Decred Journal — September 2020
Decred’s highlights for September:
- The decentralize Treasury spending PR is finally merged, after a comprehensive review process.
- dcrdex is addressing many sophisticated trustless swap scenarios discovered in early testing, the first mainnet swap was conducted in early Oct and the MVP should be ready for general use soon.
- The first RFP proposal on Politeia, to change messaging on decred.org, was approved, and received 4 candidate proposals. Voting will begin on these soon.
- The dcronchain.com on-chain metrics site, as approved by a proposal in June, has now launched.
- The withdecred.org onboarding portal had its initial launch, and also had an associated proposal submitted to fund promotional giveaways, approved in early Oct.
Unless otherwise noted, the work reported here has the “merged to master” status. It means that the work is completed, reviewed, and integrated into the source code that advanced users can build and run, but is not yet available in release binaries for regular users.
The decentralize treasury spending pull request is merged to master. It got 576 review comments, changed 115 files, added 15K lines of code, and took 5 months since the first draft was published. Several developers have been pulled from other projects to thoroughly review and test this consensus-critical code. Thanks to everyone for the hard work on this epic change!
DCP0006 describing the upcoming consensus change is under review.
Merged follow-up treasury work:
- one-way migration of the database to support the new treasury implementation
- tracking of tspend (treasury spend) transactions in the mempool
- new peer messages to relay tspend transactions as nodes startup (this is to help both mining nodes and the voting wallets discover tspends in a timely manner)
- new RPC command to tally the vote count of tspend transactions (initially only tspends in the mempool or that were mined can be queried)
- removed footguns from code for calculating tspend window values
- reworked consistency in the
standalonepackage and brought the test coverage back to 100%
Other merged work:
- optimized signature cache to proactively evict entries related to transactions in a block that is already 2 blocks deep
- consolidated ban disable/whitelist logic
- more restrictive systemd service privileges
- updated checkpoints and min known chain work for the upcoming release
- dependency updates to prepare for the release
- lots of smaller improvements in test coverage, logging, error handling, etc
@matheusd wrote a standalone tool to generate tspend transactions that can be used on air-gapped setups (without requiring a network connection to an underlying dcrd instance). It works in combination with @jrick’s ss tool for post-quantum file and stream encryption.
- decentralized treasury spending support, including a new tool for network operators to generate treasury keys
- warn when dumping extended public keys (if the xpub is leaked in combination with any account private key, this reveals all private keys of the account)
- handle change for unmixed ticket buying
- saving of unpublished transactions to the database (necessary to prevent some previous wallet outputs from being double spent across restarts, or to persist partially signed tx; this will be used by vspd clients)
- new flag to only add tickets manually and not discover them through network sync (this flag will be used by vspd admins to prevent their users getting free votes by reusing their voting address. With this flag set, tickets can only be added to the vspd through the proper API)
- add redeem script for P2SH listunspent results (this is for dcrdex)
- changes to support vspd
- implemented sendrawtransaction method
- extensive testing by vspd and dcrdex clients helped to identify and fix numerous bugs
- reuse checkbox component from pi-ui
- continued refactoring to functional components and CSS modules
- multiple bug fixes
- added user search back
- replaced remaining cache usage to clear the way for tlog migration
- added LevelDB implementation for testing infrastructure
- 2FA login with TOTP (time-based codes)
- querying contractor’s code stats for CMS admins
- tlog implementation on the backend and the GUI
Status update from @lukebp:
Most of the politeia development was focused on tlog this past month. The frontend and backend work to match the existing politeia functionality is complete. The next few weeks are focused on testing tlog, working through bugs, writing documentation, and adding test coverage to the code. The only feature that has yet to be implemented is the ability to retrieve the inclusion proof for a specific piece of politeia data. The politeiad backend currently supports this, but the corresponding politeiawww routes need to be added as well as a way to display/download the inclusion proofs in the GUI. This functionality will be added before launch.
- store records of up to 10 vote choice changes for each ticket, for two-way accountability
- require that dcrwallet runs in manual tickets mode
- the PR for porting the upstream work has been updated with all work done up to v0.11.1-beta version. That’ll bring us on par with the current latest lnd release.
