. 

So, I'm going to filter by the contract address. This is the initiating party for this particular transaction for this event logs. And I'm going to filter that. So we already know…defined USDC contract address…but let's do it one more time. 

I'm opening Etherscan one more time. And then going to USDC. And then selecting USDC. And then I'm going to copy the address, coming back to Dune. And then I'm going to paste the address. 

And then I'm going to try a lower function because every time in Dune, when you query for an address, it has to be lowercase. So that's why I'm applying a lowercase function here. Okay, cool. Perfect. 

So now, we're filtering for USDC. But as we have seen, with USDC, there are so many actions you can take, right? You can approve, you can blacklist, you can transfer, so we only care about the blacklisted event. 

That's something we must also filter. So, looking at these columns on the side, we've got data index topics 1…2…3…4…okay, so what are those right? 

This part, we kind of touched upon, but let's go back to this particular transaction one more time. We should review it as we have previously. So, looking at different topics and positions, the first index topic is zero which is associated with this event declaration. 

So, blacklisted address. And then the second is the parameter from the second person associated with it. So, an Etherscan starts with zero, so zero one… two…three…apologies, a little bit confusing. 

On the Dune side, the Dune topic starts with 1234. But effectively, it's just saying the first position will be a declaration and then from the second to the fourth position will be the parameters. 

Alright, so now because of that, we know we're filtering for blacklist event declarations. So we know that we're filtering for topics equal to blacklist. Well, we can just type in blacklist. That doesn't really work. We need to find this long encoded string of blacklisted…

So how exactly do you do it? There are a few ways if you're lucky enough. You already have this transaction. Obviously, you can copy paste topics…the first topic here…but another way is that you can select the distinct topics associated with this contract address from Ethereum locks. 

That's another way you can also do that. But I'm going to show you an even cleaner and faster way of doing it. So this requires us to go back to the USDC contract. 

So if you're gonna switch back to this tab, remember, we got to this tab by going into USDC's contract, and then replacing the Etherscans URL a little bit by going to the death data net. And then that's how we come upon the contract for USDC.

Jackie  20:22  

So now, I already know, based on this side of the transaction, I'm looking for something. So I can just switch back to this tab, I'm going to Ctrl F for blacklist. And then I also know that I'm looking for an event. 

It also helps you because if I didn't blacklist you can see there's like 73. It's way too much to filter. So, if I do event blacklist Tada, okay, cool. 

Now I've come upon this event, declaration signature, where, okay, I have blacklisted and address. So, I am just going to copy this with Ctrl C, and then the next step is that we need to encode this to be something that looks like what we saw here on-chain. 

How do we do that? We are going to employ a tool. Let me open that. And definitely, if you have not come across this, you should definitely bookmark it, it's very useful. This is a keccak 256 online hash functions. It's going to use keccak 256 to help us encode this. 

Okay, so it's going to be exactly like that, meaning that there cannot be space in between because once I type in a space, the output, the hash is completely different. 

So there cannot be space. And then you only need the type of the parameters. So not the name, not anything else, just the type. So here the type is an address type. And then the case matters. 

Here, I have a B as upper block case. What if I make it lower block blacklisted? It completely changes again. Okay, so now, I have my FFA, starting hash, and then I'm going to copy this part. 

And then just to prove to ourselves going back to the screenshot, that on this side, we can also say starts with FFA…four or so. Yeah. So this is something that you can do, just like you can also encode these event declarations yourself. 

Okay, so coming back to our query here, I'm going to apply a lower bound just in case. And then this is a string. And then just to format it, I'm going to add a 0x in front of it. So this is for a blacklist to event. 

Let me zoom in a little bit, so we can all see. Let me hide this for now. We will use this a little bit in the future. Okay, cool. Perfect. So now, we've filtered for USDC blacklisted event, right? And we are ready to grab the information we need. 

I'm going to open this one more time. Okay, so something that we're interested in, possibly, we'll want to see the timestamp. And possibly, we should grab the transaction hash, so I always like to grab the transaction hash just to confirm that the result is correct. 

And then this is the part that we really want. We want to know the addresses. Okay, so how do we know the address been blacklisted? Remember, we talked about the topics here, topic 012. So, from the second position on, it's going to be the parameter for this event declaration. 

And we also know that the only parameter that exists in this declaration is the account address that has been blocked. So naturally, we know that in order to get the address of the blacklisted event, we need to go to the second topic. 

