Decred Journal – July 2019

Image: Staking discussion at StakingCon 2019 in Beijing

Image: Staking discussion at StakingCon 2019 in Beijing

Major news of July:

Development

dcrd: Optimizations and infrastructure additions for various planned upcoming features, code maintenance, bug fixes.

New major versions of rpcclient, database, blockchain/stake and dcrjson modules were introduced to take advantage of recent improvements in other modules. The new dcrjson module saw a significant overhaul, while retaining a backwards compatible API. This will allow consumer modules to pick up the majority of the improvements via the old API before they fully upgrade to the new one. Opportunity of major version bumps was taken to break tight coupling and remove unused code.

A workaround for Go compiler’s code generation issues was added to avoid the explosion of binary size of chaincfg/v2 module.

dcrwallet: Codebase upgrades and bug fixes. Large refactoring of JSON-RPC code and removal of obsolete gRPC code have been merged.

Decrediton: Minor UI improvements and bug fixes. Responsive purchase ticket view implemented. A ton of dependencies were upgraded to close a host of vulnerabilities.

Politeia: Work continues on the redesign of Politeia’s interface. The other major task in July concerned the integration of tlog from Google’s open source Trillian data store on the backend as a replacement for Git. tlog (transparent log) will improve scalability, allow records to be timestamped individually, and will allow for switching to a filesystem like IPFS in future.

Login by email has been replaced to use username as part of the effort to make email optional and will be deployed on Politeia during the next update.

dcrstakepool: UI and performance improvements, bug fixes. Reworked Connect to Wallet view and added the display of VSP’s block height as a health indicator. More work to decouple dcrstakepool and dcrwallet (dcrstakepool should only talk to the stakepoold service that in turn manages the voting wallet).

Raedah Group has started work to improve the VSP authentication APIs. This will enable the use of accountless VSPs, which will greatly simplify the staking setup process for new users and allow to make email optional (discussion).

dcrlnd: Upstream changes from lnd have been ported, and private dev branches are mostly in sync with the upstream lnd master branch. The latest upstream pull request to be reviewed was submitted to lnd on Jul 25.

The lightning-faucet repo has migrated from @matheusd’s GitHub to the official decred org, where the faucet saw minor improvements this month to the form for generating Lightning invoices and the addition of continuous integration. Work has started on a new Pay Invoice form that will allow users to pay via the faucet (currently users must pay invoices on the command line with dcrlncli).

dcrandroid: Minor UI optimizations and bug fixes, as well as the ability to rename accounts.

Work is in progress to add biometric authentication, sound and vibration to notifications, and a stats page.

dcrios: UI optimizations and bug fixes, new translations to Spanish, Vietnamese and Portuguese.

dcrdata: v5.1 is now live. This release adds numerous UI enhancements, including the addition of fiat and percent values to the markets dashboard, new styling on the proposal page, a tweak to the “predicted” coin supply chart, fullscreen address chart (useful for Treasury address), and a progress bar for ticket revocations.

The Insight API has received some attention, with improvements to the address endpoint, several bug fixes, and increasing the maximum number of client connections from 1,000 to 16,384.

dcrdata is now the official Insight API for Decred. Exodus wallet now uses the host insight.dcrdata.decred.org for their Insight API needs. There are roughly 800 socket.io client connections (the Insight websocket bits) to dcrdata at any given time, and we’ve had no complaints from those users. (@chappjc in chat)

Changes in dcrd have been incorporated. npm dependencies were updated to close known vulnerabilities.

Work continues to finish removing sqlite.

Raedah Group continues work on dcrextdata, a package for collecting external (off-chain) data not yet found on dcrdata. Progress has been made on collecting node-level data about the mempool and block propagation times. These are being tracked now from a single node and the full history of tracked data will be made available (with charts) when it has been polished. dcrextdata also pulls in and stores data from PoW pools and VSPs, which will allow a historical record of these attributes to be maintained. Demo of the live data is available here.

Other:

Dev activity stats for July: 51 active PRs, 219 master commits, 50K added and 29K deleted lines spread across 15 repositories. Contributions came from 1-6 developers per repository.

People

Welcome to new first time contributors with code merged to master: bgptr (decrediton), emesterhazy (decrediton), ReevesAk (dcrwallet).

