There is a lot of misconception about the upcoming release of EOSIO v1.0 and the “launch” of the EOS mainnet.
I’m going to break down what I’ve learned from being on the inside of the block producer launch groups and other deep crypto circles. Here is what I am learning and some of it is going to surprise you.
First of all, you are going to see lots of countdowns to the mainnet launch… but…. Guess what?
Surprise!!! There Will Be No Mainnet (yet)
Due to Block.One’s legal structure, they cannot create a mainnet — the community of EOS people around the world will be launching several “mainnets” (as mainnet candidates) and eventually the community will (mostly) align to one network as being the mainnet. That could take weeks (or months). There could be forks… (oh there will be forks!).
In addition, Block.One is remaining completely neutral on the topic of launching and running the EOS network. Instead, the operation of the network is the job (and opportunity) of the EOS community. For the past few weeks, 100’s of people have been working round the clock to plan and practice launching EOS daily without any compensation from Block.One.
Therefore, there will be a few groups who will launch their own “mainnet” and claim it is official over the next few weeks. None will be, so don’t get confused.
Block.One Will Not Be Supporting Block Producers
AFAIK, Block.One will not be using their 100 million EOS to vote for any Block Producers. As you can tell, it is not Block.One’s role to choose how the community runs the EOS network, they just release the software.
It is very interesting to think that all of the money Block.One has raised will not be used to run what it built. The ETH that Block.One raised will not go to fund Block Producers. Instead, the EOS token holders have purchased the right to govern themselves.
Separate Voting Will Occur On Each Mainnet
This isn’t going to be very pretty… Since there will be a few networks claiming to be mainnets. Each mainnet will be completely separate and users will be able to vote on each one using the same amount of tokens.
Each EOS token holder gets to vote for up to 30 Block Producers. The weight of their vote is based on the amount of EOS token they hold in their EOS wallet. (Don’t forget to register if you’re reading this! It can take a few days to get your EOS withdrawal from an exchange, so do it TODAY.)
If you have 4000 EOS tokens, you will be able to cast votes with a weight of 4000 EOS on each separate “mainnet.”
EOSIO 1.0 Will Release On Time
Despite all of the rumors, there will not be a delay of the release of the EOSIO software. Block.One — the company who is responsible for developing and releasing the EOSIO code — will release EOSIO v1.0 on Saturday June 2, 2018. This does not mean that development will stop. Many changes are still being made and there is functionality still being built. They will just be publishing whatever is done by Saturday June 2 and calling it the release.
EOSIO Will Have Issues
As a part-time developer, what I can tell you is that a coder’s job is never done. There will be bugs, there will be security issues and vulnerabilities (such as the one 360Vulcan identified). The EOSIO code is likely riddled with issues like this that allowed remote execution of code by not validating an offset. This is just careless coding, and with a project this size with as little testing as it has, there are going to be major issues.
Most Block Producers Are Clueless About Security
Many block producers are clueless about security. Lots of these teams have amateur system admins — or just hobbyists running their nodes. This is important because breaking a $4B network is very attractive to malicious actors. For example, I would guarantee that as much as 50% of the nodes will run EOS as the “root” user. This is a terrible mistake because as 0-day vulnerabilities are discovered, attackers will be able to gain full system access on affected nodes immediately.
Security Experts To The Rescue
There are recommendations (not from Block.One) but from the brilliant people in the EOS Infrastructure Telegram. Some of these guys really know their security.
For instance, they recommend that no Block Producer runs EOSIO as an “root” user account (duh). In addition, they have outlined a “don’t cross the streams” security approach using a Mesh VPN on a testnet called Ghostbusters Secure. They are one of the groups planning to launch an EOS mainnet — (more on this this below.)
4 Launch Groups Are Planning to Create A Mainnet
After the EOS crowdsale ends, and the EOSIO v1.0 release is published on Github, there will be a few days where Block Producers work together to verify the initial chain of EOS. There are over 50 million accounts to verify and prove that the EOS token amounts in each account match the EOS ERC-20 addresses.
Founded by HKEOS, EOSRio, and EOSdac — this is the only testnet taking a “security-first” strategy. This group has a very smart approach to setting up their system and network security that will limit the EOS application attackers to gain access to systems.
I learned of the Ghostbusters testnet when an attacker was playfully shutting down nodes on the Jungle Testnet using his eos-fuzzer.py script. This attack would not work on the Ghostbusters Secure network.
In this system, each Producer Node has 100’s of Wireguard VPN connections to one another over a private network for EOS P2P. These nodes will not have API access enabled.
There will be Full Nodes which host the API. Each Full Node will have a Wireguard VPN for the EOS P2P connection to the Producer Node.
Finally, there will be an API layer where Proxy Servers (web firewalls) filter requests using Patroneos (released by Block.One) and DDOS protection to stop malicious and malformed data.
This is a chart of the network layout that I grabbed from a video call with the Block Producers leading the charge here.
This group definitely has the best branding for sounding like they are official. BIOS BOOT is led by Alex Bourget from EOS CANADA — they developed scripts for orchestration of launching autonomous Block Producers using a discovery protocol to link to other Block Producers. They are practicing launches every day right now.
You can read about their stage 16 launch here. Instead of doing a single launch, they are doing 27 launches that build on one-another and eventually they will call that one the “mainnet.”
This group does not seem to have much public support. They are jumping into other Telegrams to promote their “mainnet” launch. I have not seen any of the major Block Producer Candidates taking them very seriously, but they do have a great description of the state of EOS here.
These guys’ goal is to attempt to prevent whales and VC’s from capitalizing on the Block Producer income. AFAIK, no Block Producer groups are taking them seriously. I have not heard when their mainnet will be launching.
There is a lot of confusion around the release of EOSIO v1.0 and the upcoming mainnet. It is my guess that the community will be divided amongst mainnets for a few months, maybe even years.
If we look at history, we can see that this sort of division is common in Blockchain. There is BTC vs BCH and ETC vs ETH. There will be various EOS manifestations as well — FORKS!
Personally, I’m recommending all Block Producers to use the Ghostbusters Secure launch for the mainnet. Although Ghostbusters is technically more challenging to learn than the other testnets — it’s also way more secure.
There is some hope that EOS BIOS BOOT will combine forces with GHOSTBUSTERS SECURE, but we only have a few days for that to happen.
Any thoughts? Questions? Feel free to comment here on Medium or Tweet at me.