Tgrade for Developers
The top two reasons why you want to peek under the hood of the future of CosmWasm (and DeFi)
For those of you who don’t know, Tgrade is a blockchain project built by Confio, makers of CosmWasm. That should give you the idea that we are building some top-tier tech under the hood. But it’s not just about tech. We spent quite some time trying to find a viable (and under-served) market for Blockchain and DeFi before deciding to launch our own chain.
Reason 1: The Business Case for Trusted Circles
The principle goal of Tgrade is to bridge the worlds of DeFi and traditional finance, while maintaining the ethos of public blockchain. Although many were skeptical when we pitched self-sovereign, self-regulating groups in August 2020, the time has validated our ideas. In September 2020, the EU regulators proposed MiCa pushing for regulated crypto-currencies and stablecoins, and paving the way for “pilot regimes” of semi-regulated crypto assets. In Spring 2021, a number of exchanges were hit by SEC lawsuits, including worldwide coordinated action against Binance. But it was really in September 2021 when the US Infrastructure Bill placed heavy regulations on cryptocurrencies, that many realized that DeFi’s days as a “wild west” were numbered. And warnings keep coming in about regulators.
Tgrade allows businesses to build “walled gardens” called Trusted Circles. Businesses can create their own off-chain structures, processes, and rules around Trusted Circles to meet the rules of the jurisdictions they operate in. Users can opt-in to them, and assuming they are validated by the guardians of that circle, can trade any of the whitelisted assets issued within that group, as well as any non-whitelisted assets (such as ATOM or eEUR).
That means, you can use standard DeFi contracts, like AMMs and Collateralized Loans, or even things like Synthetics and Derivatives, within the group while satisfying regulations… as long as all members of the trusted circle have all been vetted as accredited investors in the appropriate jurisdiction. By making this opt-in, allowing many different Trusted Circles on the chain, and using a secure public chain, we uphold the ethos of liberty that many in blockchain espouse, while allowing people to use less legally-risky products.
This is my short overview of what we are building, and if you are interested in this from a product or business perspective, I encourage you to check out a number of excellent articles by Martin Worner. Check out an early glimpse of the Tgrade testnet to get your hands dirty. Or read “Decentralized and Regulatory Compliant”, “Regulations and Crypto”, and “Trusted Circles and Front Running” for more theoretical background of the project.
Reason 2: Securing the Money using PoE
While designing a system that should carry tokens with a value of tens or hundreds of billions of dollars on it, we realized we must question many designs to ensure sufficient security. There may well be more value in the third-party issued tokens than in the base layer (staked tokens). But it must still be so expensive and/or difficult to attack the chain, that those third-party tokens are not at risk of someone controlling the base layer consensus and selling those tokens on other chains.
The argument of POS has typically been that an attacker must have 2/3 of the tokens to execute this attack, and if the market cap is say $12 billion, one would need at least $8 billion to execute it. On one hand, this would require an over-collateralized consensus layer, worth more than all tokens on it, which is capital inefficient. On the other hand, that assumption is completely wrong, especially for dPOS.
I consider the Cosmos SDK’s dPOS module state of the art in many aspects, and these critiques should apply equally to other POS systems. ThorChain uses POS and holds bridged assets, but has a long-standing critique of the security of dPOS in general, which I generally agree with. Basically, if validators play with other people’s money, they have nothing at stake.
If you look at the top-10 validators on Cosmos, only 2 have more than 1% of the tokens self-staked. Dokia Capital at an impressive 13%, and stake.fish at 1.2%. The rest have almost nothing there. Add to that, that a double-sign attack will be slashed at 5%… That means that with 180 million ATOM bonded, 2/3 of them doing a double-sign might cost the validators 120 million * 1% * 5% = 60k ATOM, almost $2 million at current prices. That doesn’t sound like much security.
Of course, such an attack would not be feasible without the top validators collaborating, and they are good people with reputations and legal entities and they wouldn’t want that risk in the real world. I believe the hub is safe, but not due to the amount that could be slashed, but more as they have an engaged community and many reputable companies as top-validators… which sounds a bit more like PoA. Given the rewards are skewed such that smaller validators can barely make ends meet, there are clearly many things that can be improved.
PoE’s Core Design
When designing PoE, we started with two fundamental assumptions: an engaged community is essential for a lively chain, and reputable validators allow a chain to scale up security far higher than the amount under slashing risk. While working to define what “reputable” was, we realized these were the same question in the end… validators who are engaged, who have made contributions over time to the blockchain, have a reputation at stake and can be trusted more than tokens alone.
To turn this into a consensus algorithm, we went a safe route, and just mixed together two well-tried approaches. We effectively combine PoA and PoS, to take the best of both worlds, and use a sub-linear mixing function, to protect against whales. This curve goes to 0 as either Stake or “Authority” (Engagement) goes to 0 in order to prevent abuse by whales (stake without authority) or core team members (authority without stake).
We defined non-transferable “Engagement Points”, which are granted by governance for work supporting the mission of the chain. Anyone with some engagement points can self-stake tokens and register a validator node and will immediately have voting power.
We batch reward payments in epochs, which is the direction the Cosmos SDK is going. Rewards are then split between validators, engagement holders, and the community pool. Validator rewards are split based on their voting power. With no payments to delegators, and sub-linear curves, PoE is much more sustainable for smaller validators, encouraging a more diverse set of validators, all coming out of an engaged community.
Sounds interesting? Want to know more? You can dig into the Proof of Engagement Whitepaper from September 2020. There are also cadCAD models in that repo comparing with dPOS and modelling possible attacks.
Implementing PoE
As you can imagine, implementing a new consensus algorithm is quite complex, and we wanted to do it with the best tools we could use. We would be effectively replacing the core of Cosmos SDK — x/staking, x/slashing, x/distribution, and x/gov, which are all complex and intertwined and very difficult to safely modify.
After some reflection, we decided to “eat our own dog food” and build out this system as a series of CosmWasm smart contracts. This would allow us to leverage all the powerful dev tools, clean composition patterns, and easy migrations built into CosmWasm. It would, however, force us to add deep integration into privileged operations. In this process, we used and improved the existing extension points in CosmWasm and Wasmd, which should demonstrate the flexibility of these extension points, without forking any of the libraries.
I think our implementation and integration of PoE will be of great interest to both CosmWasm developers and Cosmos SDK developers. Not just the consensus mechanism we implemented, but also to see how we made these complex integrations between contracts and native code, as well as how we designed, developed and tested composition of so many contracts.
I will cover the technical details of this in a series of articles over the next few weeks:
- Porting DeFi to use Trusted Circles
- Privileged Contracts and System Hooks
- Advanced Smart Contract Composition
- Bridging Native Interfaces to Contracts (genesis, gRPC support, keepers)
- Multi-Layer Governance
Please follow me or Tgrade on Medium to get all the new articles. I will be linking them here once they are released.
If you are interested in the Tgrade blockchain, our regulated DeFi products, or other less technical aspects, please check out the Tgrade App and join the Tgrade Discord.
