Decred Journal – June 2019

abstract art

Image: “Anomaly” by @saender.

June’s highlights:

Development

dcrd: Code maintenance and more test coverage.

Several modules upgraded to improve organization and code quality. Version 2 of the dcrutil module introduced to reduce coupling and prevent subtle bugs in handling addresses. A large change to introduce v2 of chaincfg module completed. Benefits from this include: reducing the surface of the critical consensus code by defining block 1 payouts as scripts instead of addresses, removing undesired side effects upon importing the package and improving organization of network parameters. Version 2 of the txscript module also introduced to use new versions of chaincfg and dcrutil modules. The opportunity of the version bump was taken to also address several issues in the v1.

Overhaul of the background template generator covered in May issue was merged.

These large code upgrades are done very carefully. First, a new module version is introduced, then depending modules are gradually updated to use the new version. At all times, everything must build and pass all tests, and each commit must be maximally reviewable.

Among other smaller improvements, support was added for the generation of Ed25519 TLS certificates on Go 1.13.

dcrwallet: Bug fixes and incremental improvements.

Default TLS curve changed to a more secure P-256. Support added and enabled for Ed25519 TLS certificates by default on Go 1.13.

Ticket handling improved by the addition of ticketbuyer.limit flag to limit max tickets bought per block and corrected lockedbytickets balance calculation to address several issues for solo, VSP and split ticket voters. An RPC fix will allow VSPs to show immature tickets separately. Several new wallet address APIs added to simplify the development of address-related features.

Work is in progress to allow arbitrary xpub account imports. This feature will improve privacy by allowing the automatic ticket buyer to derive unique voting addresses, avoiding address reuse.

Decrediton: Work on LN wallet integration continues. Internal improvements to handling configuration, bug fixes and maintenance.

PoC underway to use a finite state machine to better manage complexity and improve correctness during startup.

Politeia: A plugin structure has been added to the Politeia user database that makes building generic applications on top of Politeia’s web server (politeiawww) easier. This will allow applications to more easily store application-specific user data (such as data from the Contractor Management System (CMS)), while still re-using the main user routes. A generic dcrdata websocket implementation has also been created, making it easier for applications building on politeiawww to monitor address balances and other blockchain data.

A number of incremental improvements and bug fixes related to the CMS, an application running politeiawww that reuses much of Politeia’s frontend. Friction in the process of submitting invoices has been significantly reduced. The CMS has been in production processing contractor invoices since early May.

A full Politeia redesign to clean up the UI and make it consistent with Decred branding is underway and should launch within a month or so.

An issue with duplicate votes was identified and fixed in May, but missed in the May issue of the Journal. 15 duplicate votes on the Decentralize Treasury Spending proposal made it into the Politeia journal repository, due to a bug with how incoming votes were checked against the memory cache, with concurrent votes being added before the cache was re-checked. The bug was identified as soon as the first duplicate vote was submitted and was quickly fixed.

Progress was made towards running multiple Politeia instances concurrently, making email optional and public reporting on expenses.

dcrstakepool: VSP software is getting more love in the recent months. Following the redesign in May, there was a lot of refactoring work to achieve proper layer separation between the components that will also have a small bonus for security and performance.

dcrlnd: Work continues to port upstream changes from the lnd repository. Approximately 190 (of 270) of the PRs merged into lnd since dcrlnd branched off have now been incorporated, including many bug fixes and two important features: safe backups for off-chain data and watchtower clients for breach protection and retribution.

In response to a question about BTC-DCR swaps on LN, @matheusd clarified the state of multiple elements of the puzzle.

dcrandroid: Minor bug fixes and UI improvements, new translations to Spanish and Portuguese (BR), and a new send and estimation function.

dcrios: v1.0.0 is released on the App Store after 6 months of active work!

Initial release is available in English, Russian and simplified Chinese, with more translations to come. Bugs reported in Release Candidate 1 and Release Candidate 2 have been fixed and minor UI tweaks have been implemented.

Congratulations to dcrios team: macsleven, itswisdomagain, collins, ensoreus, rktr09 (developers), DZ (design) and all the testers.

dcrdata: A major release, v5.0 is now live. In addition to architecture, security, and performance improvements, v5.0 introduces a number of new charts and visualizations for exploring Decred data.

A new market page shows data from several major exchanges, including aggregated DCR price feeds, order book depth, candlestick charts, and more. The proposals page is out of beta, and showing stats and voting charts (real-time and historical) for all Politeia proposals. Missed votes chart shows an important network health indicator.

