Andre Cronje’s “I test in prod” statement is not as bad as it seems.
The founder of Yearn finance, Andre Cronje, has seen a fair share of criticism lately as he deployed some smart contracts that ended up losing people money. Cronje defended himself in a blog post and explained why he believes he shouldn’t be held responsible for those who “ape in” his testing contracts.
Cronje will often place large disclaimers urging people to treat them with caution and not just go in because he built it. Little can be done to prevent this, given the permissionless nature of these products. Nevertheless, Cronje was sometimes criticized for not deploying contracts on testnets, where no real money could be lost. His “I test in prod” adage also turns some people away, as it seems to imply a careless attitude toward security.
Cronje explained that he does in fact test software in multiple stages. “[The statement] exists to deter people from just using systems without investigation. It does NOT mean that I don’t test,” he wrote.
Before a contract makes it to the mainnet, it goes through a rigorous process of unit, interaction and composite testing. These make sure that each part of the contract is working as intended, down to individual functions.
However, a key part of that process is testing in production to achieve the most realistic conditions. He explained that the mainnet provides the best possible tools and conditions, which cannot easily be replicated locally. “I have discovered issues on mainnet I never encountered locally, I have failed to replicate mainnet systems locally, and I have encountered errors locally that I can’t replicate on mainnet,” he explained.
Furthermore, there are many versions of existing products like Yearn Finance that were deployed to mainnet without getting discovered. “There are over ~22 ‘yearns’ on ETH mainnet. There are over ~5 ‘YFIs’ on ETH mainnet,” he added. In a conversation with Cointelegraph, Cronje said that the reason why his primary projects were never hacked was, “ironically, because I test in prod.” With this approach he says he is able to iterate over the real issues that come up, instead of relying on auditors to review pre-production code. “And if people just wait till I actually launch the product, all will be fine,” he added.
One case of people getting burned on Cronje’s smart contracts involved one of these testing playgrounds, which were still at least a few weeks away from public release.
Addressing these issues, Cronje noted, “I don’t build for speculators.” While he said that he could not rationally understand the people who rushed into his test environments, he seems to have conceded that a more pragmatic approach may be needed. “I have more thinking to do on this,” he concluded.
In the meantime, he pledged to not use his well-known deployer address to conduct further tests. Given the number of previous contracts that went undiscovered, this may be enough to prevent further unfortunate occurrences.
The post follows another instance of people losing money over one of his contracts, an unnamed project often referred to by its token ticker, LBI. The contract was deployed on mainnet on Oct. 13, immediately triggering a torrent of people putting their money in it — often saying that it’s “the new YFI.”
The token’s price fell immediately after, with many stories of people losing small fortunes over it. A barrage of criticism against Cronje was levied by many market participants, blaming him for the loss. It’s worth noting that this price decline was not the result of any kind of malfunction, as the contracts themselves were not compromised.