diff --git a/bin/lamassu-server b/bin/lamassu-server
index 72621dbc..10eb672d 100755
--- a/bin/lamassu-server
+++ b/bin/lamassu-server
@@ -27,9 +27,11 @@ if (!httpOnly) {
 
 options.mock = argv.mock
 
-var server = createServer(options)
+console.log('DEBUG23')
 
-server.listen(port, function () {
-  console.log('lamassu-server listening on port ' + port + ' ' +
-    (httpOnly ? '(http)' : '(https)'))
+createServer(options)
+.then(server => {
+  console.log('DEBUG22')
+  return server.listen(port, () => console.log('lamassu-server listening on port ' +
+    port + ' ' + (httpOnly ? '(http)' : '(https)')))
 })
diff --git a/lib/app.js b/lib/app.js
index 491878ff..64eefd48 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -24,63 +24,71 @@ module.exports = function (options) {
 
   console.log('DEBUG6')
 
-  configManager.load()
+  return configManager.load()
   .then(config => {
     console.log('DEBUG5: %j', config)
+    console.log('DEBUG8 ****************')
+
     plugins.configure(config)
+    console.log('DEBUG9.1 ****************')
     plugins.startPolling()
+    console.log('DEBUG9.2 ****************')
     plugins.startCheckingNotification()
-  })
+    console.log('DEBUG9.3 ****************')
 
-  app.use(bodyParser.json())
+    app.use(bodyParser.json())
 
-  var authMiddleware
+    console.log('DEBUG9 ****************')
 
-  if (options.https) {
-    var serverOptions = {
-      key: options.https.key,
-      cert: options.https.cert,
-      requestCert: true,
-      secureProtocol: 'TLSv1_method',
-      ciphers: 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
-      honorCipherOrder: true
+    var authMiddleware
+
+    if (options.https) {
+      var serverOptions = {
+        key: options.https.key,
+        cert: options.https.cert,
+        requestCert: true,
+        secureProtocol: 'TLSv1_method',
+        ciphers: 'AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
+        honorCipherOrder: true
+      }
+
+      server = https.createServer(serverOptions, app)
+
+      authMiddleware = function (req, res, next) {
+        next()  // TODO: authentication
+      }
+    } else {
+      server = http.createServer(app)
+
+      authMiddleware = function (req, res, next) {
+        req.device = {}
+        console.log('DEBUG2')
+        console.log(req.route)
+        return next()
+      }
     }
 
-    server = https.createServer(serverOptions, app)
+    if (options.mock) logger.info('In mock mode')
 
-    authMiddleware = function (req, res, next) {
-      next()  // TODO: authentication
-    }
-  } else {
-    server = http.createServer(app)
+    var localApp = express()
+    localApp.use(bodyParser.json())
+    var localServer = http.createServer(localApp)
+    var localPort = 7070
 
-    authMiddleware = function (req, res, next) {
-      req.device = {}
-      console.log('DEBUG2')
-      console.log(req.route)
-      return next()
-    }
-  }
+    console.log('DEBUG7 ****************')
+    routes.init({
+      app: app,
+      localApp: localApp,
+      plugins: plugins,
+      authMiddleware: authMiddleware,
+      // reloadConfigMiddleware: reloadConfigMiddleware,
+      mock: options.mock
+    })
 
-  if (options.mock) logger.info('In mock mode')
+    localServer.listen(7070, function () {
+      console.log('lamassu-server is listening on local port %d', localPort)
+    })
 
-  var localApp = express()
-  localApp.use(bodyParser.json())
-  var localServer = http.createServer(localApp)
-  var localPort = 7070
-
-  routes.init({
-    app: app,
-    localApp: localApp,
-    plugins: plugins,
-    authMiddleware: authMiddleware,
-    // reloadConfigMiddleware: reloadConfigMiddleware,
-    mock: options.mock
+    return server
   })
-
-  localServer.listen(7070, function () {
-    console.log('lamassu-server is listening on local port %d', localPort)
-  })
-
-  return server
 }
diff --git a/lib/config-manager.js b/lib/config-manager.js
index ca58c313..ddefb820 100644
--- a/lib/config-manager.js
+++ b/lib/config-manager.js
@@ -57,7 +57,8 @@ function fallbackValue (crypto, machine, instances) {
   const pickValue = arr => R.find(instance => matchesValue(arr[0], arr[1], instance), instances)
   console.log('DEBUG11: %j', permutations(crypto, machine))
   console.log('DEBUG14: %j', R.map(pickValue, permutations(crypto, machine)))
-  return R.find(notNil, R.map(pickValue, permutations(crypto, machine)))
+  const fallbackRec = R.find(notNil, R.map(pickValue, permutations(crypto, machine)))
+  return fallbackRec && fallbackRec.fieldValue.value
 }
 
 function generalScoped (crypto, machine, config) {
diff --git a/lib/plugins.js b/lib/plugins.js
index e3a387b7..7418e479 100644
--- a/lib/plugins.js
+++ b/lib/plugins.js
@@ -32,8 +32,6 @@ const TRADE_INTERVAL = T.minute
 const TRADE_TTL = 5 * T.minutes
 const LOW_BALANCE_MARGIN_DEFAULT = 1.05
 
