Skip to content

Latest commit

 

History

History
442 lines (270 loc) · 38.4 KB

202106.md

File metadata and controls

442 lines (270 loc) · 38.4 KB

Decred Journal – June 2021

abstract art by @saender

Image: Core Lattice by @saender

June's highlights:

  • An upcoming consensus upgrade was approved on Politeia which would make future consensus changes easier, more reliable, and more secure.
  • A bug with the checks on treasury spending saw a limit which is too low being imposed, this will require a consensus upgrade to fix.
  • Three Politeia proposals approved with high turnout (~47%) and yes votes (97-99%) - Bug Bounty, Translations, and the Explicit Version Upgrades Consensus Change.
  • The PoW hashrate has seen a significant drop, likely associated with the crackdown on mining within China.

Contents:

New Treasury Bug

Payments from the new treasury are blocked for several months by a bug in expenditure policy implementation. The test treasury spend transaction mined on May 22 triggered an overlooked condition in the safety mechanism protecting from spending too much DCR in a short period of time. For the next few months, only around 0.15 DCR can be spent from the new treasury, which is too low to pay contractors.

While this is an unfortunate delay in migrating to the decentralized treasury and extra work to fix the bug, the migration plan was created to handle any cases such as this. All funds in the network are safe and contractor payments will continue from the legacy treasury. Fixing the safety algorithm requires another consensus change that is under development.

Read the full story of the bug in the blog post and Twitter threads from @matheusd and @lukebp.

On a side note, this incident reminds us that even the heavily reviewed and tested consensus code is not immune to bugs, but they are easier to fix when a well-defined and non-controversial upgrade process exists.

Development

The work reported below has the "merged to master" status unless noted otherwise. It means that the work is completed, reviewed, and integrated into the source code that advanced users can build and run, but is not yet available in release binaries for regular users.

dcrd

The way standard scripts are handled has been reworked to address several long-standing issues.

For a quick background, "scripts" are small commands stored inside transactions that consume "input" coins from past transactions and create new "output" coins for the recipient. "Standard scripts" is a subset of all scripts allowed by the consensus that covers most useful operations (sending funds, staking, multisig, etc) optimized for efficiency and network security. Mainnet nodes will normally refuse to accept and relay standalone transactions (those that are not part of a block) containing non-standard scripts.

The reworked code adds a new package called stdscript that supports different script versions (this was hard to support previously and is required for the next consensus upgrade), provides a more ergonomic API for developers (including multisig and atomic swap helpers) and improves separation between "standard" and "consensus" (a common point of confusion for new developers). Additionally, the policy of what scripts are considered "standard" has been further tightened to help ensure the typical scripts occupy less space on-chain and further restrict cases that don't make sense.

As usual, this large change comes in a series of easy-to-digest commits with informative descriptions, tests, benchmarks, examples, all finished with a thorough new README.

A number of other changes have been focused on removing the usages of standardness code from consensus code, since the policy of what is considered "standard" may change at any time without requiring a consensus change and so consensus code must not be affected.

A proposal for developing the next consensus change has been submitted and approved. This upgrade will practically forbid soft forks to simplify future consensus changes and improve security. Once it activates, full nodes will start rejecting transactions and scripts of newer versions they do not understand, instead of ignoring them and believing they still fully validate the chain.

Soft forks are primarily the outgrowth of less capable systems with technical shortcomings and the lack of formal governance processes necessary to uncontroversially deploy them (@davecgh)

Further departure from soft forks is possible thanks to Decred's drama-free process of coordinating hard forks and its highly engaged community.

dcrwallet

  • an option to randomly disapprove blocks (intended for testing and cannot be used on mainnet)
  • updated to latest dcrd modules, including the new stdaddr
  • removed attempts to vote or revoke when private key is not available (should prevent some ticketbuyer errors)
  • use multiple connections when auto-buying tickets (may result in slower mixing if the funding account has limited UTXOs)

Decrediton

User-facing:

