CIP#xx - Enforce Curve's IP Rights

Summary:

Contrary to popular belief, Curve has valid and enforceable IP rights in its software code. Pursuant to the LICENSE, Curve can and should protect its position in the marketplace with enforcement of those IP rights. Profits from such enforcement should benefit veCRV.

Abstract:

Curve has proven incredibly popular, with over $10B deposited, hundreds of millions in daily volume, and around $1M/week in earnings to veCRV holders. This places it among the top of all exchanges in crypto today, even rivaling publicly-traded CEX’s (see, e.g. https://twitter.com/lawmaster/status/1404525294426406917?s=20). Those CEX’s protect their IP on behalf of their shareholders and there is no reason why Curve, just by virtue of its DAO organization, should not protect itself for the benefit of veCRV holders too.

The value of Curve’s IP is not just in keeping out competition, but also in protecting Curve’s ability to recruit talent and bug hunters. Curve pays bug bounties, has and recruits employees, and spends significant sums (which if paid in CRV dilute the veCRV holders) on new products such as tricrypto. Since CRV is the currency of this, if something damages the value of CRV, it damages this work. Simply stated: if others can violate Curve’s IP, it decreases the value of CRV/veCRV. veCRV holders are particularly at risk in this case as they cannot promptly sell if Curve does not enforce its rights and loses its market position before their lock expires.

Enforcing Curve’s IP is not a purely theoretical notion. For example, Saddle Finance has been accused of wholesale copying of Curve code. Amusingly, Saddle itself claims IP rights in “its” code.. Saddle’s three main faces are all located in the USA, as are their three advisors. Saddle is also backed by at least nine well capitalized venture capitalists. Discovery in US or other courts of competent jurisdiction could not only determine liability for Saddle itself, but potential contributory liability if the VC’s or advisors funded wilfull infringement.

I propose Curve engage competent counsel both in the USA and (to the extent Saddle or other infringers or their VC’s have identifiable assets abroad) other relevant jurisdictions. In the USA there is a very active market for contingent-fee plaintiff side IP counsel, so Curve could begin asserting its rights potentially without any cost to veCRV. This should not just be for Saddle but for any infringer.

Motivation:

Curve has created something great. IP infringement is not only wrong, it’s value destructive both for the infringer (who wastes time copying instead of creating) and the infringed (who loses value of creation). VC’s investing in projects that infringe are scum and Curve should gleefully return their ill-gotten gains to veCRV holders.

This will also set an important precedent in DAO’s and DeFi that decentralization does not mean that VC’s get to steal from communities.

Specification:

Curve should review any proposals from law firms, make them public, and put them up to a DAO vote. Any proposed settlement should also be subject to DAO vote.

This should not just be aimed at Saddle. Curve should have an ongoing anti-infringement campaign.

For:
Protect veCRV value by protecting Curve’s IP. Potentially return ill-gotten gains to veCRV holders. This also encourages potential copycats to make a fair arrangement with Curve (i.e. Ellipsis) that benefits veCRV holders rather than just copying.

Against:
Infringers won’t like this. Some members of the community may not like the look and PR of Curve asserting its IP rights.

Poll:

This is a very good proposal. “This also encourages potential copycats to make a fair arrangement with Curve (i.e. Ellipsis) that benefits veCRV holders rather than just copying.” This is exactly what we have been trying to enforce but I do agree that making it official and more “legal” should incentivise projects to not play around.

It all makes a lot of sense, just afraid this would make CRV and veCRV a security and bring a lot of pain to everyone, more than non enforcing IP rights.
Should be checked by a law firm in the USA imo

Completely agree this can be part of any analysis of the best path forward. Probably should also include making strategic decisions about the best structure for ownership of IP within the Curve ecosystem going-forward.

Expectation:

You: “Judge, this cat on the internet rewrote my smart contract code and it violates my IP”

Judge: “Jail!!!”

Reality:

You: “Judge, this cat on the internet rewrote my code and it violates my IP”

Judge: “Oh, the same code for an asset that’s most definitely an unregistered security in the US? Do you’ve a money transmission and a million other licenses required to be compliant btw? And who’s this 0xc4ad deployer; surely your own team larping as anon to avoid regulatory scrutiny?”

Anon cat, meanwhile: doesn’t give a fuck, simply operates out of a jurisdiction that’s not the US, deploys your own code (not even rewrite) using ether routed through tornado cash, even worse, sets fees explicitly to 0 and forks out the unnecessary tokens with each pool setting their own fees

I know OP has good intentions (and makes valid points why VeCRV holders should be concerned) but this is disappointing to say the least. But maybe that’s on me for hoping crypto will always remain punk, either way I strongly think this license enforcement stuff is a turn off for most talented programmers who’re “in it for the tech”. Would Satoshi and Hal contribute to Curve if they were around? I think not.

Obviously I disagree with anon-cat on his conclusion (and also disagree with his concern about whether Curve lacks adequate licenses).

BUT, I think his answer rationally and cogently sets forth the “Against” side of this topic.

Happy to see what the larger community thinks, this is a crucial discussion that we can’t keep delegating for later so thanks for bringing it up.

