Decred Journal – January 2019

abstract art

Decred kicked off 2019 with a month that saw major software releases and significant developments in other parts of the project.

A new version of node and wallet software (v1.4.0) was released which will initiate a consensus rules vote (among other things), so timely upgrading is advised.

The dcrandroid mobile wallet that uses Decred’s peer to peer SPV mode was released (v1.0) and is available in the Google Play Store.

The RFP proposal for the decentralized exchange infrastructure described by @jy-p in a previous blog post was published on Politeia.

The community consultation process to define Decred’s foundational messaging was concluded, the tagline selected as part of this messaging is: “Decred: Secure. Adaptable. Self-Funding.” Outreach efforts have shifted to planning the year’s activity, with pre-proposals on events and marketing spending being shared in chat and on reddit.

This issue also covers early February, as several important developments happened in the first week of February and it was deemed worthwhile to include these ahead of the February issue.

v1.4.0 Upgrade and Consensus Vote

Node and wallet software v1.4.0 was released. Full release notes and downloads are on GitHub. As always, make sure to verify the downloads.

The release brings significant improvements, along with a proposed change to the consensus rules which fixes a bug with the Lightning Network support. Node operators are advised to upgrade to help the network reach the upgrade threshold. Once upgraded, voters should set their voting preferences. Upgrade progress can be tracked at voting.decred.org.

For technical details of the consensus change see DCP0004 and a post by @matheusd.

Except for the vote agenda, v1.4.0 final has no other significant changes since Release Candidate 2 which was covered in December.

Development

dcrd: An issue was discovered in v1.4.0 RC1. The large change to UTXO set semantics accidentally fixed a bug in consensus rules. Old incorrect behavior was preserved until a consensus vote can take place to correct it. Thanks to everybody who helped to discover and fix the bug in the release candidate.

The code for the consensus vote is completed and included in the final v1.4.0 release. The fix and vote was prioritized because it is required for Lightning Network. DCP004 (Decred Change Proposal) explains the change in detail and reminds of useful applications of relative locks beyond LN. Side effect of this work was refactoring and reinforcement of tests in that area. @matheusd has published a blog post which gives an overview of the bug and how it was found and responded to.

Discussion started how to further improve stake difficulty algorithm by removing oscillations - this could make ticket price even more smooth.

Decrediton: bug fixes and preparation for v1.4.0 release.

A feature to specify config options as command line arguments merged to master.

Politeia: Feature to view previous versions of a proposal was enabled.

In development: Onboarding popup was replaced with relevant links to docs. Thanks to lemonkabir for discovering a couple of security issues. Cache layer entered review phase.

Discussions:

dcrandroid: Final version 1.0 was released! Get it on Google Play Store for mainnet or testnet wallets. Test coins can be obtained via the faucet. Feedback is welcome on Reddit and bug reports on GitHub.

Since release candidate 2, final version added sync progress display, no wifi alert, new splash screen and minor bug fixes - full changelog here. Congrats dcrandroid team!

dcrios: preview is available on Apple TestFlight.

dcrdata: New home page design is advancing. Values on the home page now update automatically when new block is found. Exchange rate monitoring was added to the backend that enables showing USD values on the UI. HTTPS is now enforced on explorer and mainnet subdomains (discussion).

New home page design that includes exchange rate, new address table views, improved charts and speed optimizations are available in v4 beta at beta.dcrdata.org. Detailed release notes will be compiled with the release candidate.

Dev side: @buck54321 is destroying imperative jQuery code. Team is preparing stress testing of Insight API (they call it torture testing, ouch).

Ticket splitting: Internal code improvements, preliminary work for Decrediton integration. A monitoring page was set up that shows active splitting sessions from all VSPs that support it.

docs: New pages: Operating a VSP outlines configuration requirements and desired skillset of VSP operators, Solo PoS Voting brings the guide by @jz to all docs readers, Address Details describes all possible types of addresses, Contributing to Decred explains how to become a paid Decred contractor.

Deep dive security discussion in #documentation concluded that it is possible to assemble general computer security guidelines that will be beneficial for the whole space.

decred.org: Huge effort to migrate the site to Hugo was completed by @peter_zen. Hugo is a static site generator written in Go that makes updating site content much easier. Several site speed optimizations were enabled. voting.decred.org dashboard is being updated in preparation for the upcoming consensus vote - congrats @jholdstock with diving into Go!

Other:

Dev activity stats for January: 242 active PRs, 243 master commits, 60K added and 47K deleted lines spread across 8 repositories. Contributions came from 2-8 developers per repository.

People

Welcome to new first time contributors with code merged on GitHub: Sarlor (dcrd), laszlolm (decrediton), dezryth (dcrdocs).