  • gray out the DEX tab and show a tooltip instead of hiding it in SPV mode (a lot of people have been confused by this)
  • added advanced options for restoring wallet (disable coin type upgrades and setting the gap limit)
  • allow empty passphrases to support Trezor passphrase feature
  • allow entering passphrase on the Trezor itself instead of asking it in Decrediton (Model T only)
  • implemented new UI design for Governance views (both Proposals and Consensus Changes)
  • integrated text input component from the pi-ui library. To support Decrediton's design spec it was updated with new features that other React-based projects can now also use.
  • ~10 bug fixes

Developer-facing changes include the completion of several security improvements that have been long in the making:

  • automated tests for Send, Receive, and Export views
  • reorganized, cleaned up, and optimized Webpack config
  • disabled Node Integration in the UI code so that it can no longer access the low-level Node and Electron APIs directly. This is an important security feature and a recommended practice in modern Electron app development.
  • context isolation enabled in main window - another important security feature further restricting the UI code
  • enabled the webSecurity feature to tighten up external requests (this also fixed the development mode on Windows)
  • reduced dependencies to rely less on third-party code and improve security by reducing the surface of a possible supply chain attack
  • introduced a more secure confirmation dialog and used it for confirming VSP access and transaction signing

Politeia

User-facing:

  • added a button to access raw Markdown
  • show status of proposal credit payment (gives an idea how soon the credits can be used to submit new proposals)
  • show a banner when the user is viewing proposals-archive.decred.org to reduce confusion when clicking the site logo
  • improved look of the Flat mode button
  • added proposal name to email subjects
  • ~13 bug fixes

Backend and CLI:

  • politeiavoter upgraded to the new API released in v1.0.0
  • politeiavoter will now retry its votes on server errors
  • added MySQL implementation of the user database. The data will need to be migrated from CockroachDB to remove this dependency and have only one database to deal with. The choice of MySQL was dictated by tlog (which does not support PostgreSQL).
  • updated READMEs with setup instructions to get a full Politeia instance up and running (new contributors, wait no more!)
  • added missing docs to pictl and politeiaverify tools
  • more meaningful stack traces
  • test coverage for user management and fetching
  • ~2 bug fixes

Contractor Management System (CMS):

  • allow using archived proposals in invoices
  • added tracking of spends from the new treasury (to determine if the invoice has been paid)
  • fixed proposal expenses calculation and fetching of correct invoice version

@lukebp shared a nice educational intro on how Politea achieves its strong cryptographic auditability.

vspd

User-facing:

  • added the share of VSP's live tickets, as well as its revoked percentage, to the homepage and status API response
  • allow admins to set a custom message that will be shown on the webpage and returned by the status API when the VSP is closed
  • admin page UI tweaks
  • improved cache busting (prevents users from seeing outdated resources)

Internal:

  • compare transaction scripts rather than addresses when verifying fee payments (this is more correct, more efficient, and fixes some edge cases)
  • filtering of database tickets made more than twice as fast
  • ensure ticket purchase height is set for all tickets
  • improved shutdown handling
  • refactored GUI cache for better reuse

dcrpool

v1.2.0 is here bringing almost a full year of development since v1.1.0. See all fixes and improvements in the release notes.

Merged in master and v1.2.0 release:

  • reworked coinbase confirmation tracking to resolve remaining issues

DCRDEX

dcrandroid

  • option to send change to unmixed account (to be mixed before use), and indicate to which account the change will go on the Send page
  • distinguish mixes with unique label and icon
  • updated French translation
  • ~3 bug fixes

Merged in dcrlibwallet (base library for Android/iOS apps and godcr):

  • added filters to find mixed or various staking transactions
  • added statistics across transactions and staking activity
  • option to send change to unmixed account
  • fixed insufficient balance when paying vspd ticket fees

dcrios

  • option to send change to unmixed account (to be mixed before use), and indicate to which account the change will go on the Send page
  • prevent screen sleep while syncing, rescanning, or mixing
  • more flexible dropdown menu on the wallets list
  • distinguish mixes with unique label and icon
  • UI tweaks
  • ~7 bug fixes

godcr

User-facing:

Developer:

godcr is approaching the public testing phase. Look forward to pre-release builds.

godcr screenshot

dcrdata

  • added swapscan tool that scans Decred and Bitcoin blockchains for swap transactions and outputs a CSV file
  • removed inline javascript from charts page
  • added rigorous HTML escaping for anything that might contain user input
  • removed dependency on axios for making requests from UI code
  • fixed connectivity with Bittrex

Other:

  • Decred staking support was merged in the firmware repository for Trezor Model T and included in release 2.4.0. More work is needed on Decrediton's end but this is a big milestone.

