#45 Framework for sufficient decentralization. Vitalik Buterin & Stealth NFTs

Disclaimer: Everything we write in "The Crypto Insider Report" is an x-ray of the industry as we see it, through the lens of publicly available information. We are not financial advisors. 

Half of the Nomad Funds Were Drained by Copycats

You must have read by now about the recent hack that [another bridge] Nomad suffered. Essentially, one of their routine upgrades produced a misconfiguration after which all messages were considered valid. Such messages were e.g. token withdrawal requests from the bridge. This way, attackers were able to trigger a hack that led to 190 million USD being stolen.

Even more, since the blockchain transactions are public, all anybody that wanted to get in on the action had to do was to find a successful transaction and simply change the receiver address with theirs.

New data published by CoinDesk from Coinbase shows that 88 out of the 190 million USD were actually stolen by copycats that were running essentially the same transaction.

If you are curious about more technical details on the matter, feel free to read the Coinbase research straight from the source. In the meantime, Nomad is hoping to recover the stolen funds via a bounty program where they let people keep 10% of what they got as long as they return the rest, avoiding any legal action. So far, they recovered 25 million USD.

Mihnea

================

Framework for sufficient decentralization

Marc Boiron, Chief Legal Officer at dYdX and a strategic advisor to Variant Fund, has published a well-written piece on his thoughts regarding a framework / playbook to interpret sufficient decentralization when trying to position a crypto project vs. the Howey test for securities. 

The paper explains what sufficient decentralization means, how it affects internal / off-chain activities, common errors that lead to the centralization of DAOs and how to efficiently structure a community to achieve sufficient decentralization.

The writing starts with an excellent primer on investment contracts, the intricacies of the Howey test to determine if an investment contract is a security and it analyzes the implications of the idea of sufficient decentralization firstly introduced in a June 2018 speech by William Hinman, who at the time was the director of the SEC’s Division of Corporation Finance. He said: “If the network on which the token or coin is to function is sufficiently decentralized – where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts – the assets may not represent an investment contract.” 

Reorganizing activities under the DAO umbrella might not be sufficient as a high-level approach and Marc Boiron argues that it would be advised that off-chain activities should be decentralized, including: software development, business development, growth and marketing, intellectual property and governance decisions. Another powerful message is that in Web3, how a community executes on competitive information will determine its success, not the confidential information it holds.

a) Protocol development: keep all code open source and increase the protocol composability (make it easy to integrate with others). Grants and bounties can be offered to community members to contribute to protocol development. Application, evaluation and negotiation of objectives, key results and performance should be available for community review. In this sense, we have seen all the grant programs funded by L1 protocols.

b) Business development: give BD team clear direction, financial resources and certainty. To mitigate risks, communities can approve BD deals in avance, or to subject those deals to community approval.

c) Marketing and growth: use grants and bounties to incentivize growth and marketing, and empower independent efforts. A project is more decentralized if (all) members feel empowered to contribute to a project’s growth through their own marketing actions.

d) Intellectual Property: abandon or distribute IP to the community.

e) Governance decisions: create code and guides for basic, repeatable proposals. Other items include simplifying mechanics for proposals, creating benefits for participation in governance or installing appropriate thresholds for quorums, proposals and voting.

While the paper has at its core the four-pronged approach embedded in the Howey test, it is reasonable to expect that there will be no adapted version (or new version) of this test to evaluate crypto assets as securities in the near-term.

Razvan 

================

Vitalik Buterin & Stealth NFTs

The next innovation in digital asset transactions proposed by Vitalik Buterin is stealth addresses for NFTs. The notion was published on a programming forum and via Twitter by the co-founder of Ethereum.

Vitalik said: “You can send an ERC721 to “vitalik.eth” and I can see it, but no one else can see that vitalik.eth received an ERC721; they will just see that someone received an ERC721”.