Congratulations to 6 new contributors listed on decred.org:

4 inactive developers removed from decred.org: Cruz Molina (@freethinkingaway, dcrdata), Huy Nguyen Tuan (@huyntsgs, dcrwallet), Macaulay Davies (@mcedward), Rohit Nagori.

Independent Decred contractors published their plans for 2019, thanks to ~15 people who contributed. The post triggered a discussion about roadmaps, central planning and contractor autonomy, as well as commentary from Ditto.

Governance

In January the Treasury received 16,776 DCR and spent 9,991 DCR. Using January’s daily average DCR/USD rate of $17.1, this is $286K received and $170K spent. As these payments were for work completed in December, it is also informative to consider them in the context of the December average daily rate of $17.5 - in which case the USD received/spent figures are $294K/$175K.

Contractors are now getting paid on ~15th of each month for the prior month’s work. The delay between invoicing and getting paid was cut in half from ~30th day. Work is ongoing to further decrease this delay.

“RFP: Decred Decentralized Exchange Infrastructure” proposal was submitted by @jy-p. It outlines motivation and high level design of the DEX first described in June 2018 post. The project is estimated to complete in less than 6 months with a budget between USD 100,000 and USD 1,000,000. Voting will happen in 2 phases: the first proposal will determine if stakeholders want to pursue this, if the first proposal is approved then proposals will be invited from interested teams and the second phase will be to select one of these. This process is known as request for proposal.

Decred Bug Bounty program launched following a successful proposal vote in December. Check the rules on the new website bounty.decred.org and the intro blog post on hackernoon. Credits to @fernandoabolafio and @jholdstock for majority of the site work. Bounty team who decides on validity of submissions and payouts includes @degeri, @dnldd, @fernandoabolafio, @jholdstock and @matheusd. Congrats team with the launch!

@Dustorf is preparing proposals to improve transparency and increase stakeholder’s control of the allocation of funds for the marketing activities. Events spending pre-proposal was published for feedback on Reddit after first iteration in chat. Marketing budget pre-proposal also started in chat and landed on Reddit after a first round of feedback.

@oregonisaac is looking for Java developers to evaluate requirements for ATM integration. Draft of the proposal was posted and discussed in chat. There was some consensus to use 2-phase RFP voting. Another good point discussed was whether to wait for mobile apps releases before proceeding with the ATMs.

Discussions:

Network

Hashrate: January’s hashrate opened at ~187 Ph/s and closed ~225 Ph/s, bottoming at 144 Ph/s and peaking at 312 Ph/s throughout the month. As of Feb 8, pool hashrate distribution: Poolin 29%, F2pool 26%, BTC.com 19%, UUPool 8%, Luxor 4%, CoinMine 1% and others are 13% per dcrstats.com. Pool distribution numbers are approximate and cannot be accurately determined.

Staking: 30-day average ticket price was 109.4 DCR (+6.4) on Feb 4 per dcrstats.com. The price varied between 101.5-111.6 DCR. Locked amount was 4.20-4.38 million DCR, which corresponded to 46.3-47.5% of the available supply.

There were 90 total split tickets in January. Data since May 2018 shows steady growth.

Nodes: As of Feb 4 there were 197 public listening nodes and 369 normal nodes per dcred.eu. Version distribution: v1.5.0 dev builds: 4.3% (+2.8%), v1.4.0 dev and rc builds: 13% (+6%), v1.3.0: 55%, v1.2.0: 14% (-6%), v1.1.2: 8% (-2%), v1.1.0: 3% (-1%).

Mining

Obelisk batches 2-5 are shipping, Gen 2 firmware update contains new features and bug fixes. Class action filed over Obelisk’s sale of SC1 and DCR1.

Open source Decred mining pool implementation is in the works by @dnldd.

Integrations

New VSP dcr.grassfed.network joined a list of total 23 VSPs.

Exchange integrations:

Ellipal wallet announced Decred support in latest firmware release.

Exodus wallet integrated USDC, a USD-pegged token by Circle.

Second episode of infrastructure interview series by @kozel featured Stephen, founder of the luxury goods outlet Crypto Emporium. Stephen shared insights into running a business, accepting crypto, processing orders, supply chain and future plans.

Our best selling product on the website has undoubtedly been the famed Decred Jacket! It’s been an honour to serve the Decred community for so long and help market a project I truly believe in.

Always do your research before using wallets or services, especially those that take custody of your funds.

Adoption

BlueYard announced second fund raise and explained their strategy of investing into contrarian projects.

Outreach

Marketing team is planning to approach reporters publishing inaccuracies about Decred. As a test case for that workflow one horrible article was scrutinized by the community and Ditto collected the feedback for that and future cases. Ditto has systems to catch every piece of media written about Decred. As they get to know the community better, it will be possible to address inaccuracies in real time. Another issue discussed was integrating Ditto’s corrections workflow with voluntary submissions from the community.