Architecture improvements include an upgrade to PostgreSQL (lite mode has been removed), improved database schema versioning, a refactoring of the dcrd notification pipeline, experimental support for CockroachDB, block-prefetching by default, and a new pubsub module version with address subscriptions.

Charts should also load faster with performance improvements, including improved memory management and a new pre-encoded charts caching system.

For a full list of changes, see the Release Notes.

docs: Instances of “DAE” (Distributed Autonomous Entity) have been replaced with “DAO” (Distributed Autonomous Organization). A new page adds details on how the algorithm used to pseudorandomly select tickets for voting works.

Other:

Dev activity stats for June: 283 active PRs, 321 master commits, 62K added and 29K deleted lines spread across 15 repositories. Contributions came from 1-8 developers per repository.

People

Welcome to new first time contributors with code merged to master: Marton (politeia), Amos Ezeme (dcrandroid), Quadri Anifowose (dcrandroid), Lore (dcrandroid).

While @DZ’s commits merged in dcrandroid were detected as first time, it should be noted that he is a longtime Decred contributor.

Governance

In June the Treasury received 15,135 DCR and spent 6,657 DCR. Using June’s daily average DCR/USD rate of $28.90, this is $437K received and $192K spent. As these payments were for work completed in May, it is also informative to consider them in the context of the May average daily rate of $27.71 - in which case the USD received/spent figures are $419K/$184K. As of Jul 1, Treasury balance is 622,472 DCR ($18.36 million USD at $29.50).

Below are the status of proposals as of Jul 1.

The following proposals were approved:

There were 2 new proposals published:

This graph shows Politeia voter participation for the 28 proposals that had finished voting thus far.

For a more in-depth review of what’s been happening on Politeia, check out the two issues of Politeia Digest published in June.

Following questions on Reddit, Exmo posted a short update and went on to list DCR on Jun 18.

A number of posts on the r/decred subreddit have sought to poll the Decred community about the optimal Politeia approval threshold, renaming Decrediton to Declaration, calling Decrediton something other than a wallet, and asking whether Decred should start using DAO instead of DAE to describe the decentralized stakeholder governance of the project.

The last poll (to rename the DAE to a DAO), can be considered a “soft proposal” by @s_ben. The rationale behind this proposal being that, while the name DAE (Distributed Autonomous Entity) was originally chosen to avoid association with the Ethereum DAO hack, DAOs have since become a hot topic in crypto, with little association in the popular imagination with the DAO hack. Because Decred arguably has a more legitimate claim on this term than other projects, having already built a functioning DAO (which is producing this newsletter), it makes more sense to be part of the conversation. A Politeia proposal was considered. However, there were no objections to the change in various comm channels (as captured in this comment), and the rough consensus was that, barring any strong opposition, such a change did not require a Politeia proposal. @s_ben has changed references in the docs and has submitted a pull request to change the term on decred.org. Activity and discussions of this move are tracked in this issue.

While some of these polls and the discussions around them have been interesting, it has been noted by community members that there are problems with using Reddit and polling sites to gauge the opinions of Decred stakeholders. These platforms are open to people who are not stakeholders, and allow for the polls/posts to be arbitrarily deleted or modified by their creator. In discussion about this phenomenon there seems to be strong support for a Decred’s version of Reddit, based on Politeia, which would allow for a limited number of ticket-voter polls to be created.

Network

Hashrate: June’s hashrate opened at ~504 Ph/s and closed ~540 Ph/s, bottoming at 369 Ph/s and peaking at 607 Ph/s throughout the month. Pool hashrate distribution as of Jul 2: lab.antpool.com 18%, UUPool 17.7%, F2Pool 14%, Poolin 9.5%, BTC.com 9%, Luxor 2.2%, CoinMine 0.21%, BeePool 0.15%, suprnova 0.03% and others 29% per dcrstats.com. Pool distribution numbers are approximate and cannot be accurately determined.

Staking: 30-day average ticket price was 120 DCR (+4) per dcrstats.com. The price varied between 116.8-127.3 DCR. Locked amount was 4.75-4.84 million DCR, which corresponded to 48.01-49.03% of the available supply.