- implemented order history view with filters and infinite scrolling, and order details view with all matches and relevant transaction outputs
- show amounts locked in contracts and update balances in more cases
order_statusroutes to recover from unusual cases discovered in testing, like laptops suspending or poor connectivity causing clients to miss the
revoke_matchstep (restarting the dexc program fixed it but it was poor UX)
- improved reconnection handling
- more robust handling of missing matches
- return active orders on
- unlock coins in more cases when no longer needed (read this random comment to get a taste of how many cases must be considered in a trustless swap protocol)
- notify user of penalty
- grace period for new users when cancellation rate threshold is not enforced
- better handling of redemption when Maker goes dark after Taker swap
- multiple inaction check fixes
- require password for client RPC
- opt-in debug logging in the UI
- many internal changes and bug fixes
A total of 35 PRs from 4 contributors were merged, adding 9K and deleting 2.6K lines of code.
Twitter poll showed interest in LTC support in mainnet beta.
The first DCR-BTC mainnet atomic swaps coordinated by #dcrdex were conducted yesterday. Testing and development continues, but talk has moved to software distribution and tutorials. Exciting times for @decredproject. (@chappjc on Oct 9)
- updated Chinese translation
- bug fixes
- show Politeia proposals
- bug fixes
- updated to the v1.4.4 of the Rosetta specs which includes the ability to construct, sign, and publish transactions. The
check:constructionsuite of tests of the corresponding rosetta-cli for this spec is passing on this PR.
Rosetta v1.4 released the Construction API (formerly Wallet API) for constructing transactions in a standard format, which was not finished when we announced Decred’s Rosetta implementation back in June. This API is supported by the latest dcrros and work is ongoing to keep it up with the spec, as well as the upcoming changes in Decred consensus.
- replaced example dev proposal with a larger scale one
- replace OS-specific collapsible sections with proper tabs
- Ticket Selection page moved from dcrdocs
- Overview and Opcodes reference added for the txscript system used in Decred (it is a simple, stack-based, Forth-like programming language)
- added Latam contributors
- backend updates
- Bug Bounty program posted a new update and made changes to the rules and scope based on experience with recent submissions
Community stats as of Oct 1:
- Twitter followers: 40,790 (-26)
- Reddit subscribers: 9,929 (+23)
- Matrix #general users: 197 (+23)
- Discord users: 1,396 (+2)
- Telegram users: 2,434 (-34)
- YouTube subscribers: 4,210 (+30), views: 156K (+1.7K)
- LinkedIn followers: 891 (+16)
- GitHub dcrd stars: 563 (+6), forks: 248 (+2)
In September the Treasury received 12,300 DCR and spent 5,740 DCR. Using September’s daily average DCR/USD rate of $13.26, this is $163K received and $76K spent. At August’s average daily rate of $17.02, the USD figure billed for work completed in that month is $98K. As of Oct 3, Treasury balance is 640,000 DCR (7.5 million USD at $11.69).
- The proposal from @Exitus for video production was approved with 94.6% yes votes and turnout of 31%.
- A proposal to promote the new withDecred.org site with DCR giveaways was submitted in Sep and approved in early Oct with 62% yes votes and 37% turnout.
- A proposal to pay @alexsolo for work done in 2016–18 was rejected with 8% yes votes and turnout of 28%.
- An RFP proposal to change the messaging on decred.org was approved with 85% approval and 29% turnout. There were 4 proposals submitted before the deadline of Sep 28, and once they are all ready run-off voting will begin. Only one of these proposals can be approved, and it still has to meet the usual approval and quorum requirements.
@bee published a comprehensive checklist for successful Politeia proposals based on experience with past proposals.
Hashrate: September’s hashrate opened at ~460 Ph/s and closed ~450 Ph/s, bottoming at 338 Ph/s and peaking at 609 Ph/s throughout the month. Pool hashrate distribution as of Oct 1: UUPool 35%, Poolin 27%, Huobipool 11%, easy2mine 10%, Antpool 9%, BTC.com 3%, Luxor 0.9%, F2Pool 0.5%, okex 0.2%, CoinMine 0.02%, and the rest ~3%. Note that we have switched from dcrstats.com/pow to miningpoolstats.stream because the latter identifies about ~20% more hashrate.
Staking: 30-day average ticket price was 148.6 DCR (-2.8). The price varied between 144.7–152.5 DCR. Locked amount was 6.06–6.12 million DCR, which corresponded to 50.38–51.04% of the available supply participating in PoS.
Nodes: Throughout September there was an average of 108 public listening nodes and 133 total nodes per dcr.farm. Average version distribution for September: 26% dcrd v1.5.1, 22% dcrd v1.5.2, 7% dcrd v1.6 dev builds, 7% dcrd v1.5.0, 4% dcrd v1.5 dev and RC builds, 0.8% dcrd v1.4, 17% dcrwallet v1.5.1, 1.6% dcrwallet v1.5, 1.1% dcrwallet v1.4, 15% others.
dcronchain.com has launched four months since its proposal was approved in June. The initial version includes 5 interactive charts derived from Decred’s on-chain data, based on research by @Checkmate and @PermabullNino. The team is welcoming any feedback on Reddit. Source code is available on GitHub. Congrats with the launch!
