This week's spicy topics:
EOS DeFi: Audits & MSIGs vs Exits & Exploits
I have been trying to gather my thoughts in order to write this post as there has been much movement in the EOS DeFi realm recently. I wanted to summarize the discussions from our EOS Nation telegram group in an easy to read format for you, also having something handy to point to in future reference.
Disclosure; I was prompted to write this specifically tonight for two reasons:
- A token holder reached out this evening to inform me they believe a project that added EOS Nation in their MSIG permission list is a scam project.
- It appears that the EMD project has exit scammed.
My goal is to have the widest reach possible, I will therefore try and keep this simple in terms of complexity – those with a deep understanding of these concepts might feel I am oversimplifying certain things; that is my intention.
Audit VS Open Source
What we see in EOS right now are projects that choose to either get their contracts audited, or skip the audit and open source the code which essentially opens the door for anyone and everyone to audit. There are advantages and disadvantages to both which I do want to dwell on. The point is that we should typically see one or the other.
A potential red flag is when a project does neither.
What is also important to note is that having an audit performed or having code that is open sourced does not remove the risk of having issues within the code (intentional or not) – it simply mitigates a portion of the risk, and even reduces it greatly to a certain extent, but it is not full-proof. They are both means to improve the relationship with the token holder by building an initial base layer of trust. There are several companies that I know of that offer auditing services on EOS which I have worked with: Slowmist, PeckShield, EOS42 and Sentnl. It is my opinion based on experience working with these four that they are competent and trustworthy. However, I need to repeat it – an audit does not remove risk, it mitigates it to a considerable extent. Please remember this. The process of performing an audit is a back and forth that can last several days and is intended to close any potential loophole in the code. If a project performs an audit, but deploys a different version of the code, one which is not audited, it has no meaning. Ensure that the code that is deployed matches the hash of the audited code. Usually the auditor will add this as a mention when they give their stamp of approval (i.e. we have audited this code and the deployed code matches the hash that we audited).
MSIG VS Single Owner
This is a tricky one, so please bear with me. MSIG is short for MultiSignature – it is simply adding the requirement for more than one party to make changes to a particular contract. Changes could be anything from code modifications to executions of functions from within the contract itself. MSIGs are great for many reasons; the main being giving away sole authority over a particular contract – decentralizing its ownership.
EOS has an incredibly powerful set of base-layer permission functions that can be leveraged alongside the MSIG. The two main ones that need to be adjusted are: threshold and weight.
- Threshold is the bar to reach, a concrete number that needs to be attained or surpassed in order to have authority over the contract.
- Weight is the the value that is assigned to each participant. Adding the weights together is what is calculated when determining if the threshold is met.
For example, let’s pretend there is a contract with a set threshold of three (3). In the permission set there are five (5) accounts that each have a weight of one (1) assigned. In order to make changes to the account, any three (3) of those accounts would need to be in consensus in order to meet the threshold set.
Each EOS account has an owner key as well as an active key.
The owner permission can do whatever it wants
- including changing the active key and permission sets.
- In many cases, the active permission is only eosio.code; so the contract itself.
Note that for most projects you would see the MSIG at the owner level, but not necessarily at the active level. This is fine. Here is where it gets a little tricky…
Any account can be added onto an MSIG permission list. This does not require consent nor knowledge from said account owner.
Why is this important? For one, having an account that is MSIGd does add a layer of security to a certain degree (as I mentioned above it does decentralize ownership of the contract), but it can be superficial if other criteria aren’t also followed. An MSIG account does not inherently mean there are no issues with the contract.
- Always look to see if the code has been audited or is open sourced.
- Always check to see if the MSIG participants are known and trusted entities.
- Always check the threshold and weights set; how many other entities need to approve changes for consensus to be reached.
On the question of consent, it is somewhat irrelevant. It is good form, see polite, for a project to reach out and ask whether a particular entity wants to be a party to an MSIG, but as you now know, it is not necessary. There is no way for us to guide, direct, mentor and review each project, we cannot do this, there are not enough hours in a day to do so.
