Decred Journal – November 2019

abstract art

Image: Powermove by @saender

Major news of November:

Development

dcrd: Performance enhancements and code cleanup.

While v1.5 is awaiting its final release, development is moving towards the 1.6.0 milestone.

regentemplate command introduced to force the generation of the latest template with any new transactions.

Mempool changed to evict any remaining orphan transactions when the peer they were sent from disconnects and to modify orphan tx policy in accordance with recent improvements.

New chain parameter added for specifying minimum total known work of the chain. The code checking whether the chain is current is updated to use total work instead of height of the final checkpoint. This method does not rely on trusted known checkpoints, is valid regardless of the order that blocks are received and processed, and, in general, is a more objective value that can’t be invalidated by a chain reorg.

lru package was extended to allow insertion and retrieval of key-value pairs (in addition to just values).

Block ancestor traversal significantly optimized by introducing a deterministic skip list.

dcrwallet: Bug fixes, new methods, code cleanup.

Method added to detect reused addresses and their corresponding outpoints.

Decrediton: Numerous bug fixes and UI tweaks, code cleanup.

Toggle added to create LN-specific wallet account when first initializing an LN wallet. This incentivizes users to not use their default wallet account which is likely to have the majority of their funds, which could cause many channels to be automatically opened if the autopilot feature was selected.

New batch of responsive views implemented.

Multiple bugs found during the testing of RC1 and RC2 were fixed.

In total 54 pull requests were merged in November.

Politeia: Payment information has been added to the backend, allowing the CMS to fully recover invoice information anchored on politeiad.

Building politeiavoter on Windows is now supported.

Frontend redesign for CMS is well underway.

Implementation of RFP process has started.

dcrstakepool: Work started to enable arbitrarily voting on tickets whose voting rights the server has the private key for. Work continues to implement per-ticket authentication and ticket purchasing to remove user accounts, voting address reuse and the email requirement.

dcrpool: Work in progress to add extensive test coverage.

dcrlnd: Bug fixes, improved tests and build infrastructure. Dockerfile updated for dcrlnd.

cspp: increased RPC timeout, improved client-server error handling, allowed use of LetsEncrypt staging server.

dcrdex: Development is hot! New components implemented in November: auth manager, account registrar, initial version of Decred wallet client, client websocket connectivity, and initial epoch processing and match storage, and a transition. The way to identify unspent funds changed from txid/vout to more abstract coin ID to possibly support non-UTXO-based assets in the future.

dcrandroid: Work continues to add multi-wallet support.

dcrios: Redesign, UI tweaks, bug fixes.

Nav menu redesigned. Notification added to show sync status when the app is in background mode.

Work continues on overhauled overview, wallet restore and verify seed views.

dcrdata: v5.2 is out now!

Frontend highlights: updated header and blocks page, improved charts, button to copy text to clipboard on addresses and hashes. On the backend: dcrd v1.5 support, dropped SQLite support to focus on PostgreSQL, Insight API fixes, performance improvements. Check the release notes to see all changes. The release took 83 commits by 9 contributors over 4 months. Congrats to the dcrdata team!

Work is in progress to show CSPP mixes (live on alpha on block page) and calculate attack cost.

docs: New privacy guide, overhaul of governance overview, links to new devdocs, minor updates and cleanup.

decred.org: Minor updates and cleanup.

Cobo custodial wallet was removed, with the view that custodial solutions should not be promoted. The Exchanges page was updated (Nanex, OOOBTC removed).

Other:

Dev activity stats for November: 173 active PRs, 342 master commits, 72K added and 19K deleted lines spread across 12 repositories. Contributions came from 1-7 developers per repository.

People

Welcome to new first time contributors with code merged to master: zeoio (dcrdex), githubsands (dcrlnd), eharris128 (dcrweb).

Two new contributors missed by our detection earlier: neddoz (dcrios since Jun) and quacklabs (dcrios since Sep). Welcome aboard!