Congratulations to the 4 contributors listed on decred.org:

Decred Australia community has been building nicely. An update shared last month recaps partnerships established, events organized, people attracted as well as next goals. This was covered in June’s Media but turned out bigger than just an article.

Community stats as of Aug 1:

Governance

In July the Treasury received 15,517 DCR and spent 10,344 DCR. Using July’s daily average DCR/USD rate of $28.97, this is $450K received and $300K spent. These payments were for work completed in June at the rate of $28.90, so the billed amount is almost the same. As of Aug 1, Treasury balance is 627,514 DCR (16.8 million USD at $26.75).

In July, 2 new proposals were submitted:

A further 5 proposals were submitted in August, 4 relating to market makers and 1 related to DEX development. A forthcoming issue of Politeia digest will cover these in depth, and they will also be covered in the August edition of the Journal.

Issue 19 of Politeia Digest has more detail on July’s proposal activity and discussions.

A dataset and short report has been prepared which aggregates the Politeia data on the basis of username, producing accurate figures for how often each user has commented and voted, and how well their comments have scored.

Network

Hashrate: July’s hashrate opened at ~503 Ph/s and closed ~583 Ph/s, bottoming at 319 Ph/s and peaking at 687 Ph/s throughout the month. Pool hashrate distribution as of Aug 2: F2Pool 21%, UUPool 19%, lab.antpool.com 16.5%, Poolin 9.5%, BTC.com 7.3%, Luxor 2.2%, BeePool 0.14%, Coinmine 0.12%, suprnova 0.08% and others 24% per dcrstats.com. Pool distribution numbers are approximate and cannot be accurately determined.

Sharp drop in hashrate from 550 to 319 Ph/s was observed on Jul 5 according to dcrstats.com, followed by a quick recovery within ~20 hours. There was a long discussion on the possible reasons for the drop and on its accuracy.

Staking: 30-day average ticket price was 125.8 DCR (+5.8) per dcrstats.com. The price varied between 118.8-129.5 DCR. Locked amount was 4.83-5.06 million DCR, which corresponded to 48.25-49.84% of the available supply.

The ticket price got to the highest levels (129.46) since the difficulty algorithm consensus chage in July 2017. An argument was made that this value should not be considered an “ATH”, because the ticket price has been as high as 238.9 DCR before the algorithm was changed.

Historical charts of VSP data are available at dcr.farm. Similar data was recently made available at dcrextdata, but dcr.farm has data since Jan 2018. Setting a long time interval reveals interesting trends in VSP competition:

The chart of moving average of missed ticket proportion is interesting too and can be useful for choosing a VSP.

Nodes: Throughout July there were around 173 listening nodes and 360-530 total nodes per dcr.farm. As of Aug 2, roughly 70% run dcrd v1.4.0, 7.5% are dcrwallet v1.4.0, and 6% are v1.5.0(pre) dev builds.

As of Aug 2, the DCR testnet LN shows 18 nodes, 52 channels and a total capacity of 410 DCR.

Integrations

Everstake, provider of staking services, announced the launch of their Decred VSP at decred.everstake.one.

Exodus wallet gained Trezor support for managing and exchanging of DCR.

Vertbase, an exchange offering DCR with a fiat gateway, announced that they will be starting a foundation. An interesting event in the space, the foundation will donate to the development of projects that Vertbase lists and supports, and have its board composed of volunteer core team members from these project.

MixinNetwork integrated Decred. From their website, “Mixin is a publicly distributed ledger aimed to help other publicly distributed ledgers gain trillions of TPS, achieve sub second final confirmations, zero transaction fees, enhanced privacy, and unlimited extensibility.”.

Warning: the authors of Decred Journal have no idea about the trustworthiness of any of the services above. Please do your own research before trusting your personal information or assets to any entity.

Adoption

Portuguese unprocessed honeybee products maker DrApis announced that they accept DCR.

Blockhead Capital announced their investment in Decred and shared a research paper. Their conclusion:

Decred is an adaptive cryptocurrency with a rigid monetary policy. The rigid monetary policy provides the base required to achieve monetary premium while the adaptive nature of its on-chain governance allows for integration of more dynamic features. The hybrid consensus mechanism creates adequate checks and balances between the various ecosystem parties while eliminating contentious hardforks as the primary method to resolve disputes - a highly desirable feature for an aspiring global reserve asset. Further, the hybrid consensus creates for more secure blockspace, making the blockspace more valuable, and provides for a more censorship resistant currency. Decred iterates on Bitcoin’s strengths and shores up many of its shortcomings, putting it in a position to complement or compete with it as a digital store of value.