Nodes: throughout June there were around 200 listening nodes and 340-510 total nodes per dcr.farm. As of Jul 8, roughly 80% run v1.4.0, 9% run dcrwallet v1.4.0 (SPV) and 4% run v1.5.0(pre) dev builds.

dcr.farm received a new Lightning Network dashboard. As of Jul 8, the DCR testnet LN shows 15 nodes, 45 channels and a total capacity of 370 DCR.

On Jun 27 DCR supply crossed 10,000,000 DCR. 10 million DCR distributed means the genesis premine accounts for 17% of currently circulating DCR, so far PoW miners got 50%, PoS voters got 25% and the Treasury got 8%.

There were support requests from ticket holders saying that their tickets have been missed by certain VSPs. Upon investigation, it was discovered that Grassfed and d1pool have been forked off from the network and have missed voting on their tickets. Grassfed has responded and promised to keep up with future updates. We have been unable to reach d1pool and discussion is currently underway to remove them from the list of VSPs at decred.org.

There has also been an issue and a chat on how these issues can be avoided in the future. Another discussed idea was a sustained effort to get more people set up their own voting wallets.

Integrations

Exmo delivered on their proposal and enabled DCR/BTC, DCR/RUB and DCR/UAH pairs on Jun 18.

Vertbase added recurring orders and an option to sell digital assets for USD for US customers.

EliteX listed DCR and wrote an article to explain Decred to their users.

MXC Exchange added a DCR/USDT exchange pair.

Bleutrade announced DCR to be delisted among a mass cleanup planned on Jul 15 - the second delisting run this year (discussion). Bleutrade was very supportive of Decred. It was the first to list Decred and it did so on the very first day of the network on Feb 8, 2016.

Decred’s part of the Trust Wallet integration is nearing completion. Approved by voters in March, this proposal split work between the Trust Wallet team, which was tasked with the core wallet integration (complete), and Decred, which was tasked with integrating with and hosting the Blockbook server that Trust Wallet uses to host transaction data.

Warning: the authors of Decred Journal have no idea about the trustworthiness of any of the services above. Please do your own research before trusting your personal information or assets to any entity.

Outreach

Progress continues to be made on outreach, with a big focus on education and making it easier to learn about Decred. There is concrete work being done to establish a social media playbook that will enable every community member to contribute. Checkmate has emerged on Twitter, introducing the #DecredChallenge hashtag and challenging everyone to study Decred for 30 days and explain why Decred shouldn’t be #2 by market cap. Results have been very positive, and Decred social media activity and effectiveness have picked up significantly. It’s very important to like and comment on Decred stories, as that increases the reach and enables more stories to be written.

Building on education, website work is coming close to production, with a new introductory video and new subpages on Secure, Adaptable, Self-Funding, History, and a general repository on education. This work will help support community growth by making it easier to understand Decred.

@anshawblack released Decred in Depth podcast episodes featuring @lukebp and Joel Monegro. @Dustorf and @jy-p recorded Decred Assembly episodes, including Decred Distributed with @akinsawyerr featuring Decred in Africa, Deep Dive with @moo31337 on the Treasury proposal, and Decred Distributed with @richardred. The latter two episodes will be released shortly.

Various events are being planned across the world, including Germany, Japan, China and Toronto. The project has funding for a major event in Europe and Asia in 2019, and has not yet made a specific commitment. Please share in #event_planning if you have specific ideas. We rely on the community across the world to help identify and execute opportunities.

Decred has made significant progress on the issue of governance. The staking byline in CoinDesk is a precursor to the Decred governance manifesto, and @akinsawyerr spoke at the Wharton Governance conference alongside leading speakers in the field. There was much discussion of Decred and it was widely respected as a pioneer and leader in governance. Decred has been invited to speak at the next such conference in Japan.

Ditto’s June achievements:

Events

Attended:

Upcoming:

The revamped event reports repository is now at 14 decent reports. Please submit your reports and share them on Reddit/Twitter to expose how much event action is happening every month.

Media

Ditto’s PR guidelines have been collected in a new repository, currently including Foundational Messaging, Ticket Messaging and Engagement Guide how to react to delisting/geofencing.

A new community wiki repository was started for any knowledge that doesn’t fit decred.org or the docs. The first created page is a comprehensive list of Decred social media groups.

Selected articles:

Translations:

Videos:

Audio:

Community Discussions

Community stats as of Jul 1:

Comm systems news:

Selected Reddit posts:

Selected Twitter discussions:

More wild not-quite-maximalists were spotted on Twitter this month, people who would consider themselves Bitcoiners but who also have a fondness for Decred. Apparently there are more of these closeted Decred fans, who dare not speak out about the cred because it would result in a loss of status in their circle.