  • @fst_nml announced a $100K bounty for building Decred integration with THORChain - a decentralized cross-chain liquidity protocol based on Tendermint, Cosmos and utilizing Threshold Signature Schemes. The development is already in progress (discussion).

People

Welcome to new first time contributors with code merged to master: @vibros68 (politeiagui) and @x-walker-x (politeiagui)!

Community stats as of Jul 1:

  • Twitter followers: 46,919 (+1,195)
  • Reddit subscribers: 11,322 (+132)
  • Matrix #general users: 501 (+34)
  • Discord users: 1,933 (+146)
  • Telegram users: 2,733 (+28)
  • YouTube subscribers: 4,570 (+30), views: 188K (+2K)
  • GitHub dcrd stars: 601 (+3), forks: 256 (+1)

June's recap of unusual social media dynamics can be found here.

Governance

In June the new treasury received 10,510 DCR worth $1.4 million at June's average rate of $131.52. 1,460 DCR was spent (from the legacy treasury address) to pay contractors, worth $192K at June's rate, or $253K at May's billing rate of $173.47. As of Jul 2, a combined balance of legacy and new treasury is 692,988 DCR (91.4 million USD at $131.88).

The first real transaction from the new treasury was not mined because of the bug described earlier and the contractors were paid from the legacy one instead. Even though it didn't work as planned, that transaction showed a high engagement of on-chain voters and high support of the current treasury management: 11,943 tickets out of the max possible 17,280 voted Yes and zero voted No - a 69% turnout. It could go even higher when TSPEND voting is implemented for VSP users, who currently hold around 20% of live tickets.

Three proposals were published on Politeia, and all three have been approved with strong approval ratings.

  • The Explicit Version Upgrades Consensus Change proposal hit a new approval milestone with 99.9% Yes votes and just 13 tickets voting against the proposal among the 47% turnout.

  • The fourth iteration of the Bug Bounty proposal returned with a boosted payout schedule and was approved with 98.5% Yes votes and a turnout of 47%. This is +0.5% Yes votes and +15% turnout compared to Phase 3. @degeri thanks the stakeholders for the ever increasing amount of faith and trust.

  • The second phase of the big translation proposal was approved with 97.3% approval and a turnout of 46% - a big increase in support from 75% Yes and 28% turnout for the first proposal.

See Politeia Digest issue 43 for more details on the month's proposals.

Network

Hashrate: June's hashrate opened at ~369 Ph/s and closed ~73 Ph/s, bottoming at 61 Ph/s and peaking at 438 Ph/s throughout the month.

As you can see above June had a large drop in hashrate due to miners shifting out of China due to a recent ban. This is especially visible in ASIC mined coins like Decred and Bitcoin.

Distribution of hashrate reported by the pools on Jul 1: Poolin 37%, F2Pool 28%, Antpool 8%, Luxor 5%, BTC.com 5%, HuobiPool 1%, UUPool 0.2%, CoinMine 0.1%.

Distribution of 1,000 actually mined blocks almost matches the reported hashrate. Unidentified 15% mined blocks are split between the same 4 addresses as previously.

Staking: Ticket price varied between 168-208 DCR, with 30-day average at 184.7 DCR (-1).

The locked amount was 7.33-7.72 million DCR, meaning that 56.1-59% of the circulating supply participated in proof-of-stake.

VSP: On Jul 1, ~8,000 (-200) live tickets were managed by vspd servers and ~600 (-500) by the listed legacy dcrstakepool servers. Collectively the 12 legacy and 13 new VSPs managed 20.9% of the ticket pool, down from 22.7% on Jun 1. Delisted but still active legacy VSPs managed 26 live tickets (-35).

Nodes: Throughout June there were around 216 reachable nodes according to dcrextdata.

Node versions as of Jul 1 snapshot (256 total, dcrd only): v1.6.2 - 53%, v1.6.0 - 19%, v1.6.1 - 13%, v1.7 dev builds - 7%, v1.6 dev builds - 3%, v1.5.1 - 2.8%, v1.5.2 - 2%.