NovaDAX is top 3 in the BR market. With the new debit card, it’s possible to pay any bill in places that accept Elo, which in Brazil has the same adoption as Visa and Mastercard. In addition, it’s possible to make bank transfers in BRL, deducting DCR from your account and without paying transfer fees, something that all banks in Brazil charge for. It’s also possible to exchange DCR for BRL in Banco24horas ATMs, with around 23 thousand machines in Brazil. NovaDAX is opening a branch in Portugal and intends to do the same in the European market. (@emiliomann)
Warning: the authors of the Decred Journal have no idea about the trustworthiness of any of the services above. Please do your own research before trusting your personal information or assets to any entity.
@Exitus’ second proposal for making video content for another 6 months was approved with very high support. @Checkmate will join in the second phase to help with scripts and feedback. The proposal shared some stats for the last 6 months: 21K views gained with 98% like rate, ~500 subscribers gained and ~250 lost, 170 comments received. The most popular video was DCR 101 — How to Stake Decred 2020 with 1.6K views. Various videos uploaded to Twitter gained ~18K views.
@pavel, @pablito, and @el_capitan launched a new website withdecred.org to find a new scalable approach for how to onboard new users to Decred community. The website contains a series of articles that form a structured “funnel” that leads the person to purchase a few DCR. A proposal followed to fund the operations and a distribution of $5,000 worth of DCR to drive initial engagement, approved in early October. Historically, some community members have been skeptical about giveaways and this project will finally bring some empirical data and gauge the ROI of that model. Companion Twitter handle is @withdecred.
A few community members organized to answer a stash of questions about Decred on Quora.
@jazzah posted a contest themed “KYC vs Shuffle++” where participants need to complete non-trivial tasks by inspecting a crazy hilarious image. Prize #1 has been claimed but prizes 2–4 are still open for anyone.
Monde PR’s achievements for September:
- created/pitched 2 story ideas to the finance and crypto publications
- responded to 3 requests for comments
- responded to 2 news stories about DCR
News coverage secured by Monde PR:
- an article in Authority Magazine featuring commentary by @jy-p on how Decred aims to redefine governance with blockchain technology
- an article in AMB Crypto featuring commentary by @richardred on the ‘DeFi bubble’, syndicated to 12 news outlets including Crypto Fund Report and Coingenius.news
- an article in The Daily Chain featuring commentary by @davecgh clarifying details of a reported vulnerability
- Sep 4 — Hablemos Decred 11 — Internet. @elian and guest Jose Zarate from Stamping.io discussed timestamping on blockchains. (video)
- Sep 10 — Hablemos Decred 12 — Internet. @caibarrad and @elian invited David Riascos from @cLabs to talk about the importance of the community in the development of open protocols and the challenges of adoption in the cryptocurrency industry. (video)
- Sep 17 — Hablemos Decred 13 — Internet. @adcade and @elian talked with guest Nancy Salazar from Platzi about how to start a career in technology and how to overcome the challenges of complex areas such as blockchains. (video)
- Sep 25 — Hablemos Decred 14 — Internet. @elian and guest Eloisa Cadenas from CryptoFintech explored the origins of maximalism, the risks of such lines of thought, the future of interoperable blockchains and what are the challenges for adoption and innovation in the cryptocurrency space. The event was announced on Cointelegraph Spanish. (video)
- Oct 15 — Hablemos Decred 17 — Internet. @elian and Gus Grilliesca will explore the future of art and cryptocurrencies.
- Oct 17 — Introduction to blockchain API — Internet. A workshop to explore Decred blockchain with dcrdata API.
- Oct 19 — Open Source Software Summit — Internet. @adcade will present Decred with the talk “open source contractor model in the cryptocurrency industry”.
- Why I Decred by Decred Citizen (medium)
- Decred on-chain: DAO + Treasury accounting by @permabullnino (medium)
- Blockchain governance — Part 2 by @mm (stakey.club)
- Meet the Disruptors: How Jake Yocom-Piatt of Decred aims to redefine governance, with blockchain technology by Tyler Gallagher (medium)
- Monero and Decred are the new Bitcoin by John Dennehy (medium)
Since decentralization is a founding principle of the crypto-space it gets a lot of lip-service but one of the oldest problems with power is that it is extremely rare that once someone has it, they will give it up voluntarily. Decred is a rare exception and notable in the progress its developers have made in converting the project’s resources into this autonomous system. Monero is another outlier here, as its development is completely funded by community donations.