Community stats:

Governance

In November the Treasury received 14,096 DCR and spent 17,889 DCR. Using November’s daily average DCR/USD rate of $19.97, this is $281K received and $357K spent. At October’s average daily rate of $15.59, the USD figure billed for work completed in that month is $279K. As of Dec 2, Treasury balance is 640,201 DCR ($12.4 million USD at $19.44).

There were two new proposals submitted, one for $650 for a DCR version of Point of Sale app PlusBit, and one by @buck54321 requesting $30,000 for continued development of TinyDecred. Voting started for both proposals on Dec 3.

The proposal for Latam Marketing and Events by @elian was approved with 75% Yes votes and 29% participation, and the research and education proposal by @ammarooni was approved with 80% Yes votes and 29% participation. The Dota2 prize proposal was rejected with 5% approval and 29% participation.

@richardred produced a report into the DCR order books from mid-October to mid-November, as i2 Trading started making DCR markets in line with their approved proposal. The additional liquidity is available, although according to the way it has been measured over this timeframe (where price volatility created difficult conditions), it was probably not available with 90% uptime across all exchanges and pairs.

For more in-depth coverage of Politeia activity see Politeia Digest issue 25.

Network

Hashrate: November’s hashrate opened at ~442 Ph/s and closed ~381 Ph/s, bottoming at 322 Ph/s and peaking at 571 Ph/s throughout the month. Pool hashrate distribution as of Dec 4: Poolin 35%, UUPool 32%, F2Pool 11.6%, lab.antpool.com 6.8%, BTC.com 2.8%, Luxor 2.3%, Coinmine 0.11%, BeePool 0.10%, suprnova 0.01% and others 9.45% per dcrstats.com. Pool distribution numbers are approximate and cannot be accurately determined.

Staking: 30-day average ticket price was 134.8 DCR (+2.5) per dcrstats.com. The price varied between 123.9-150.4 DCR. Locked amount was 5.29-5.49 million DCR, which corresponded to 49.50-51.17% of the available supply.

The ticket price made a new high since the sdiff algorithm change, while the 51.17% is the new all-time high of stake participation.

Another spike of missed votes happened on Nov 29.

Nodes: Throughout November there was an average of 189 public listening nodes and 398 normal nodes per dcr.farm. Version distribution: 73% use dcrd v1.4, 9.6% are dcrd v1.5 dev builds and RCs, 2% use dcrd v1.6 dev builds and 8.8% are dcrwallet v1.4.

As of Dec 4, around 24% of PoS voters are signalling that they have upgraded and are ready to vote for the consensus rule change, per dcrdata.

On Nov 24 block 400,000 was mined and approved by voters.

Integrations

Bittrex added a DCR/USD pair to their exchange. @jz provided some context and explained that i2trading will be providing liquidity on this market.

Abra wallet/exchange added Decred support for both U.S. and international customers. According to this page Abra does not hold custody for several largest assets, but DCR is not one of them, and is therefore custodied.

Warning: the authors of Decred Journal have no idea about the trustworthiness of any of the services above. Please do your own research before trusting your personal information or assets to any entity.

Outreach

November featured Decred at a number of high profile events across the world. Many of the same team members from last year returned this year to Web Summit in Lisbon, Portugal, where Decred was the only cryptocurrency project with significant physical presence this year. @moo31337 represented the crypto industry on a panel titled “Can You Trust Your Bank?”, which can be viewed here. @Dominic represented Decred at the 2019 World Blockchain Conference in Jiaxing, China on November 8.

@Dustorf shared drafts of all new decred.org subpages in the #writers room, and after community input, everything has been submitted to EETER for final assembly, testing and publication.

The Decred Assembly featured a Deep Dive on v1.5 RC1 with @davecgh, and episodes of Decred in Depth featuring @liz_bagot on PR and @akinsawyerr on Africa and Governance.

Ditto’s November achievements include 9 pieces of media coverage:

Also:

@bee wrote an overview of marketing strategies to explore. Some of the key topics are to improve reporting, use word “money”, promote the actual use of DCR for tipping, donations and funding projects, pitch DCR to highly aligned communities and individuals as a way to transfer value, and boost social media presence. (Reddit)

Events

Attended:

Upcoming:

Full report for October’s Decred meetup in Bogota, Colombia, has been added to the events repo. There are 37 reports in total. Thanks to everyone for submitting!

Media

Selected articles:

Translations:

Videos:

Audio:

LunarCRUSH shared several charts that combine basic market data like price and volume with sentiment analysis of Decred on social media.

Community Discussions

Selected Reddit posts:

Selected Twitter highlights:

Markets

In November DCR was trading between USD 15.68-24.73 / BTC 0.0020-0.0029. The average daily rate was $19.97.

Relevant External

Coinbase published a post about PoW security, outlining its position that it is advantageous for security that the coin be mined by hardware for which this is the dominant use (i.e. ASICs), and that manufacturing and ownership diversity is well served by ASIC-friendly algorithms.

The CEO of MicroBT (maker of Whatsminer D1, one of the current top Decred miners) was arrested in Shenzhen, China, in relation to a mining patent infringement.

A bug in Zcash implementation leaked metadata and allowed an attacker to link IP addresses to Zcash shielded addresses (missed in Oct). From the developer who discovered it: “All people who use zaddrs and who have shared zaddrs with 3rd parties. (…) Consider your IP address and geo-location information associated with it as tied to your zaddr”. The bug was copied from Bitcoin Core codebase and introduced in Zcash in 2016. The leak was fixed in v2.0.7-3, although the security announcement just recommended to upgrade immediately without any details. A number of projects inheriting Zcash code are affected as well. This shows that privacy tech is very delicate and requires simplicity, robust programming approach and extremely thorough review and testing.

The Zcash Foundation and ECC reached agreement on how to handle the Zcash trademark. This has been transferred to the Foundation, with an agreement where it shares bilateral power to enforce the mark with ECC. This CoinDesk article explains how the dispute was about more than a logo, and the power of the trademark holder to effectively decide which chain is Zcash.

Decred adds another dimension whereby the legitimacy of the chain is established by voters, and minority forks are heavily disincentivized with significant challenges to overcome. Even if someone attempts to steal the Decred “trademark”, there should not be confusion about what the original chain is because voters are signing each block. Also, Decred has a very clear answer to “who exactly is hiring the dev org? what is the ‘community’?” - the stakeholders.

Resolution of the ZEC trademark issue allowed polling for NU4 to proceed, where the Zcash ecosystem/community can signal support for 13 options to fund development. The ECC and Zcash Foundation will consider the results from 3 or 4 different polling methods when deciding what plan to adopt.

Aragon completed its 4th AGP voting round, 15 proposals were voted on and ANT participation was around 3-18%. Among the approved proposals was AGP-103, introducing a maximum network budget of 5% Treasury value or 250,000 DAI (whichever is greater) per quarterly voting cycle. The largest proposal to be approved (with 9% turnout, 91% approval) is AGP-106 to develop and launch Aragon Chain, at a cost of $500,000. The aim is to create a new layer 1 protocol and offer it as an alternative to the Ethereum-based Aragon network. Among the reasons cited were increasing costs of keeping up with changes to the Ethereum network’s changes. AGP-112, which also passed, issued a proclamation that Aragon is opposed to ProgPoW on Ethereum, or any other non-emergency change to the mining algorithm before Ethereum 2.0. The highest turnout proposal was AGP-81, with 17% of ANT turning out to vote “no” on a collaboration with Kleros on the court system.

Aragon Court launched on mainnet, it is a system for adjudicating “subjective disputes that cannot be resolved by smart contracts”. ANT holders can stake their tokens for ANJ tokens, which can then be staked to participate in adjudication of cases brought before the court. Decisions are made through a Schelling game where those who guess the majority decision are rewarded and those who guess wrong have their stake slashed. Registration to become ANJ jurors is set to begin in Jan 2020.

Dragonfly Research published an article about “breaking Mimblewimble’s privacy model” by monitoring the network in real time. @jy-p had identified this issue as part of his review of privacy solutions, and subsequently discussed it on the base layer podcast. A Grin developer replied to the article, stating that it has sensationalized a known limitation and does not constitute an attack.

An “Unknown Fund” was announced, pledging to invest and donate $75 million in Bitcoin for the startups which directly or indirectly support the idea of anonymity. “Preference will be given to the following niches: protection of personal data, tools for anonymity, cryptocurrency and blockchain”. The fund is quite opaque, only saying that “Applications are closed for the Unknown Fund. Evaluation will take a few months”. People are starting to ask if it may have been a hoax.

The Stellar Development Foundation (SDF) announced that it had burned 55 billion XLM, worth over $4.4 billion (notionally), and representing more than 50% of the entirely pre-mined XLM supply. The stated reasons were a belief that the foundation could achieve its aims with less funding, and that the large scale airdrop campaigns were proving ineffective.

The EOS blockchain entered “congestion mode” due to a surge in transactions related to an airdrop program (EIDOS), which at one stage accounted for 95% of all EOS transactions. One effect is that users who have less staked EOS are unable to make transactions until demand for the airdrop subsides or its CPU lease expires in 30 days. Another effect was a surge of 100,000% in the cost of CPU time on the network.

Block.One announced that it is going to begin voting for block producers with the 9.5% of EOS it controls - classifying itself as a “Small, but significant EOS token holder”. Block.One did not announce how they will be voting.

EOS New York tweeted to uncover the fact that 6 of the registered EOS BPs appear to be operated by the same entity. Although the BPs in question are not in the top 21 active BPs, they were receiving rewards regularly as standby BPs.

The Donuts-on-Ethereum experiment of /r/EthTrader is transitioning on chain to an Aragon DAO. Subreddit members had 2 weeks to register to claim their donuts, starting from Nov 15. As noted in previous issues, the /r/EthTrader community has already fragmented over the way the decentralization of donuts is being handled.

Justin Sun of Tron revealed that he is part of an investor group that bought the Poloniex exchange. Mid-November Poloniex listed TRX and started a “deposit competition” with TRX and later TRC20-USDT. Later in the month it was announced that Poloniex had acquired a TRON-based DEX TRXMarket and rebranded to Poloni DEX to offer decentralized trading. A few days later the Poloniex Twitter account tweeted “Let’s buy #TRON”, but this tweet was deleted shortly afterwards.

BitMEX unfortunately leaked their email database by sending an email to everyone using cc instead of bcc. Oops. This leads to targeting of users, revealing one aspect of their identity to parties with mal-intent.

Korean OKEx and Upbit announced delisting of privacy coins such as Monero, Zcash, Dash and others, although delisting of DASH and ZEC was halted for a review on OKEx. (missed in Sep and Oct)

Bittrex has adopted Chainalysis Know Your Transaction software that monitors 15 cryptoassets for suspicious activity in real-time. (missed in Sep)

CoinDesk was observed with pages not displaying unless javascript and certain browser features were enabled, as evidenced by the lack of snapshots in Oct and Nov. The reasons to disable javascript are: greatly improved security (not executing tons of random code), privacy (multiple fingerprinting vectors stop working) and performance (pages load extremely fast). Some websites are adopting javascript-only client-side rendering, which has an unfortunate side effect of preventing web archives from taking snapshots (and making sites less accountable). Other crypto sites that are doing this are Brave New Coin and The Block.

U.S. Fed announced that they will expand their market interventions by offering 42-day “repos” (loans of sorts), in addition to 1-day and 14-day repos that started in September and “purchases” of Treasury bills that started in October. If you ever wonder who is getting these loans, you will have to wait two years for disclosure.

U.S. companies are stacking up cash to prepare for an economic downturn. A notable quote from the Axios story: “Data from the Investment Company Institute shows that even though the stock market has risen by nearly 25% this year, investors have been net sellers of stocks, pulling $100 billion out of equity funds”. A Zero Hedge article shows a weird phenomenon of money flowing out of equities yet the prices setting new ATHs. How? Some factors making it possible are the companies themselves being the biggest buyers via stock buybacks, central banks creating money that flows into stocks, paired with a simultaneous decline of trading volume.

The “fun” part in these dynamics where investors are moving to cash is that while it saves their value from more risky assets and negative interest rates, it will still be diluted by creation of fiat money that is almost impossible to stop now.

The Fed itself admitted that U.S. national debt growing faster than the economy is “not sustainable”, shortly after the debt exceeded $23 trillion.

Global debt is hitting all-time highs. The numbers vary by the source: $188 trillion and 230% of the world output figure comes from IMF chief, while $250 trillion and 320% of world output figure is from Axios, which cited the Institute of International Finance.

Certain physical security providers report an increased demand for safe deposit boxes to store precious metals, cash and cryptocurrency. The motives cited are fears of a global recession, avoidance of negative interest rates and natural disasters.

Several U.S. organizations acted in concert to “deflate the bitcoin bubble of 2017” according to a CoinDesk story (missed in October). “One of the untold stories of the past few years is that the CFTC, the Treasury, the SEC and the [National Economic Council] director at the time, Gary Cohn, believed that the launch of bitcoin futures would have the impact of popping the bitcoin bubble. And it worked”. While the move is presented as helping the market by “popping the bubble”, giving traders the ability to “express a pessimistic view” even if they don’t own the asset, and preventing “believer’s market”, it somewhat reminds of the smart use of futures in 1974 to increase volatility of gold and discourage people from holding it.

Czech Central Bank forbids the use of the word “coin” and is prepared to fine a company that is calling physical coins containing Bitcoin paper wallets with 0.1 BTC “mince” (“coin” in Czech).

A law has been passed by the German parliament which will allow banks to sell and custody cryptocurrencies from Jan 1 2020, subject to the required licenses.

During October protests in Lebanon the banks were closed for two weeks for safety reasons. Upon reopening on Nov 1, capital controls were established limiting daily withdrawals and transfers abroad.

GitHub has removed the APK of an app for organizing protests in Catalonia, acting on a court takedown request sent by Spain’s national police force.

The CEO of Mongolia-based IDAX exchange has disappeared together with the keys for the exchange’s cold storage. Five days prior to that the exchange announced withdrawal problems and that it will no longer serve users in China. This is reminiscent of the case of Canadian QuadrigaCX whose keys also mysteriously disappeared along with the CEO. The takeaways here are: have several backup people with the keys if you run an important service, screen your exchanges and ideally, contribute to replacing custodial exchanges with non-custodial ones.

A trojan-enabled version of Tor browser was targeting Bitcoin users, discovered by ESET. The trojan version was spreading from tor-browser[.]org and torproect[.]org domains.

The prominent getmonero.org site was compromised and wallet binaries were replaced with malicious code. The issue was identified by a user who checked the signature and found it didn’t match, then promptly fixed by the Monero team. At least one user reported losing funds.

A fake Zcash wallet was distributed through a github.su domain. (missed in Oct)

Another fake Decred wallet was noticed, reported and quickly removed by GitHub. The account named decreds and the way the fake v1.5.0 release was published looked similar to previous “v1.5.0 Mandatory Update” by DecredCoin covered in September. It feels like hackers can’t wait for v1.5 final release (we too!). If you encounter anything like this on GitHub or elsewhere, please report it to the platform immediately and notify the community to minimize possible damage.

If you couldn’t upload enough of your data to Google, it is planning to enter the banking business and offer checking accounts next year. Project codename “Cache” is a bit ironic because in computing caches are often wiped.

About This Issue

This is issue 20 of Decred Journal. Index of all issues, mirrors and translations is available here.

Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research.

Your feedback and contributions are always welcome.

Credits (alphabetical order):