Okay, so that is what we're going to do here. We're going to grab topic two, and we are going to run it and see the results. And yeah, so obviously, everyone has a different habit to format SQL queries. 

And I've recently just been converted to the left comma club. Yeah, it's much nicer you can comment it super easily once you do this. Actually, I made a mistake. See, no, it's running for 30 seconds already. 

I'm gonna cancel it. So, this is the part where there's so much data that’s inside of this. I'm going to have to write a filter to make it better faster. I'm going to filter upon the time, and we know that we're looking for the blacklisted address. 

On August 8, that's exactly what we're going to filter for. So block time is greater than 2022 0808. And then also block time is less than 2022 0809. Okay. Let's do that one more time. 

So, remember previously when I didn't add the filtering condition? I was like running for more than 30 seconds. Now in just seconds, it’s fetched me the results. When we filter by time, it's going to greatly speed up the quarry. 

Yeah, so now we can see…all right, we have the time, and then the transaction hash where a particular address is blacklisted. So, let's just go to the transaction, let's see if that's indeed what happened. I'm copying this transaction hash. 

And then I'm gonna just go to Etherscan one more time, and I'm gonna type in this transaction hash, and look it up. And from here, I already see the initiator, the frame of the transaction is the USDC blacklister. 

And then we can go where we normally look…the logs are indeed a blacklist event. So, this is how we can systematically find all the events that’ll be blacklisted. 

But if we see…okay, so this is the address being blacklisted. It starts with 610b. And if we come back to the side, our result looks like it’s not really there…just like a padding, right? So why is that? 

It's because these topics have a preset amount of like allocated size. So, it's 3032 bytes. And then, with the wallet addresses, they also have like a preset amount of how large they are. They can be like 20 bytes. 

And then each byte is two characters in our case. So what we need to do here is effectivel ttruncate all the zeros. And then we only take the 20 Bytes where the wallet address is actually sitting in. 

So that's what I'm going to do now. I'm going to do a substring function, and I'm just telling sequel, “Hey, I would like to grab the characters from the 20…actually from the 27th position on for 40.” So, why is that? Right? 

We said that. Just there's like 32 bytes in total, for this allocated paren. So times two, we have like 64. Actually, we don't even need to do that. So 34. Actually, let's do this. Let's do 34 minus 20. Because 34 is 32 is the allocated, right and then 20 is the wallet length. 

So, we arrive at 12. Right? So the 12 is the byte and we need to convert it to like characters. So times two is 24. Right? But then we see this is also a string column. And then there's two more characters in front. So we add two, here. 

And then that's how we derive…we need to skip 26 characters, right. So, that's why we start from the 27th position. So, hopefully that made sense. From the 27th position, we want to grab 40 additional characters. 

Why is that? Because while the address is 20 bytes, 20 times two is 40. All right, so that's what we are going to do here. And then just to format it nicely, I'm going to concatenate append, the 0x in front of it, and then I'm going to call it a banned wallet. 

Okay, so now substring typo. So now, when the results come out, it should be as clean as we see on Etherscan. Yeah, so now, the wallet addresses are like expected format. It's really, really nice.

Jackie  29:38  

But yeah, so that is how we can systematically grab the wallet addresses that are being blacklisted on August 8th. But as we see, this is a pretty long journey, right? 

We had to understand log table and what contract address it’s associated with and like topics one…topic two. Only one with topic two, we had to know the bytes of the wallet. It's just like so much manual work that we have to do. 

I'm going to show you an easy way to do this with the Decoded Table on Dune. So Decoded Table is basically Dune and the community members of Dune helping us to skip all these complicated manual process. So, I'm going to go to decoded projects. 

And then I know what I'm concerned with projectwise is Circle. I'm going to type in Circle here, and I'm going to click into Circle. I know I care about the USDC at this particular moment. 

So I'm going to come here, and then I know I care about blacklisted event, right? We've like homing in on this like a couple times. So I'm going to do my normal select from and blacklist. 

Okay, so coming into here, and then examining the Dune columns, we already see how beautiful is that it already has an account a column for us to to query, how beautiful we don't need to do any of those things. 

So, let's just filter for our normal ones. Let's filter by the time and then see. And I see here that the Time column is named a little bit differently. So, I'm going to replace that. And I'm going to do the same thing I was doing. 