The concept was added to an Ethereum Research post focused on adding an “ERC721 Extension for zk-SNARKs.” Nerolation, who claimed that his approach was "the exact execution of what Vitalik indicated" when referring to private POAPs, suggested the extension to ERC721 (the NFT standard).

The idea to use ERC721 tokens that are ZK-SNARK compatible makes an effort to fix this by utilizing stealth addresses that contain a hash of the user's address, the token ID, and the user's secret.

The tokens are then saved at "an address that is derived from the user's leaf in the Merkle tree," which is added to an on-chain Merkle tree with the information.

vitalik.eth @VitalikButerin

Idea: stealth addresses for ERC721s. A low-tech approach to add a significant amount of privacy to the NFT ecosystem. So you would be able to eg. send an NFT to vitalik.eth without anyone except me (the new owner) being able to see who the new owner is.

ethresear.chERC721 Extension for zk-SNARKsI feel like you can accomplish this with much lighter-weight technology. Just use regular stealth addresses: Every user has a private key p (and corresponding public key P = G * p) To send to a recipient, first generate a new one-time secret key s (with corresponding public key S = G * s), and pu…

7:51 AM ∙ Aug 8, 2022

---

So that the compiled data can be sent to a leaf of the Merkle tree when a message is signed, an address would need to provide the stealth address "access to a private key" in order to show ownership of the token (NFT). In order to verify the results, the circuit would then be able to compare the "calculated and user-provided roots."

Vitalik Buterin's interpretation of stealth NFTs is a novel low-tech idea. No matter how well the NFT community responds, it will probably be a while before this proposal becomes a reality.

Time will tell.
Cosmin

================

Blockchain Technology Enables Diamonds Traceability

Cryptocurrencies steal most blockchain-related headlines, but adoption has nevertheless been growing for the technology. One example is the use of blockchains for diamond traceability. 

Diamond traceability was one of the first real-world applications in the blockchain sector. Early on, the two most prominent players were startup Everledger which signed Alrosa, now the world’s largest diamond miner, and De Beers-founded consortium Tracr. Solutions were embraced in Asia, where Hong Kong’s Chow Tai Fook adopted the technology with DiamsLedger providing provenance on the Chinese mainland.

There are two broad reasons why this sort of solution is useful to luxury brands. Firstly, it’s a key step in proving the gem’s authenticity, both for the company sourcing the diamonds and the end-user. In other words, it reduces fraud. The second reason is to address ESG concerns about sourcing diamonds from conflict zones, so-called “blood diamonds”, and being able to demonstrate that to the consumer.

The latest development in this sector has been announced this week and will be trialed in the city of Kananga in the Democratic Republic of Congo (DCR). A GemLightbox will arrive from Belgium to support transparency and traceability for local artisanal diamond miners by using accessible blockchain technology. The equipment – a lightbox made for 360° jewellery photography and videography – will be used by six mining cooperatives of artisanal diamond miners as the first step of a blockchain pilot project named 'OrigemA'.

'OrigemA' was launched in May in collaboration with the DRC Ministry of Mines, the NGO DDI@RESOLVE and the Everledger technology company. The aim is to promote peacebuilding in the area, stimulate fair trade in the diamond sector, improve the socio-economic situation in the Congolese villages, increase work equality for women and teach environmental sustainability.

Evelyne

================

For more educational crypto content, check out the links below:

• The Stakeborg DAO Talks on YouTube: https://www.youtube.com/playlist?list=PLOrFZZifNn4Nx4nSQL3WS52ALPXgrTSVG

• Discord channel: https://discord.com/channels/901898461568442458/903006233584341052

• StakeborgDAO Quarterly Reports: https://docs.stakeborgdao.com/reports/dao-quarterly-reports

• Stakeborg Academy: https://academy.stakeborg.com/

Comments

[George Domnar]

📝📊🧑🏽‍💻thank you👷🏼‍♂️🧱

[Iorgulescu Mihai]

thanks for concentrated blockchain info!