Tagline for Decred was extensively discussed in #marketing and on Reddit. Final version of messaging settled it on “Decred: Secure. Adaptable. Self-Funding.” which gathered most support. As time goes this will be revised to adapt to the ever changing space.

January update from Ditto:

Individuals are advised to share media coverage because amplification is just as important as the media placement itself.

For even more detail see the biweekly updates on Jan 7 and Jan 18. Nice discovery in one of them:

The community welcomes and encourages questions, even if the person asking fears that their questions are “stupid.” We’ve observed a spirit of collaboration and willingness to help that we haven’t seen in other communities. It’s refreshing!

Other:

Urgent Notice: new batch of Stakey plushies is available!

Events

Attended:

Upcoming:

Open source and hacker oriented events like DEFCON, CCC and FOSDEM were discussed and captured in this issue.

Media

Community initiatives:

Decred page on Wikipedia was deleted. On Jan 8 a user removed a bunch of “bad sources” and on Jan 10 vandalized the page by removing a large and important part of content. Just 4 hours later another user nominated Decred page for deletion - the 3rd attempt to take it down. For background, the author of 2nd nomination for deletion had interesting views on notability and was banned as a sockpuppet. On Jan 11 content removal was reverted and its author was banned as sockpuppet, but next day the removal was applied again by another user without much commentary. After the slicing the page became very small and all reviewers voted to delete it due to lack of reputable sources. All suggested recent articles in major crypto media were deemed not good enough references. On Jan 18 the page was deleted and removed from List of cryptocurrencies that was left with more notable coins. Details and links to discussions are captured in this issue. Experienced Wikipedia editors are welcome to help.

Selected articles (chronological order):

Translations:

Videos:

Audio:

Community Discussions

Community stats as of Feb 4:

Comm systems news:

Criticism from Bitcoin maximalists triggered a discussion on how Decred looks in context of securities laws. One vector critics use is that Decred’s premine and airdrop was not fair and “hand selected”. This is a misrepresentation of the (huge) manual effort to filter out airdrop cheaters, per this discussion that also has many useful links describing Decred’s launch. One interesting insight shared is that ~300K (35%) airdropped coins never moved. Another related chat was about Twitter attacks claiming how Decred’s initial distribution was not transparent or fair, while avoiding inconvenient facts about Bitcoin’s early mining and Satoshi’s million BTC. Finally, a history lesson explained early days of staking and made a point that original devs had no unilateral control of consensus rules from day 1.

Huge debate about importance of building Reddit community here.

Markets

In January DCR was trading between USD 15.5-19.5 / BTC 0.00435-0.00487. The average daily rate was $17.1.

Relevant External

Ethereum Classic (ETC) was subject to a 51% attack, with the alert being raised by CoinNess on Jan 7. Coinbase then announced that it had detected a deep reorganization of the ETC chain and had halted ETC transactions. The article lists a number of reorgs that involved double spends, putting the total amount involved at $1.1 million, across 15 distinct reorg events. Coinbase was not itself a target for these attacks. The Gate.io exchange subsequently announced that it had been targeted and had lost around $200K, and that it would absorb the loss. Gate.io also significantly increased the number of confirmations required for ETC deposits. In an unusual development, the attacker then returned $100K of the ETC to Gate.io, they have tried but failed to make contact with the attacker and do not know the reason for the return of funds. Other victims of the ETC double spends have not come forward.

Ethereum’s developers decided (tentatively) on Jan 4 to go ahead with a change of mining algorithm from Ethash to ProgPoW. This move is intended to stop ASICs from mining Ethereum. The Block outlined concerns like reduced attack cost after the switch, weaker incentives of GPU miners, questionable benefit of transfer of power from Bitmain and Innosilicon to AMD and Nvidia, and a possible chain split. They concluded that the debate around the algorithm switch will be a good test for Ethereum’s governance process.

Ethereum developers also delayed the Constantinople hard fork on Jan 15 after a security vulnerability which would have enabled a “reentrancy attack” was detected.

Fundamentals of Proof of Work article by David Vorick makes the case for exclusive hardware cryptocurrencies and contrasts them with shared hardware cryptocurrencies that suffer from multiple issues, especially those pursuing ASIC resistance. One of the issues with non specialized hardware is that the hardware’s value is not closely related to the asset (because it can mine many other chains). Another issue is hashrate marketplaces, they allow hardware owners to get more profit by not caring about which coin they mine, even if the hashrate is rented to attackers. Decred benefits from specialized hardware and is by far the dominant coin for its algorithm (Blake256r14). Although this hardware cannot be considered “exclusive” to Decred, in addition to current hashrate dominance for its algorithm Decred has the PoS factor which is capable of denying rewards to misbehaving miners.