Crypto media has picked up the INVDoS vulnerability disclosed on Sep 9, which brought some mixed press for Decred. CoinDesk release was the first and didn’t mention Decred at all. Notably, it was published just 45 min after the PDF was last updated at invdos.net and 28 min before the email on bitcoin-dev mailing list. ZDNet briefly mentioned Decred’s bug bounty program. Decrypt has overblown the issue and posted some inaccuracies. The Daily Chain went as far as to say that “Bitcoin engineers patched vulnerability in Decred”. A common pattern is that these outlets didn’t reach out for comments from the experts most familiar with the software (Decred developers). @l1ndseymm contacted The Daily Chain and they posted a follow-up clarification with a comment from @davecgh. @degeri addressed the misinformation in a tweet thread. A detailed account of media coverage, misinformation, timeline of events and reflection is available here.
- Meet the Disruptors: How Jake Yocom-Piatt of Decred aims to redefine governance, with blockchain technology — in Chinese by @Dominic
- Politeia Digest issues 36–37 — in Arabic by @arij and @abdulrahman4
- Decred Journal August 2020 was translated to Arabic (@arij, @abdulrahman4), Chinese (@Dominic) and Spanish (@francov_). Thank you all for spreading the word!
A list of all known translations of Decred content has been compiled here. If you enjoy DJ for reading about all the work being done for Decred, open this ~280 item list and scroll it for a minute to get a similar injection.
If you translate content, join the new public #translations chat room to coordinate with others.
- The Cost of attacking Decred by Decred Society (youtube)
- Security and coin supply by Decred Society (youtube)
- Going down the Decred rabbit hole by Decred Society (youtube)
- Decred price analysis — 6th September 2020 by Brave New Coin (youtube)
- Decred in Depth 30 with @eSizeDave and @zohand of the Decred Australia team talking about their experiences presenting Decred to various audiences — what sticks, and what misses (libsyn, player.fm)
- Decred in Depth 31 with @l1ndseymm giving her take on the role of PR, her experience of working with Decred’s community and going through the proposal process, and strategies for raising the project’s profile. (libsyn, anchor.fm)
- Cyber Hacker podcast: Crypto-Security and blockchain innovations featuring @jy-p (player.fm, apple)
The Decred dork has been busy this month, with 4 episodes of the new Staked Podcast:
- Episode 0.0.1 — History of Decred
- Episode 0.0.2 — Decred Constitution
- Staked podcast interview with @pavel
- Episode 0.0.3 — Decred investment thesis
Comm systems news:
- traders rejoice, #trading chat is now available via Telegram and is bridged to Matrix and Discord
Selected Reddit posts:
- everyone’s favorite Wall Street CEO, u/jamie-demon, has been busy publishing dcrdocs, decredpower, and DCRComic to IPFS and ZeroNet distributed web networks
- a post about BCH funding and governance issues attracted 45 comments, mostly in response to someone complaining about DCR
- @pavel is arranging an AMA interview and submitted a post to collect questions at the end of the month
- in-depth discussion about the merits of CloakCoin’s Enigma privacy protocol with one of that project’s developers
Selected Twitter discussions:
- @richardred tweeted an animated painting, titled “Ticket Price All Time Highs Again”
- latest development news breaking on twitter from @moo31337 (Decentralize Treasury Spending) and @chappjc (dcrdex)
- @jz asserts that Decred is a #ChadCoin
In September DCR was trading between USD 11.03–17.30 / BTC 0.00106–0.00148. The average daily rate was $13.26.
The Wasabi wallet was subject to a DoS vulnerability which would have allowed an attacker to halt the CoinJoin process for all participants without revealing themselves — fixed before it could be exploited.
Bitcoin Cash’s current situation was summarised nicely by Cain. The BCH (aka BCH ABC) chain looks set to fork over a dispute about developer funding. The Bitcoin ABC developers are adding a rule from Nov 15 that 8% of the block reward must go to an address controlled by them, to fund infrastructure development. This idea has been controversial in the BCH community for some time, and an alternative BCHN implementation is planned. This sets up an interesting hash war scenario, where ABC miners will not mine on BCHN blocks without a developers’ reward, whereas the BCHN miners will mine on anything — if the BCHN chain does not have a significant majority of hashpower, BCHN miners would be likely to see a lot of orphaned blocks. BCH has a checkpointing system, which adds some further intrigue around the possibility of chain splits and new nodes ending up on different chains. So far around 50% of PoW mining power is signalling for BCHN, and the rest is not signalling for anything.