Outreach

Infrastructure continued to build in July that will help Decred streamline outreach and education. The website update is close to complete, and should be live by the end of August with new subpages on Decred’s Security, Adaptability, Self-Funding, and History. Additionally, we’ve agreed upon a schema and are currently assembling a resource repository building on Max Bronstein’s Canon that will help form a natural funnel of learning for people taking the #DecredChallenge.

In order to achieve this, we’re slightly refining the messaging, focusing largely on the fundamental principles of Decred, as all messaging flows from there. That will appear in chat within the next week for community input. Other resources for the community that have been in the works include the Social Media Playbook, featuring best practices for how to engage with others in a constructive way that reflects well on Decred and helps educate others about the project.

Additionally, a Community Organizer Handbook will be shared for community input shortly. This well help clarify roles and responsibilities in order to gain alignment, improve efficiency, and share best practices around the world. Along these lines, Decred is looking for geographic marketing leads to help run areas of the world. Various proposals from different regions are in the works, and should hit Politeia in the next couple of months. We are still looking for leaders in Europe and Asia, so join us in #marketing or #local_ops in Matrix to discuss helping to decentralize the organization.

We’re also working to coordinate a week-long events blitz in October featuring various Decred community members in some of the most important cities across Asia. Details should be released within the next month.

Decred in Depth episodes featuring Murad Mahmudov and Permabull Nino were released which were very well received and created a lot of chatter about Decred on social media.

Ditto’s July achievements:

Events

Attended:

Upcoming:

Media

Selected articles:

Translations:

Videos:

Audio:

Community Discussions

Comm systems news:

Selected topics:

@Checkmate has been very active on Twitter and generating good engagement around the #DecredChallenge and #DontSleepOnDecred hashtags, here are some highlights:

Other selected tweets:

@lukebp’s Decred investment thesis in one tweet:

Technological change is hard to predict. A protocol needs to be able to adapt to those changes. The people making decisions about those changes should be the people with skin in the game, i.e. the stakeholders.

Selected Reddit threads:

Markets

In July DCR was trading between USD 25.20-35.64 / BTC 0.00262-0.00296. The average daily rate was $28.97.

After brefiely making a run for USD 13,000, Bitcoin price went down and has been mostly bobbing the USD 10,000 mark most of July.

Relevant External

Chris Burniske of Placeholder VC (holders of Decred and Zcash) provided a good summary of the situation facing the Zcash community as the founders reward expires, advocating for a continuation of 20% block reward to fund project development for another 4 years, with a split of 70% to “Protocol Development” and 30% to “Growth Funds”.

Zooko Wilcox published a personal letter about the possibility of a new Zcash dev fund, which explains that he always knew that the time would come when funding would run out and create a problem that could only be solved through a “messy and difficult process” such as the Zcash community is currently going through. Zooko stated again that he cannot be the one to make the decision and that it should come from the community, but as the CEO of ECC he has considerable influence in the community, and the community has no established method of making decisions.

All of the various options being considered have been helpfully summarized in this megathread. As Chris Burniske remarked in his post, the first question is how to make the decision about the decision in a way which is perceived as legitimate. Given time constraints Chris advocates the use of polling to gauge preference for the various options, with a final decision made using the ECC and Zcash Foundation 2-of-2 multisig. Zooko stated that the ECC will announce a method of decision-making in early Aug.

Nebulous, the company building the Sia network, announced the completion of a $3.25 million seed round with participation by a number of venture capitalists.

Funding has also been the subject of some discussion in the Ethereum community, with more attention being paid to EIP-2025, which would add 0.0055 ETH per block for 18 months (17K ETH in total) to fund ETH 1.X development (as the main developers focus on ETH 2.0). The block rewards would be used to pay back a loan which the teams working in 4 different areas would receive to multisig contract addresses.

As with any controversial Ethereum Improvement Proposal, it is difficult for outsiders to know if EIP-2025 will go anywhere. A tweet from Vitalik stating that it seems to have little support probably indicates that it won’t be included in the Istanbul hard fork.