Markets

In June DCR was trading between USD 24.77-37.06 / BTC 0.0026-0.0035. The average daily rate was $28.90.

On Jun 22 Bitcoin crossed $10,000 and in a matter of days rose up to $13,670 in some markets. This caused most alts including Decred to go down against BTC.

Relevant External

Facebook published the Libra white paper on Jun 18, and this dominated blockchain news and discussion for a spell more than any other subject has for some time. Quotes from @jy-p were featured in a number of articles about Libra on high profile sites (see Ditto update above), questioning Facebook’s track record and whether inviting them to also handle our financial transactions is a good idea. We will not revisit the discussion of Libra here, except to note that the white paper addresses how it will be governed - through an association where validators (approved organizations that provide the necessary capital) vote to make decisions. 21 organizations, mostly large multinationals, were announced with the white paper, with an aim to have 100 signed up before Libra launches. It will be interesting to see how a distributed ledger operated by 100 (mega-)corporations behaves in comparison to the one operated by the Decred stakeholders and their ~40,960 tickets.

Parity Technologies released an alpha version of Zebra, an alternative Zcash node implementation written in Rust. The codebase has been handed over to the Zcash Foundation. Parity first announced plans to build an alternative node in Oct 2018. Zebra was derived from Parity’s Rust Bitcoin implementation and will lay the foundation for a future Polkadot bridge.

Dovey Wan announced that the “Hard Core Fund” has accumulated 50 BTC which can be used to pay Bitcoin developers, and described the search for sustainable funding for Bitcoin developers as the biggest challenge facing the ecosystem in 2019. The fund makes payments to approved Bitcoin contributors when they send monthly reports about what they have worked on.

Another funding event for Bitcoin was two privacy projects, Wasabi Wallet and JoinMarket, getting awarded grants of 10 BTC each from a bounty fund created in 2013 to incentivize work on CoinJoin. The fund is a 2-of-3 multisig controlled by Greg Maxwell, Theymos and Pieter Wuille.

The Bitcoin Cash Development Fund also announced good progress on a development funding drive, with 760 BCH of a targeted 800 BCH raised from 900 donors.

Grin is attempting to iterate towards a less centralized form of governance, after recognizing that the absence of formal governance processes plus the need for trusted contributors to manage shared resources (donated funds) has led to a de facto centralization of responsibility for the project. The Grin council is to become the core team. A Request for Comment process is being introduced through which feedback is sought on proposed development work. Sub-teams will organize independently with their own leaders.

Zcash continues to move towards a method of funding development long-term through a portion of the block reward, likely 10%. Zooko (CEO of Electric Coin Company) has stated that the ECC needs 12 months of runway to function and if no continuation of funding for ECC is established one year before the founder’s reward, then ECC will have to consider pivoting to other projects which can generate revenue. Zooko has also expressed the opinion that the ECC should not take the lead on deciding how this funding mechanism should work, and that it should be more decentralized than the current setup. Zooko has been looking at Decred’s governance as part of this process: “In a voting system with lots of cold coins, like Zcash, I would expect a good turnout to be around 1%.”.

Monero Community Crowdfunding System is funding 3 audits of the new PoW algorithm, following a process in which 20 participants in the #monero-dev IRC channel voted to prioritize the audits. A CCS proposal was created which covers all 3 audits (costing $18K, $47K and $53K respectively), with audits being greenlit as enough funds became available to pay for the preferred audits.

Aragon Black published an article about Aragon Fundraising, which will be coming to mainnet in a few months. This is a platform for conducting Decentralized Autonomous Initial Coin Offerings (DAICOs, a concept initially described by Vitalik Buterin). Individuals who invest in a DAICO will receive tokens which grant them voting rights and some degree of ownership of the DAO’s assets (which may come to include tokenized rights to intellectual property).

MakerDAO will be voting to determine the order in which 7 pre-selected assets will be proposed for review and ratification as part of the multi-collateral DAI upgrade.

Arthur Breitman, Tezos founder, published a blog with a design for a “simple and evolvable on-chain treasury”. As a starting point, he suggests that funds be collected in a 3-of-5 multisig contract where the signatures are controlled by reputable parties. From there, the treasury could evolve into a system with many participants where proposals are made on chain. Sounds familiar.