-let cryptoCodes = null
-
 const tickerPlugins = {}
 const traderPlugins = {}
 const walletPlugins = {}
@@ -167,13 +165,22 @@ exports.loadOrConfigPlugin = loadOrConfigPlugin
 
 // Note: this whole function gets called every time there's a config update
 exports.configure = function configure (config) {
+  console.log('DEBUG40')
   console.log('DEBUG4: %j', config)
 
   cachedConfig = config
 
+  console.log('DEBUG41')
+
   const accounts = configManager.loadAccounts()
+
+  console.log('DEBUG42')
   deviceCurrency = config.fiat.fiatCurrency
-  cryptoCodes = config.crypto.cryptoCurrencies
+  // cryptoCodes = config.crypto.cryptoCurrencies TODO: add to admin
+  console.log('DEBUG43')
+  const cryptoCodes = getCryptoCodes()
+
+  console.log('DEBUG30')
 
   cryptoCodes.forEach(cryptoCode => {
     const cryptoScopedConfig = config.cryptoScoped(cryptoCode, cachedConfig)
@@ -192,6 +199,8 @@ exports.configure = function configure (config) {
       }
     )
 
+    console.log('DEBUG31')
+
     // Give each crypto a different derived seed so as not to allow any
     // plugin to spend another plugin's funds
     const cryptoSeed = hkdf.derive(cryptoCode, 32)
@@ -226,6 +235,8 @@ exports.configure = function configure (config) {
     )
   })
 
+  console.log('DEBUG32')
+
   const unscopedCfg = config.unscoped(cachedConfig)
 
   // ID VERIFIER [optional] configure (or load)
@@ -252,6 +263,8 @@ exports.configure = function configure (config) {
     unscopedCfg,
     accounts
   )
+
+  console.log('DEBUG33')
 }
 
 exports.getConfig = function getConfig (machineId) {
@@ -418,7 +431,7 @@ exports.fiatBalance = function fiatBalance (cryptoCode) {
   const deviceRate = exports.getDeviceRate(cryptoCode)
   if (!deviceRate) return null
   const rawRate = deviceRate.rates.ask
-  const commission = cachedConfig.commissions.cashInCommission
+  const commission = new BigNumber(cachedConfig.commissions.cashInCommission).div(100)
   const lastBalanceRec = lastBalances[cryptoCode]
   if (!lastBalanceRec) return null
   const lastBalance = lastBalanceRec.balance
@@ -493,6 +506,7 @@ function monitorUnnotified () {
 exports.startPolling = function startPolling () {
   executeTrades()
 
+  const cryptoCodes = getCryptoCodes()
   cryptoCodes.forEach(cryptoCode => {
     setInterval(async.apply(pollBalance, cryptoCode), POLLING_RATE)
     setInterval(async.apply(pollRate, cryptoCode), POLLING_RATE)
@@ -686,9 +700,11 @@ exports.verifyTx = function verifyTx (data, cb) {
   idVerifierPlugin.verifyTransaction(data, cb)
 }
 
-exports.getcryptoCodes = function getcryptoCodes () {
-  return cryptoCodes
+function getCryptoCodes () {
+  console.log('DEBUG17 TODO: generalize')
+  return ['BTC', 'ETC']
 }
+exports.getCryptoCodes = getCryptoCodes
 
 function sendMessage (rec) {
   const pluginPromises = []
@@ -760,7 +776,7 @@ function checkNotification () {
 }
 
 function checkBalances () {
-  const cryptoCodes = exports.getcryptoCodes()
+  const cryptoCodes = exports.getCryptoCodes()
 
   const balances = []
   cryptoCodes.forEach(cryptoCode => {
diff --git a/lib/routes.js b/lib/routes.js
index 0f95c942..d5ff1c28 100644
--- a/lib/routes.js
+++ b/lib/routes.js
@@ -20,11 +20,11 @@ const pids = {}
 const reboots = {}
 
 function buildRates (deviceId) {
-  const cryptoCodes = plugins.getcryptoCodes()
+  const cryptoCodes = plugins.getCryptoCodes()
   const config = plugins.getConfig(deviceId)
 
-  const cashInCommission = config.commissions.cashInCommission
-  const cashOutCommission = config.commissions.cashOutCommission
+  const cashInCommission = new BigNumber(config.commissions.cashInCommission).div(100)
+  const cashOutCommission = new BigNumber(config.commissions.cashOutCommission).div(100)
 
   const rates = {}
   cryptoCodes.forEach(cryptoCode => {
@@ -42,7 +42,7 @@ function buildRates (deviceId) {
 }
 
 function buildBalances () {
-  const cryptoCodes = plugins.getcryptoCodes()
+  const cryptoCodes = plugins.getCryptoCodes()
 
   const _balances = {}
   cryptoCodes.forEach(cryptoCode => {
diff --git a/todo.txt b/todo.txt
index e859a3e0..396c03af 100644
--- a/todo.txt
+++ b/todo.txt
@@ -92,5 +92,7 @@ options: configure per machine; configure per crypto/fiat
 
 -----------------------------
 
-- convert result to actual value, not record
 - default values
+- server side validation, including required
+    - need to think hard about how to do required checks for scopes
+- what to do if validation fails?