Another Circle Research article published about Ethereum concerns the centrality of Infura, a service company created by Consensys which allows dapp developers to sidestep setting up and running their own nodes. The article considers the difficulty and increasing demands of running a full node (space requirements have increased 25-48% year to date) as causing a decrease in the number of full nodes from 12,000 in Dec 2018 to 8,000 in Jul 2019. Infura is welcome because it allows Ethereum developers to avoid the inconvenience of interfacing with the blockchain directly, but it introduces a central point of failure for the 50,000 dapps and developers who rely on it. Infura is in turn reliant on AWS services to run its nodes.

The /r/ethtrader Donuts experiment, where subreddit participants earn points based on their subreddit karma and use these to participate in polls, is moving into another phase. Smart contracts have been prepared which will allow Donuts to be moved to the Ethereum blockchain, and some Reddit admins are facilitating this on the Reddit end. As the Donuts are being “decentralized”, the polls are to become non-binding signal votes, due to fears in the community about on-chain governance. This appears to be controversial choice, based on comments on the announcement, and there is some confusion about what the purpose of Donuts are.

Aragon completed its 3rd round of governance proposal voting, 11 proposals were submitted and 8 were allowed to be included in the vote by the Aragon Association. 7 of these proposals were approved, all with 99% or greater yes votes, 4 were unanimous (with 1 or less ANT token voting no). ANT turnout was 2.6% averaged across the 8 proposals.

AGP-64 signals support for Quiet Ending Voting, which would extend the duration of AGP voting if the outcome is flipped towards the end of the voting period. This is in response to the observation that late voting by a whale had swayed the outcome of previous AGPs. This proposal does not specify a particular implementation but signals support for resources to be invested in developing quiet ending voting for Aragon.

AGP-59 mandates a minimum length for discussion period on AGP submissions. AGP-70 signals support for shifting management of the Nest grant program away from the Aragon Association and to a DAO, AGP-71 extended the budget of the Nest program by 600K DAI and 300K ANT. AGP-73 is the biggest budget proposal, with further flock funding for Autark of 1.6 million DAI and 487K ANT to cover one year. The rejected proposal called for development of a native mobile app for Aragon voting.

Dash completed the first annual elections for positions as supervisors of the Dash Investment Foundation, using some software custom made for this purpose.

Another round of the Tezos protocol amendment process is underway, after the Brest proposal by TzScan Baker failed to achieve enough upvotes to progress. Cryptium Labs injected a proposal called Babylon, prepared jointly with Nomadic Labs, on Jul 26, then an amended version 2.0 on Aug 2. This proposal would make a number of changes to the protocol, including a new variant of the consensus algorithm and new Michelson features, and a new proposal quorum requirement would be introduced which would prevent the proposal with the most upvotes progressing to the second phase unless it has support from at least 5% of the stake. This would allow for proposals with little support (like Brest) to be rejected earlier, and the proposal cycle to restart more quickly thereafter.

The 0x decentralized exchange protocol team announced that a security vulnerability had been reported by a 3rd party security researcher, and shut down the exchange contract as a precaution. The 0x smart contract pipeline was patched and re-deployed the next day.

StopAndDecrypt published an overview of ways how mining pools could abuse the hash power trusted to them and made the case for BetterHash - the working name for alternative mining protocols that aim to give the power back to individual miners and strip mining pools of their influence.

A backdoor sneaked into a Ruby library for checking password strength. The injected malware fetches and runs the code from pastebin.com, giving the attackers the power of remote code execution. The irony here is that the hijacking was possible because the author of the password strength checking library had weak and reused password, and had no 2FA on his RubyGems account. It is important to audit dependencies in a world where it is getting common to blindly pull in dozens or hundreds of dependencies using automated tools.

The network of OpenPGP keyservers was subject to certificate flooding attack. Someone uploaded a ton of certifications for public keys of two GnuPG contributors, effectively “poisoning” them. Anyone who attempts to import a poisoned key into a vulnerable installation risks making their keyring unusable because of a massive performance degradation. Flaws of the keyserver network design were known for a long time. It basically maintains a decentralized censorship-resistant write-only database but with no robust abuse protection. During more than a decade of this vulnerability being known, the network was unable to coordinate the development and deployment of an upgrade. This once again reminds us how challenging it is to design a resilient decentralized protocol and how critical it is for a decentralized network to have a governance mechanism to adapt.

About This Issue

This is issue 16 of Decred Journal. Index of all issues, mirrors and translations is available here.

Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.

Your feedback and contributions are always welcome.

Credits (alphabetical order):