There has been some friction between the developer groups working on Tezos software. The OCamlPro team introduced a proposal to fix a security issue and reward themselves from inflation funding - at a time when the other developer teams had agreed to wait and inject a proposal at a later time. OCamlPro’s “early” submission means that the bakers will likely vote it down and thus it will take longer before the “real” proposal is submitted. OCamlPro appeared to be feeling frozen out by the other teams, having submitted a bug report and failed to receive acknowledgment. Subsequently, Tezos commons published an article which purportedly uncovers details of a plan by OCamlPro to fork the Tezos chain and capture part of the Tezos community and market capitalization - and speculates that the OCamlPro team are acting to destabilize the Tezos community ahead of this move.

An anonymous user claiming to be a current or former employee of Chainalysis participated in an AMA on r/Bitcoin, subsequently deleted but archived here (thanks u/Fiach_Dubh). The answers suggested that Bitcoin privacy techniques like CoinJoin and Wasabi wallet, and all of the coins with privacy features, were hated by Chainalysis, and did not see a bright future for blockchain forensic analysis.

Speaking of CoinJoin, the community of privacy-centric Wasabi Wallet performed a 100-user CoinJoin transaction which might be the biggest to date. The more transactions in a CoinJoin, the more privacy everyone gets, but coordinating so many people is a challenge.

FATF has finalized its recommendation for handling crypto. Per the new standards, businesses like exchanges and wallet providers must obtain and store information to identify both sender and recipient, and exchange this information with each other like banks do (the “travel route”). Member countries have 12 months to adopt the guidelines which will be reviewed in June 2020. The recommendations are not binding but non-complying countries risk being put on a blacklist.

Some experts warned FATF that the new standard “could have the unintended consequence of ‘encouraging P2P transfers via non-custodial wallets…’” (which sounds strikingly familiar to the intended way of using crypto). Another quote from CoinDesk on this possible dynamic: “a common concern is that new regulations could push the public out of controlled platforms”.

The recent spate of geofencing continued, with Bittrex stopping US customers from trading 32 assets (DCR unaffected), and Gate.io restricting 19 assets for US customers (including DCR).

Binance is stopping service to US customers via their global binance.com site, while announcing that they will launch a separate US-based service.

Bancor is going to block access for US users to its web application for exchanging assets.

The Indian government is considering a draft bill which would criminalize those who mine, hold, or transact with cryptocurrencies, with stiff penalties of up to 10 years in prison and fines amounting to 3 times the perpetrator’s gains.

The Bitsane exchange, made famous by CNBC in a broadcast tutorial on how to buy XRP, appears to have pulled an exit scam and disappeared, along with the cryptoassets of any unfortunate users who were storing their crypto on the exchange.

A vulnerability in certain YubiKey products allowed an attacker to guess private keys.

Ad blocking browser extensions like uBlock are about to get hit by new Google Chrome restrictions. The move was controversial, partly because the stated intent to protect users from malicious extensions also restricts their ability to block unwanted and dangerous web content.

The rate of SIM swapping attacks is increasing, educate yourself and do what’s necessary to protect your accounts.

Komodo team exploited a bug to capture $13M of users’ KMD and BTC during a preventive white-hat counterattack. Komodo’s version of Agama wallet was targeted by a hacker who spent months making useful contributions before inserting a dependency that steals wallet seeds. Malicious package was detected by the npm security team who wrote that this attack is becoming more popular: publish a “useful” package, wait until it is used by the target, and then update it to include a malicious payload. After being notified by npm, the Komodo team decided to use the same exploit and managed to safeguard the majority of vulnerable funds before the hacker could steal them. Affected users can submit a Google Form to claim their funds. Not identical but related incidents happened earlier when an npm package was infected to steal coins from Copay wallets that used it, and when a bounty hunter added an inflation consensus bug to Bitcoin Private. These incidents show that it is crucial to carefully vet and verify contributors and to audit not only your own code but also all dependencies and all of their updates (which is not a small task).

Who would have thought that a 27-year old text editor can still have an arbitrary code execution vulnerability? This is a reminder that correctness is hard and why it takes so much work to build and test robust software.

About This Issue

This is issue 15 of Decred Journal. Index of all issues, mirrors and translations is available here.

Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.

Your feedback and contributions are welcome on Reddit, GitHub and Matrix.

Credits (alphabetical order):