The share of mixed coins varied between 43.7-47.0% and made a new all-time high.

Decred's Lightning Network has seen 34 nodes (+1), 60 channels (+7) with a total capacity of 21.8 DCR (+4.7), as of Jul 1.

Ecosystem

stakey.net has removed the web interface for its legacy dcrstakepool instance. Voting wallets and the API will be maintained until users migrate to vspd. As of Jul 1, stakey.net's legacy VSP managed 63 live tickets, down from 134 on Jun 1. Its vspd instance has become the largest, managing more than 2,200 live tickets.

To maintain decentralization, it is recommended to avoid providers that control too many tickets. But stakey.net presents a "problem" here, as it is the only known VSP offering a Tor hidden service. Other providers are welcome to the competition!

dcr.farm now redirects to its vspd instance but @infertux confirmed that its legacy wallets are up and will stay up until all tickets vote (32 remained live as of Jun 22). The status of dcr.farm's legacy and vspd wallets can be checked on a dedicated status page.

YieldWallet's legacy VSP has voted its last ticket and has been shut down for good. Thank you for the service!

New VSP from crypto-synergy.net is up on mainnet and testnet. The mainnet instance reports its first voted ticket (a requirement for all new VSPs) but it needs to pass the review to get listed on decred.org/vsp.

At this point legacy VSPs hold less than 1.4% of the ticket pool and upgrading to vspd is recommended to avoid the risk of missed tickets, e.g. in a scenario where another consensus upgrade is activated while dcrstakepool is not patched to follow the chain.

Ledger Live users are recommended to update to version 2.29.0 or later where issues with syncing and sending DCR in have been fixed. The disruption between first mentions of the issue and the release of v2.29.0 lasted around 22 days.

Indian WazirX has enabled DCR/INR and DCR/USDT trading. DCR was part of the "Rapid Listing" process where trading starts sooner but deposit and withdrawal options are limited until the full integration is completed. In case of this listing, inter-wallet deposits and withdrawals between WazirX and Binance are available with no fees. WazirX was acquired by Binance in 2019.

For those who missed it, two lesser-known services in the wider Decred ecosystem are worth highlighting. One is a modestly called Twitter alternative from stakey.net:

This Decred citadel is a modestly fast, secure, and up-to-date Mastodon instance with monitored server availability and nightly off-site backups. Open to the Decred community. (invite link here)

And another is @karamble's PeerTube instance that mirrors Decred video content for increased resilience and decentralization.

Warning: the authors of the Decred Journal have no idea about the trustworthiness of any of the services above. Please do your own research before trusting your personal information or assets to any entity.

Join our #services chat to follow Decred ecosystem updates.

Outreach

Monde PR's achievements for June:

  • pitched 1 story to finance and crypto publications
  • responded to 6 requests for comments/PR opportunities
  • secured 2 media interviews

News coverage secured by Monde PR:

  • an article in CryptoNexa featuring news about the DCRDEX integration into Decrediton
  • an article in Benzinga featuring commentary by @jz about crypto FUD and FOMO. The piece was syndicated to three publications including Yahoo! Finance and Explica.co.
  • an article in NerdWallet featuring commentary by @jy-p on how to store crypto
  • an article in NerdWallet featuring commentary by @jy-p on how to buy crypto. The article was syndicated to 42 publications including Nasdaq, MSN Money, Yahoo! Finance and SF Gate.

Events

Attended:

  • Jun 12 - Arab Blockchain Week 2021 - Internet. @arij introduced on-chain and off-chain governance and examples of both in Decred (see links and slides in the report).