I would like the event to be Time. I would like to have the transaction hash. So, I want to check, and then I'm gonna have the account as the…yeah, we can start running this. I'm gonna just…and obviously we can't name this again as brand…wallet…yeah. 

And like if we want to, we can also rename this column to be exactly the same as previously. I'm going to hide this now. Why not? Let's just do that as transaction hash then as block time.

Jackie  32:05  

Alright, so the results of this, as you can already see, we have skipped. Quite a lot conceptually. Okay, we need to know the contract address topics and topics do right. So here, let me just open this a lot more. Tada. 

It's like the same thing, as we see before, but so much faster, and so much cleaner. Right. So now I'm going to save this query. Let me make this a little bit smaller, so I can do things. 

So here on the top right, I'm going to click Save button. I'm gonna say blacklisted addresses “August 8th USDC.” And then I can see…run it again. 

And then also, once I have this, I can create a visualization here. There's not a lot of visualization we can do. We can just create a table. 

But as you can see optionwise, if it's suitable, you can create bar charts, area charts, scatter bar chart, and then if you've done any visualization in the past…let's say Python Altair…it takes like 30 minutes to just do a nice chart. 

But like with Dune, you can automatically generate one in less than one minute. And once you generate the visualization, you're also able to offer visualization to any dashboard that you've created. 

So, that's how you can start constructing a dashboard. Anyways, so now we've done the hard work for this particular table that you see in this dashboard by finding the banned address on August 8. 

Let me just walk you through some other on-chain data sleuthing that you can do on Dune, but I'm not gonna build a query from the ground up again. 

So, if you take a look at this dashboard and then take a look at these queries and have any questions, just reach out. But yeah, so on that particular day, let's quickly go back to our presentation a little bit. 

And then if we remember, so banteg tweeted Circle froze 75,000 USDC. Right? And now you can also derive the same number because everything is public on-chain like you're also equipped with the same power to get the same number. 

So what we need to do here, this upgrade, was just done. We found the banned wallet addresses right for USDC on a particular day, and all I need to do is take apart the query for the front. So the outflow for that particular wallet and then getting the inflow for that particular wallet. 

And then we can sum up the balance and we can further sum up the balance of all the address being banned. So, here we can also derive at 75k ourselves…something else you can also do. 

So here, we can even dig a little bit deeper to ask. Okay, so I know the banned addresses. I'm curious to see how much is stuck in each of these addresses. Okay, so you can also do that. 

And then we can see the number by balance is this particular pool. If I go to this pool, and yeah, our favorite and most familiar pool. We already know…it's the 1000 USDC Tornado Cash pool. And then 70. 

As you know, there's still some of the 1000 USDC inside of this pool. And tada here, same thing, we show the same thing. So, 31k USDC been stuck. And now we might be asking ourselves. Okay, we know the amount, but I'm curious to see. 

Okay, so what are the implications if the ban is applied retroactively? What would happen? A lot of questions we might be asking ourselves…we can also solve for that. So let's…

Jackie  36:19  

…let's go into that. We can go into this particular pool. And then we can investigate for ourselves, the flows of money and the flow of the account. 

So the balance over time, so with a Dune Query and generating the yeah, let me just go into this to to really show you the the results. So basically, you write the query for the inflow and outflow for this pool. 

And once you get the query results, you can quickly create this chart…I was saying by clicking that new visualization…then add to that dashboard. But yeah, anyway, so once we've done the work, we can also see…this pool seems to be deployed, aka come alive on January of 2020. 

And then initially 10k of USDC was deposited. We can go and see, July of 2021, 43k of USDC is deposited but 46k was withdrawn. And then keep going. 

Then we can see, hey, as of this month, August, there is already use 572k, cumulatively that has been deposited into this bowl. And then right now, summing up all the inflows and outflows, we have some 31k, as we have seen above from this chart. We can further understand the pool balance. 

And then these two charts below, we can see how many people have actually interacted like unique wallet addresses, right. So, we can basically see, okay, this month, there's in June, there's like 32, unique depositors, and overall up to like August…there's 328 unique depositors. And then same thing for the withdraws. 

So, this is how you can use Dune to home in — zoom in — on a particular question that you want to answer for yourself. But with Dune, you can also zoom out to see what has happened over time. 

