Weekly Dev Update #29
THORChain Weekly Dev Update for Week 03–10 Feb 2020
The team are deep in real-world testing and optimisations. There are some issues with reliability so the team have taken the initiative to re-think how some parts of the protocol can be simplified. Work from this will add to the timeline but it is a necessary part of the process to achieve a safe launch.
Once such initiative (which is already partially implemented) is how key-signing ceremonies are coordinated. Since the ceremony is already communication-heavy (with added security checks and now with the blame feature), having a leader-less ceremony in an asynchronous environment is posing reliability problems and may not actually be required. Key-signing has to be incredibly reliable, so the team are aggressively pursuing options to increase reliablity.
Under the assumption that at least 2/3rds of the nodes are not malicious, then the protocol can be simplified by electing a key-sign coordinator each ceremony. Instead of having O(n²) communication complexity, the ceremony (with a coordinator) will have O(n) complexity. The coordinator can not be malicious, they simply act as a hub to route information. If they fail to act as a coordinator when nominated, they earn slash points and can be churned out instead. The process is:
- Take the message to sign, hash it to derive a number
- Modulus the number by node-count to elect a node randomly as the coordinator
- Each online node reports availability to the coordinator node
- Once the coordinator receives the required threshold of reporting nodes, they inform each node of key-sign nomination
- Complete key-signing, purge logs.
As with everything, there are concessions made. The most obvious is that the coordinating node can halt the key-signing ceremony. The counter to this is that they will earn penalties and will be churned out. The second is that although the THORNode binary purges all logs of who is present in a signing ceremony, a custom binary could. The counter to this is that the coordinator is always complicit in the transaction they are coordinating, and the transactions they are the coordinator of are effectively randomly chosen.
The team are navigating unknown territory, with the THORNode binary likely to be the most complex BFT Multi-Party Computation system ever built in the public domain. The team are hyper-aware of the complexity and are working with audit partners Certik and Kudelski to cross-check all decision-making and ensure robust viability.
Care taken now will pay dividends into the future. It is unacceptable that in 2020 centralised exchanges still dominate the landscape, with manual non-BFT custody of assets. The industry is in desperate need of a generalised permissionless-BFT crypto-asset manager, and THORChain is building a solution which is likely to be widely adopted across the ecosystem.
Since the code-base is a public good funded by public money, the team welcome all feedback as to its design.
Added features include more redundancy in THORNode, generalisation in the Observer and security enhancements in the Signer.
- [Add] Retry churn on failure
- [ADD]: Observer accepts arbitrary chain
- Resolve “[ADD] add reserve event”
- Add ability to check transaction status
- [Security] Encrypt signer storage
- Add healthcheck to compare status between components
Real-world testings flushes out bugs which are immediately fixed.
- [testing] various bug fixes discovered by real world testing
- [bugfix] better detect memo
- [bugfix] stop churning until retired vaults are empty
- fix slight issue with setting node-keys in CI
- [bugfix] misc minor bug fixes found in audit
- [bugfix] fix gas event from not emitting
Refactoring is continuous as the code-base matures.
- [refactor] update the migration curve
- [lint] lint fixes
- [Refactor] Detect bad node accounts
- [Refactor] Chainclients refactoring
- [Refactor] Signer storage
- [refactor] stop using string over common.Chain
- [refactor] choose multiple node accounts to churn
- [refactor] Memo tweaks
- [refactor] cleanup majority func
- [refactor] run in unstake txn is a donation
Infrastructure work is necessary to build a network that can be tested regularly.
- [infra] generate also include mnemonic phrase
- change gitlab aws deploy healthcheck endpoint to use thor-api instead of midgard
- testnet automation with churning
- ensure daily automated churning
- Config update
- [testing] add unit tests to ensure observed txns don’t have prepopulated signers
While engineering is ongoing for THORNode, BEPSwap’s codebase is maturing and more focus is on hygiene and clean-up.
- Fix `pool` state
- Resolve “Fix: Refactor and Migrate SwapView component”
- Fix: Create pool page does not render token details
- Generate sources for Midgard API endpoints
- Use generated types for `pool_addresses` endpoint
- Resolve “Use generated types / API functions of Midgard API in `wallet/saga`”
- Improve types of Redux related sources
- Resolve “Write unit tests for `colorHelper` and `formatHelper`”
- Resolve “Migrate `redux/binance/*` sources to TypeScript”
The Asgard Wallet has been published internally and is undergoing testing before public beta testing. Features:
- New/Import Keystore or Phrase
- View Assets
2/3 Review Complete
The updated testnet is in the final stages of testing.
To keep up to date, please monitor community channels, particularly Telegram and Twitter: