FIP-0096: Draft for convert fundraising remainder address(es) to keyless account actor(s) #1080
Conversation
Fatman13
requested review from
momack2,
arajasek,
jennijuju,
kaitlin-beegle,
anorth,
raulk,
jsoares,
TippyFlitsUK and
rvagg
as code owners
There was a problem hiding this comment.
The proposal is clear but, in my view, completely ineffectual and a waste of governance resources.
I'm not passing any judgement on the underlying principle, but on the practical impact of the problem and solution at this point in time. I do not believe the proposal (in short: freezing an account containing 300 FIL) achieves any of the security and decentralisation goals put forth in the abstract or product considerations. If the intent is merely symbolic, then the proposal should be framed as such.
|
Appreciate the comments! Thank you, @jsoares!
I am not sure if it is waste of governance resources as such resources are pretty much idle atm. At least from surface level by quick glance over #fil-gov and discussion. What exact work have governance been doing?
Fair point from sybil attack point of view, but how can a decentralized network talk about security if the spec is not even respected? The governance is basically the biggest security threat of all. Attackers don't even need buy out the network, just the governance. Besides, isn't it a given that in any decentralized network the spec should be followed to the exact? Will change the wording to reflect that. Thanks for pointing that out! |
|
Assigning FIP number 0096. Please update the FIP title and filename, and include an entry in the README table pointing to it. |
Done. Thank you! |
anorth
changed the title
|
|
||
| ## Security Considerations | ||
|
|
||
| This proposal improves the network security by removing the ownership and control of whatever it is the remaining of the 2.5% of the total network token supply in `f0122` from individuals and putting it under the control of network participants via the appropriate governance processes. Again, the proposal acknowledges that the security threats from Sybil attack perspective is slim, but not following spec is considered a much bigger threat as attackers don't really need to buy out the network, just the governance. |
There was a problem hiding this comment.
f0122 only has ~300FIL in it not 2.5% of the network supply at the time this FIP is proposed, and also the last value transfer > 1FIL happened in 2021 Nov. I don’t think this fip improves the network security as it stated by the author.
There was a problem hiding this comment.
Thank you for the input! Appreciate the comments.
f0122 only has ~300FIL in it not 2.5% of the network supply at the time this FIP is proposed
i don't think the text suggested there is 2.5%, it reads "whatever it is the remaining of the 2.5%".
I don’t think this fip improves the network security as it stated by the author.
That's the point Jorge has been making and the text has been updated to address his comment. I am not sure why editors are fixated on very narrow view of network security. Even a simple question to AI (i used Grok) would give you the following... (point 8 in governance specifically)
how to define the security of a decentralized blockchain network?
Defining the security of a decentralized blockchain network involves considering several key aspects:
- Consensus Mechanism
Proof of Work (PoW): Security is maintained by making the cost of altering any part of the blockchain prohibitively expensive due to computational power needed to mine blocks. Bitcoin uses this method, where miners compete to solve complex mathematical problems, and the first to solve it adds a block to the blockchain.
Proof of Stake (PoS): Security comes from validators who lock up their cryptocurrency as a stake. The likelihood of being chosen to validate a block is related to the amount of cryptocurrency staked. Ethereum is moving towards this model with Ethereum 2.0. PoS reduces the risk of 51% attacks since attacking the network would mean losing the staked funds.
- Node Distribution
A blockchain network's security is enhanced by having a large number of nodes spread across different geographical locations. This decentralization makes it harder for any single entity to gain control over the majority of the network’s computing power or decision-making processes.
- Cryptography
Public-Key Cryptography: Ensures that transactions are secure by using digital signatures to prove ownership. Only the holder of the private key can authorize transactions, reducing the risk of fraud.
Hash Functions: These are crucial for linking blocks in the chain. Even a tiny change in data will produce a vastly different hash, making it nearly impossible to alter past transactions without detection.
- Network Consensus and Forking Rules
How the network decides on the validity of transactions and blocks, and the rules for what constitutes a valid fork in case of disagreements (like soft forks vs. hard forks), significantly impacts security. Networks with clear, followed rules can resist attacks better.
- Economic Incentives
The design of rewards and penalties in the network can enhance security. Miners or validators are incentivized to act honestly due to the potential for reward (like block rewards or transaction fees) and the risk of losing their stake or being ostracized from the network for malicious behavior.
- Sybil Resistance
The network needs mechanisms to prevent Sybil attacks where an attacker subverts the network by creating a large number of pseudonymous identities. Techniques like PoW or PoS inherently resist this by requiring significant resource commitment.
- Smart Contract Security
For blockchains that support smart contracts (like Ethereum), the security of these scripts is crucial. Bugs in smart contracts can lead to significant losses, as seen with events like the DAO hack.
- Governance
How changes are proposed, debated, and implemented can affect security. Good governance ensures that updates to the network are beneficial and do not introduce security vulnerabilities.
- Privacy and Anonymity
While not always directly related to security, ensuring user privacy can enhance the overall security perception and usage of the blockchain, as seen with technologies like zero-knowledge proofs.
- Auditability and Transparency
The ability for any participant to audit the entire blockchain or parts of it ensures transparency, which in turn supports security by making malicious activities easier to detect.
Securing a blockchain involves a holistic approach where all these elements work together to create a robust defense against various threats. Each blockchain might prioritize these aspects differently based on its intended use and philosophy. However, the fundamental goal remains the same: to ensure that once data is written to the blockchain, altering it is either extremely difficult or economically unfeasible.
#1033
Convert fundraising remainder address(es) to keyless account actor(s)