The first round of Aragon proposal voting concluded on Jan 26. Of the 12 submitted proposals, 3 were excluded from the vote by the Aragon Foundation (1 because of lack of full time leadership and engineering talent, 2 were excluded to reduce cognitive load on voters). 8 of the 9 proposals voted on were approved by ANT holders, with one proposal (to change the voting period duration from 48 hours to 1 week) rejected. ANT participation rates ranged from 2.3 to 7.8%. The most expensive proposal to be approved will pay Aragon One $4 million for 2019 operating costs plus an incentive package consisting of 1.675 million ANT on a 5 year vesting schedule. An incentive in ANT with a vesting schedule was included as part of most proposals, in addition to the main cost to be paid in DAI. In total this round of approved proposals will cost around $5.94 million + 2.52 million ANT (~$880K).

The EOS referendum system for constitutional amendments went live on Jan 11. So far 77 proposals have been submitted. The voting period for these proposals is flexible and specified by the submitter, some last as long as four months. The proposals with the most votes (as of Jan 31) have votes from around 2% of circulating EOS, but most proposals have very low participation (only 10 have greater than 0.5% participation). So far the most popular proposals are to change where the fees for short names and RAM purchases go, delete the EOS Core Arbitration Forum, and burn the inflation funds in eosio.saving (to be used for funding the worker proposal system).

The NEM Foundation announced that it is in financial difficulty and needs to downsize its workforce. A new council took over the foundation on Jan 1 and when they opened the books they saw a problem. The previous council had a burn rate of 9 million XEM per month ($360K now, considerably more at the time) which was spent by independent regional entities on promotional activities with little accountability. This was deemed not sustainable, and the new council has restructured the foundation and is presently seeking additional funds.

Updated version of the “forkonomy” research by Wassim Alsindi (@parallelind) was published along with an up-to-date follow-up.

Hcash forked a few more Decred projects: Autonomy (Politeia), hcexplorer and hctime. In Politeia, they accidentally removed copyright of Decred developers and forgot to rename the project. After being notified they quickly reacted by removing multiple repositories, reinstating the license and renaming the Politeia fork to Autonomy. A few missed subtle Decred icons were fixed. Some projects were forked with their commit history erased and without marking them as forks on GitHub. Complaints (1, 2) on their subreddit were silently censored with no reply. Oh, and r/hcash styles look familiar. Discussed here.

A sad example of what can happen when the team runs out of money.

ICO projects withdrew ~441K ETH ($52.5M as of Feb 9) from treasuries in December 2018.

Staked, a startup that provides staking services for institutional investors, raised $4.5M from Pantera, Coinbase, DCG and others. Covered by CoinDesk, The Block and Bloomberg. Staked operates a Decred VSP since Nov 2018.

Binance now allows one to buy crypto with Visa and MasterCard (and the list of restrictions tells us something about fiat).

Coinbase banned accounts of social media platform Gab. This is not the first big case of account suspension by the exchange.

Medium censored an article “How to use Bitcoin anonymously” which spurred discussion and an issue about migrating away from it, or at least treating it as one of multiple content mirrors. Backup your Medium posts, just in case.

Bank for International Settlements released a very optimistic study of cryptocurrencies.

Vulnerability was discovered in digital signatures of Bitcoin and a few other systems. A tiny set of signatures was generated using an incorrect implementation of signature algorithm which can be used to reveal private keys. Only a few thousand signatures were vulnerable out of nearly a billion Bitcoin signatures examined. According to researchers, the vast majority of cryptocurrency users need not worry.

Largest data breach in history contains a collection of thousands of hacked databases. Choose wisely who you share data with.

Cryptopia was hacked with loss estimates varying between $3-16 million. Binance froze some funds coming from the hack.

New wave of hAnt infections (first seen in August) was reported targeting Bitcoin mining rigs. The ransomware demands to infect 1,000 other devices or pay 10 BTC, else it threatens to burn the rig. There have been no reports of destroyed equipment so far.

Resource exhaustion vulnerability known as Fake Stake attack was discovered in 26+ blockchains based on PoSv3, the majority of them deployed mitigations. Part of the root cause is that in many such systems the Proof of Stake layer was “grafted in” to the Bitcoin Core codebase insecurely. One of report’s authors tweeted that Decred is not affected.

About This Issue

This is the 10th issue of Decred Journal. Index of all issues, mirrors and translations is available here.

Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.

Your feedback and contributions are welcome on Reddit, GitHub and Matrix.

Credits (alphabetical order): bee, davecgh, degeri, Dustorf, guang, Haon, jholdstock, liz_bagot, lukebp, matheusd, richardred, saender, zubairzia0.