Meson Network
MSN
Target Name
Meson Network
Ticker
MSN
Strategy
short
Position Type
token
Current Price (USD)
0.5
Circulating Market Cap ($M)
-
Fully Diluted Market Cap ($M)
-
CoinGecko
The Facade of Open Source: Meson Network
24 Jul 2024, 05:35am
Open-source software thrives on the principle of transparency, allowing anyone to scrutinize and verify the code. In the realm of blockchain projects, this transparency is paramount to guaranteeing the security and fairness of the system. By shrouding the DEPIN infrastructure’s logic in obscurity, Meson Network impedes independent verification of its functionality. This lack of openness raises serious concerns about potential manipulation or concealed vulnerabilities within the system. This tactic directly contradicts Meson’s claims of transparency and fostering a collaborative community. If Meson Network is genuinely committed to open collaboration and building trust within its ecosystem, it should strongly consider open-sourcing the entirety of its codebase, particularly the crucial components governing DEPIN operations.
Meson.network cultivates an image of radical transparency, boasting on their website that ‘The Meson Network is built almost entirely on open source code’ and actively encouraging community participation. However, a closer examination of their Github repository exposes a potential manipulation tactic. While the repository makes the user interface (UI) code accessible, the core functionality resides within a compiled, closed-source library. This creates a misleading impression of openness, essentially offering a window into the system’s aesthetics but keeping the critical logic under wraps.
Uncovering Unsafe Practices
An investigation into the open-sourced Android code of the Meson.network application yielded a significant discovery. The user interface (UI) relies on a third-party library identified as com.gaganode.sdk. While the utilization of external libraries is a common practice in software development, the specific implementation in this case raises security concerns. The cause for concern lies in the nature of the com.gaganode.sdk library – it is distributed as a pre-compiled binary.
Pre-compiled binaries are essentially opaque blocks of code. Unlike standard open-source libraries where the underlying code is freely available for inspection and verification, pre- compiled binaries offer no visibility into their internal workings. This lack of transparency hinders independent security audits and makes it impossible to verify the library’s functionality and potential vulnerabilities. Even the existence of a dedicated Github repository for com.gaganode.sdk proves to be a red herring, as it merely mirrors the concerning practice – the repository solely contains the compiled binary, offering no insights into the library’s source code.
Furthermore, anecdotal reports circulating within the project’s Discord channel suggest that anti-virus software may flag certain executables within the Meson.network application.
Fake Encryption
Our analysis of the Meson.network codebase revealed a disturbing combination of security vulnerabilities. The code itself exhibited signs of poor coding practices and inadequate network management, further compounded by a complete lack of updates. This raises serious concerns about the overall security posture of the application.
One particularly egregious vulnerability involved a remote command functionality supposedly protected by single-byte XOR encryption. This method, essentially a simple XOR operation with a single byte key, offers virtually no real encryption and can be trivially broken.
By analyzing the encrypted data for patterns consistent with these predictable byte values, an attacker could readily determine the entire key and decrypt the remote commands. This vulnerability essentially renders any remote functionality wide open to manipulation.
Since the remote commands are not truly encrypted, a malicious actor could potentially exploit this weakness to hijack any device running the Meson.network application. This raises a critical question: why does Meson.network require the ability to execute remote code on user devices in the first place? The purpose behind this functionality, coupled with the use of an insecure encryption method and connection to an unusual server (gtxvdqvuweqs.com, a highly unusual domain for any legitimate purposes), paints a highly suspicious picture.
Team
The Meson Network (https://github.com/daqnext) public repository currently only has two contributors; leolikescoding and sherlock-shi-x. Previously there was four contributors but it seems two of them have been removed? As a project that’s seems to be ‘almost entirely open source’, it seems that there are shockingly few commits made to this project, with most of the commits being close to their launch date.
1. Meson Cloud Desktop – Not updated since 20th Sept 2023
2. Meson Network Terminal – Not updated since 29th May 2023
3. Meson Cloud Client – Not updated since 27th April 2023
There is a possibility most of the work is done in a private repository, which contradicts Meson’s ‘almost entirely open-source’ claim and leaves the possibility for malicious code open.
To further show this:
One of the contributors, bitruss, has ‘starred’ several repositories on creating Trojans and code that bypasses the Chinese GFW.
This further points to our conclusion of Meson’s ulterior goal: To rent out ‘miners’ IP addresses in order to bypass the Chinese firewall, as opposed to their ambitious plan of training LLM’s.
Mass Exodus of Node Runners
Meson’s active nodes have dropped over 82% since launch, from 90,000 nodes to just 16,000, which could be seen on their node dashboard, https://explorer.meson.network:1984/, which has since been taken offline.
This makes Meson’s goal of ‘training LLM’s’ hard to achieve as recent studies state circa 10,000 H100 GPUs would be needed to train an LLM within 1 month (https://community.juniper.net/blogs/sharada-yeluri/2023/10/03/large-language-models-the-hardware-connection).
Current infrastructure cannot support this.
This presents a problem as they also need to acquire customers for this business model.
Currently Meson simply resells your IP addresses via their sister site, IPCola.
$MSN
Coinlist Participants are down 72% from raise price of $1.75. They are dumping hard at every unlock.
Founding team have shady Github accounts, starring repositories for trojans, as mentioned above:
During the Testnet Airdrop, a spreadsheet was released from the team showing allocations for each wallet
https://docs.google.com/spreadsheets/d/1oPw3Ve1tR7XzS9jGokFYAVl0PeGNQUTaYyBwLx5GrMc/edit?gid=37328979#gid=37328979
The top allocation shows an airdrop of 978 $MSN, yet upon further investigation of the claim contract (0x1eb4a2620b909a8838e0e24a8e912bd32f4a47a3), we see claims of much higher amounts:
0xb84b76083a6ba0e5ae57e65be64c9d6009e6762f: 2,924 MSN
0x7dcbefb21116efb701514938cc8526f92a0a8f25: 2,105 MSN
0xb3e539ac40c9974d19556590ae5a70a99038429c: 1,473 MSN
0x9b1a57Da441D6d1e9A1DC48323709338b2b4b345: 44,445 MSN
0xe7144F9F5F4100D4AD07c4F41fDA2Fd36D4D05ee: 119,048 MSN
0x987f10f336b498d71B5e2cB22267712Bda141F96: 116,667 MSN
This is just a sample of the suspicious accounts. Strangely, most of these accounts have almost exclusively MSN transactions, with 0 other interactions apart from it.
This points to the fact that the team themselves, were claiming $500k-$1.5M+ worth of tokens from the airdrop contract through dummy accounts.
Conclusion
Overall, Meson Network’s questionable practices or claiming ‘open-source’ development, with an outright false statement of using nodes to train LLM models instead of the true purpose of bypassing Chinese Firewalls and reselling your IP address as a proxy on IPCola. It seems unlikely that it will make a comeback and regain the faith of its community. A deserted discord channel with no response from staff further highlights this issue. This also questions whether they will ever get customers for their ‘LLM training’ business model or even be able to support it from it’s low level of nodes.
We would suggest that placing a short on this token would be the best course of action in order to profit from this.
$MSN can currently be shorted from OKX, BloFin, KuCoin, MEXC and Gate.io with the majority of volume on OKX and BloFin.
•
•
•
Affiliate Disclosures
Neither BIDCLUB nor PHATPITCH LLC represents or endorses the accuracy or reliability of any advice, opinion, statement or other information displayed, uploaded, or distributed through BIDCLUB by any user, information provider, or other party. PHATPITCH LLC is not a broker, a dealer, or investment adviser. Nothing in BIDCLUB constitutes an offer or a solicitation to buy or sell any securities. BIDCLUB prohibits the sharing of material non-public information (MNPI), but assumes no responsibility for member conduct or associated risks. Nothing in BIDCLUB is intended as specific investment advice and no individual should make any investment decision based on any recommendation or analysis provided on BIDCLUB. You acknowledge that any reliance upon any such opinion, advice, statement, memorandum, or information shall be at your sole risk, and you bear sole responsibility for your own research and investment decisions. See full
Terms and Conditions.
love this, want more short ideas
Key points missing for a short idea though are market cap (e.g. is this actionable) and any positioning/technical considerations