BitShares has a forthcoming hardfork which is being supported by Binance and Huobi, after the BitShares China Association alleged that one of the BitShares developers had tampered with voting system code without community approval.
The SushiSwap saga provided peak DeFi drama in September. SushiSwap is a “decentralized exchange” running on Ethereum which copied the open source smart contracts of an established (VC-funded) decentralized exchange, UniSwap. When the SushiSwap developer, Chef Nomi, announced that SushiSwap would do a “fair launch” and grant almost all the SUSHI tokens to liquidity providers, SushiSwap began to draw a lot of liquidity away from UniSwap, and SUSHI gained considerable value in a short space of time. 10% of all the SUSHI tokens go into a development fund, and when the hype was peaking Chef Nomi liquidated the dev SUSHI (worth over $10 million at the time) for ETH and announced that he was not exit scamming because he would still be around to do development, but he had sold all the dev SUSHI. This was not well received by the SUSHI community, who sought to replace Nomi in short order, with Nomi then handing the reigns (keys?) to Sam Bankman-Fried of the FTX exchange. SushiSwap then went on to elect a set of multi-sig governors with a token vote. Subsequently, Chef Nomi returned along with the ETH they had obtained by selling dev SUSHI, offering that the community determine how much they should be rewarded for their part. There was some speculation that Chef Nomi had been effectively unmasked and did not want to live with the stigma of their hasty exit.
UniSwap launched their own token, UNI, in response to SUSHI’s success and the amount of liquidity it was attracting. 60% of the genesis tokens (intended to cover the first four years) are available to liquidity providers, with an initial 15% being allocated to people who had used UniSwap before a cut-off of early Sep. The remaining 40% of UNI is allocated to investors and employees.
Ethereum Classic Labs have teamed up with Chainsafe and OpenRelay to develop a solution which prevents further 51% attacks. 3 days after the teaming up announcement there is already a comprehensive MESS plan for weakly-subjective finality.
The KuCoin exchange (which lists DCR) was hacked, and a reported $150 million was stolen, later upgraded to $281 million, although $204 million was subsequently recovered (with help from the operators of centralized stablecoins), and KuCoin claims to have identified the suspects and reported them to law enforcement authorities.
Coinbase Pro announced that fees for crypto withdrawals would now be passed on to customers (Coinbase had previously covered these to provide “free” withdrawals).
The bZxHQ DeFi lender was subjected to another exploit, this time for $8 million, which is larger than the previous two exploits earlier this year. They have an insurance fund which is covering the damage. According to CoinDesk, “the bug managed to remain undetected in two extensive code audits from cybersecurity firms Certik and Peckshield”.
Square formed the Cryptocurrency Open Patent Alliance (COPA), where members pledge to never assert patent rights for offensive purposes, and in turn can use the patents of any member organization defensively if required. Blockstream tweeted about joining COPA as the next step in their defensive patent strategy.
The Polkadot Treasury received its first proposals. Polkadot’s Treasury is funded by transaction fees, slashing and staking inefficiencies — and every 24 days if these funds are not used 1% of the balance is burned. The funds are presently administered by the Polkadot Council, and the first four teams to be funded this way are working on a development environment for pallet-contracts, a Go Substrate RPC Client, Polkascan, and a platform for local community currencies and self-issued universal basic income.
This article about “private mining”, where a user gives their transaction to a specific miner, who collects the associated reward whenever they mine it in a block, sees it as a possible tool for money laundering, and in the future potentially also a legitimate source of miner income.
The United States Internal Revenue Service are offering a bounty of $625,000 to anyone who can provide a working prototype of technology to trace Monero or Lightning Network transactions. The deadline was Sep 16, so unfortunately it is now too late to cash in on that privacy-breaking prototype, if you happen to have one to hand.
Relevant External fans will likely enjoy the @Scams_alarms Twitter account for more horrifying stories.
This is issue 30 of Decred Journal. Index of all issues, mirrors, and translations is available here.
Most information from third parties is relayed directly from source after a minimal sanity check. The authors of the Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.
Credits (alphabetical order):
- writing and editing: bee, degeri, elian, l1ndseymm, lukebp, matheusd, richardred
- reviews and feedback: Checkmate, davecgh, jazzah, jholdstock, pavel
- title image: saender