Media

Selected articles:

  • Treasury expenditure policy bug by @matheusd (blog.decred.org)
  • Crowdfunding with voting rights - A killer feature of the Decred DAO by @ammarooni (medium)

Videos:

  • Decred News Update - v1.6.3, DEX integration, first DAO treasury spend, staking ATH & more by @Exitus (youtube)
  • Should money be private - Decred Fundamentals by @phoenixgreen (youtube)
  • The evolution of the treasury - Decred Fundamentals by @phoenixgreen (youtube)
  • Coin supply and distribution - Decred Fundamental by @phoenixgreen (youtube)
  • 13 million landmark reached - Decred Society by @phoenixgreen (youtube)
  • Decred - Top reasons this cryptocurrency rocks! by Ripe For Investing (youtube)
  • Don Jon aka PurpleSuede22 speaks to us on the secrets behind Decred's success! by CryptoND1 (youtube)
  • Coin Review - Decred by Spencer Tarring (youtube)
  • Why Decred is a game changer by Todd F. Maki (twitter, part 2)
  • @OfficialCryptos is now on YouTube

Art and fun:

Translations:

  • Decred Journal May 2021 was translated to Arabic (@arij, @abdulrahman4) and Chinese (@Dominic). April issue in Spanish is out too. Thank you all!

Discussions

Comm systems news:

  • Matrix experienced degraded performance due to a large scale attempt to bulk-register bot accounts and spam the network.

Selected Reddit posts:

  • Decred, PoW's energy use and renewables
  • @atweiden's strong pitch for DCRDEX
  • THORChain integration bounty and comparison to DCRDEX

Selected Twitter discussions:

  • @sumiflow is asking exchanges a tough question about their listing choices
  • @lukebp on how "De"Fi should not rely on a handful of trivially blockable central points
  • @lukebp showed why Politeia is huge, with live examples:

Politeia has undergone a huge upgrade this year and is doing things that nobody else is doing.

(technical explanation...)

So why is this a big deal? This provides us with irrefutable proof that my proposal existed at block height 552071 and has not been altered since then. No other production site provides this level of transparency and cryptographic auditability for its data. (@lukebp)

Markets

In June DCR was trading between USD 87.66-174.59 / BTC 0.00298-0.00468. The average daily rate was $131.52.

dcrdex books

Who can resist this liquidity?

Relevant External

A large scale migration of Bitcoin miners (and others) hashrate from China is underway, and it's being covered in all the mainstream business publications. The exodus was triggered after Chinese authorities made statements about cracking down on Bitcoin mining, and then several provinces made it clear to miners that they had to stop. One of the issues the mining companies face in relocating their hashing hardware is with the current high price of international shipping.

The Zcash Open Major Grants (ZOMG) program has funded the Tor Project with $670,000, to be used for paying developer salaries as they work towards Arti (A Rust Tor Implementation) - which would make Tor more accessible to other applications, including Zcash.

The Uniswap community is considering funding a "DeFi political defense fund" with $27M to $40M USD, the fund's purpose would be to "educate policymakers, achieve regulatory clarity for DeFi, support DeFi and decentralized governance, and encourage other DeFi protocols to contribute ideas and support". As it progressed through a temperature check and consensus check phase, it became the more general "DeFi Education Fund" by the time it came to a vote (which concluded at the end of June with 84% approval).

The Curve DeFi project is considering whether to enforce its intellectual property rights in court. A proposal is under discussion which would see the Curve DAO members soliciting and approving or rejecting proposals from law firms, related to shutting down competitor projects that have copied Curve's code (which includes the stipulation that "no license, right of reproduction or distribution or other right with respect thereto is granted or implied").

There has been a run on the Iron Titanium protocol, which saw it incentivize its own rapid and irrevocable decline to zero once certain rare trading conditions were met.

The ironically titled "SafeDollar" also went to zero this month after being hacked, with the attacker looting around $248,000 worth of tokens.

THORChain, which some Decred community members have been engaging with around a DCR integration, suffered its first malicious attack. A postmortem indicated $140K was taken by exploiting a logic error in the ETH Bifrost module. The network was halted for 6 hours while a fix was deployed. THORChain said it will cover losses incurred by users from treasury funds.

That's all for June. Share your updates for the next issue in our #journal chat room.

About

This is issue 39 of Decred Journal. Index of all issues, mirrors, and translations is available here.

Most information from third parties is relayed directly from source after a minimal sanity check. The authors of the Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.

Credits (alphabetical order):

  • writing and editing: bee, degeri, l1ndseymm, richardred
  • reviews and feedback: davecgh, lukebp, raedah
  • title image: saender
  • funding: Decred stakeholders