So, what do I mean by that? So previously, we've looked at, on August 8, what happened to the amount of money frozen addresses span…but we can also just look at the entirety of USDC being live…start banning people…the amount of that's frozen…

Up till now, there's about $4 million being frozen USDC. And actually, this month, the amount being frozen on the Ethereum chain is not that much compared to other time historically. Like in June, there's like 1.3 mil. Then last November, there's like even 1.6 mil so yeah. Also, we can see the amount of addresses that are blacklisted. 

So this month, there's 39 accounts being blacklisted already, but previously, there are just individual accounts. That gives us some interesting insight. We can see there's pretty much no correlation between the amount of addresses being banned and the amount of USDC being frozen. 

Yeah, so you can just do similar things for yourself on-chain and just derive the same insights for anything else in the future that you want to ask yourself. And then below these two tables, similar to what I've seen before, we can find out the transactions that like banned the addresses. We can see the date that they're being banned, and we can see like how much are actually stuck or frozen in each of these band addresses. 

All right. So, that is all for what it means by OFAC sanctioning Tornado Cash and using USDC to help us understand like on-chain sleuth like what exactly does that mean? I will open up the floor for more questions. Okay, I think you're on mute, Boxer.

Boxer  40:27  

That is my bad, well done. That was a good presentation, and people really seem to like it. If there are any more questions, we didn't really get that many questions. I was able to answer a few in the chat. 

So I think one person…let me look for this. There were two questions that were basically more like, what are the implications of this. So, will all US-based Web3 projects have to block all these addresses? 

Circle very much had to do this because they're in direct control of the USDC contract. So they're able to change the proxy contract, and they have this blacklist function. It's issued by Circle. 

So, that's why does Circle have to comply with this? How has it played out over the last few days? In a lot of cases, either projects are not based in the US, and I want to say, don't give a fuck, but they're probably still concerned. 

But it's not something that directly influences them. And what we've seen in most cases, so I think the most prominent cases are Uniswap and Aave Balancer. They are basically all censoring these addresses on the front end. 

And they're not even just censoring addresses that are on the sanctions list. But in some cases, they're also censoring addresses or like blocking them from interacting with their front end, not with the protocol. They can't do that on the smart contract level. 

But with the official Aave front end, or with the official Uniswap front end, some addresses that have received money from Tornado Cash have also been blocked. Whether that is necessary or not. 

That's the story that, like the lawyers of Web3 and crypto, will have to find out in the next few weeks. There's a big controversy about Uniswap and Aave blocking, blocking access to their front ends to these addresses. 

But in general, yes, if you are a US-based project, you would have to follow these rules. Otherwise, you're in big trouble. This second order effect of “do I have to sanction addresses which have interacted with Tornado in the past”? 

That is something where — I'm not familiar, I'm not a lawyer like no advice — that is something that is still being figured out. And it's not quite clear what the is situation there. And then Cookie also had a follow-up question, which is, what will happen to Web3 projects that don't have a blacklist functionality?

That actually leads me to explain. So the other protocol like the smart contracts that are on-chain, they are owned by the Aave DAO. There is no real legal entity that is able to be sanctioned by the US or something. 

But the other I think it's Aave Labs. I think that's the name for this — the organization that developed Aave — that thing is able to be sanctioned. 

The Aave DAO which owns the smart contract that is not able to be sanctioned because it's a DAO who owns this DAO. What's the legal entity behind this? Of course, also, like lawyers will still have to figure this out. 

But the current situation is pretty much, when there's a DAO in charge of the protocol, their protocols will block their front ends from these sanctioned addresses, and from some addresses, which have interacted with Tornado Cash in the past. But you can't block this on a smart contract level because, first of all, it's not technically possible, and they won't have to shut down. Second, they're probably like the smart contract addresses owned by a DAO. 

So, there's no real entity that the OFAC or the US Treasury or whoever enforces the sanction could really go after. I hope that monologue explained it.

Boxer  44:48  

Are there any more questions that came in? Okay, okay. Loving Dune. Brilliant presentation.

Boxer  44:55  

Please convey my thanks. Okay. There it is. Coming up there it is. So alright, I think that finishes this. So yeah, thanks all for for tuning in. 

We will probably do this every two weeks, but we will see how high the demand is and how well this works. And yeah, see you at the next Dune Arcana. Bye, bye guys.

Jackie  45:33  

Let us know if you have any feedback about the session or questions.

Jackie  45:37  

All right.