In addition to my post, the other point just comes down to “Do we want to kick the hornets nest (the US, cats on the internet who can afford to not care) by setting a precedent?”. When I think of curve’s moat, I don’t think of incomprehensible math or the IP stuff, it’s always been the team who I trust to iterate rapidly to blow out any competition out of the water (see: uniswap v3). The same team the other forks lack if/when an exploit happens + someone has to fix it at 3 am in the morning.

Also the deeply rooted DApp integrations (yearn et el) and it’s hard not to see how the license can come in the way: https://twitter.com/curvefinance/status/1404682025563533312?s=21

The best thing we ever did in regards to Swerve was when we started to ignore them; I think likely that’s the best course of action here. The only reason one should fear copy-cats is if you fear they may be more competent.

Is the code owned by the DAO or is it owned by Michael Egorov and the DAO has a perpetual license for use? Might seem like a small detail but in the latter case, I think Michael would have to be the plaintiff, not Curve.

Also, we should encourage friendly forks which can benifit veCRV holders

Excellent question and exactly the sort of issues this proposal would aim to lock down. The license document on github suggests it’s owned by Curve, not an individual. But under US law an exclusive licensee can also bring an infringement claim so the own/exclusive licensee topic may not prove critical. Either way, these sorts of issues need clarity, focus, and, when appropriate, legal enforcement.

good point made here.

Even if legal action is possible (I’m not convinced it is at this point), I’d prefer it be the last option. If we can work with Saddle to share ownership with veCRV or even poach their developers, I’d rather go that route. Might also be an unlikely strategy, but I prefer a strategy that appears more collaborative and aligned with the values of the DeFi community.

Agree with the sentiment here - it’s important for Curve to establish a defensible position against IP infringement.

However, the power it yields should be used sparingly - getting embroiled in legal battles can become extremely distracting for the protocol/DAO. Also Curve should act from a place of strength, as the intellectual moat (and community) it has built up around the IP can’t just be forked.

Most competitors will go the way of Swerve, and other fork-dramas (Uni-Sushi) have not ultimately hurt the forkee (e.g. since June 1, 2.4MM Uniswap swaps vs. 142k Sushi swaps) and created more industry competition (healthy).

TL;DR This is smart, but only if used wisely.

I think this is delusional, ill-advised, and destructive to our brand.

We stand to do much better by being collaborative; composability is tantamount to Curve’s long term success.

There’s no legal cure that would be material for Curve, especially in light of future anon forks.

We should be focused on V2, expanding the suite of pools, and ensuring we’re generating value for CRV and veCRV holders.

There are hundreds of pools and metapools that we’re missing that could double or triple our volumes.

Absence of litigation is a typical representation in a lot of VC agreements. This won’t work for token-based transactions, but where VCs are investing in a traditional company with equity / terms sheets, etc. If timed right, it could derail their deal. Generally, well-written angrygrams from lawyers usually have a chilling effect on deal making for many VCs who reject dozens of good opportunities for every one that they invest in. Why go for the dirty shirt when there’s a clean one over there? So even for the token-based transactions, if a copy is sent to the VC in advance of the deal, it could slow things down at least.

I’m not sure putting the litigation / proposal up for DAO is the right strategy though. Some governance structure should be investigated, but legal strategies that can be seen by the adversary are bound to fail.

What I would also say is watch what Uniswap do - there’s already a uniswap v3 clone on the BSC.

This won’t eliminate the clones, but it’d at least discourage certain types of them in certain jurisdictions.

Clearly there are lots of other issues identified that need to be investigated, notably the concept of whether this would raise more problems than it solves (e.g. would that turn CRV into a security for US law purposes, which is a more complicated matter than I actually pretend understand). But those can be researched as a next step before proceding further.

It also requires a different skill/knowledge set and mentality than authoring the next version of Curve, negotiating with other protocols around different types of pools, and other value added activities. That can be outsourced and should not detract from those.

Just want to reiterate this point because I believe it can’t be said loud enough:

This is definitely delusional. I’ve developed software & chased after some IP for it. It’s almost completely unenforceable except for copyright infringement. And copyright infringement is primarily only enforceable if it’s a direct copy (in whole or in part). The “infringer” (saddle) who triggered this nonsense definitely did not copy the code in whole. Based on a cursory review it wasn’t copied in part either.

TL;DR you’re chasing your tail. Chase after improvements to the protocol & stop acting like TRAD BANK.

I really appreciate your insight that this issue and ongoing dev are totally separate questions which would not detract from each other in terms of time/attention. To me that’s the beauty of a DAO: people and resources from different perspective collaborating for a better project than anyone could ever do solo.

Under the Howey test, a cryptocurrency would be considered an “investment contract” (which is included in the U.S. definition of “security”) when there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others. The most recent guidance published by the SEC (Framework for “Investment Contract” Analysis of Digital Assets) indicates that the SEC would potentially view a cryptocurrency as a security if there is a somewhat centralized or coordinated group making significant decisions and managerial efforts that impact the success or failure of the cryptocurrency. Under this framework, most cryptocurrencies fall in the “security” bucket unless it is very decentralized, its intended functionality is largely realized, and/or there is no expectation of profit.

Don’t get me wrong, curve and its team are awesome, but this is pretty lame. If curve wants to maintain its lead, it should innnovate.