Being on an MSIG list is not an intrinsic endorsement of the project.
At EOS Nation we’ve taken the position of accepting to be on the MSIG list on projects in order to help decentralize contracts as a general service to token holders and developers. We accept to do so when the criteria laid out above are met as this helps ensure, to a certain extent, that no one can arbitrarily move assets for example. However, there comes a point where this is no longer scalable as the ecosystem grows and more projects are deployed. Hence, my previous comment about consent not being necessary. At some point it is inevitable that projects will assign trusted entities and only reach out when or if they need to make changes. The review process, if accepted, would be done at that time. Of note, unless absolutely necessary you typically do not want to make modifications to the code, so this may never happen. This is fine, as long as token holders understand what I have written above. An MSIGd account does not mean it is risk free, as with the audit, it is simply an additional layer of protection to mitigate possible risk, not remove it.
I started this article by giving a disclosure for the particular timing of the article, let me address the two.
- A project with little utility, poor communication, questionable tokenomics, an anonymous team, and falling asset valuation does not make it a scam.
- As far as I can tell EMD was not audited, not open sourced, and the owner and active keys were the same, and not MSIGd. This could have been prevented.
Thank you for reading, I hope this helped shed light on these concepts and that it will help you make informed decisions as our ecosystem enters its next phase of growth.
“As one of the leaders of the space, we support innovation. With innovation comes the chance of high reward, and high risk. Some projects make it to the moon, while some fall short. Always manage your risk accordingly.” – Changpeng Zhao, CEO of Binance
Dan Larimer Live on Everything EOS
Dan Larimer joined Zack Gall and Chaney Moore this week for an in-depth, 2h30min long discussion almost entirely focused on EOS. Zack and Chaney did a great job interviewing Dan and focused on asking questions that came directly from the community. We enjoyed the show tremendously and have timestamped some of our favorite sections below. Enjoy!
5:00 Block.one is aligned with EOS and wants to see EOS succeed.
37:00 – 46:00 Wrapping Bitcoin on EOS & Mutli-Chain MSIGs
What did you think of the interview? Many members of the community hopped on a livestreamed zoom call right after the interview to share their thoughts and opinions.
It’s great to see Dan being so active in the community again doing 4 interviews in just 2 weeks. Besides his appearance on Everything EOS we can also recommend checking out the interview Dan gave Charlie Shrem on the Untold Stories podcast. Both go deep into the underlying philosophy of cryptocurrencies and develop the conversation along an interesting timeline, from the origin of Bitcoin, on toBitshares and Steem, wrapping up with EOS
Brendan Blumer, CEO of Block.one, has also been increasingly active on Twitter making a strong case for EOS and engaging in the discussions that are shaping the future of Blockchain.
Brendan was also featured in Business Insider Australia as one of the 100 people transforming business in Asia.
Vigor Launch: September 15th
Vigor has recently completed the fourth step on their way to allowing public access to the protocol and officially launching Vigor on September 15th, 2020. This launch represents the culmination of over 2 years of hard work from countless participants who believed in the vision of a highly decentralized and community-owned decentralized financial protocol.
Vigor countdown to launch:
✅Deploy to EOS
✅ Stake to Join DAC
✅ Code Audit by Sentnl
✅ Decentralized Keys
⏺ Open Access
⏺ Live on September 15th
Block.one Invites EOS Community to Test Proposed Resource Model
The new resource model that has been proposed by Block.one Public Blockchain Engagement is going to have an impact on the various stakeholders within the ecosystem. Those most affected are likely to be the token holders who use their stake to power their applications and/or cover the cost of usage for their users.It’s also important to highlight that code changes are likely to be required for many wallet providers who create accounts on behalf of users Block.one wants to hear from everyone so make sure you send them your feedback. Block.one, developers, token holders and block producers are discussing these changes and we invite all EOS stakeholders to participate in this process.
This change is looking to positively impact the majority of token holders.
WAX NFT Movers & Shakers
The WAX community is again full of exciting developments.
NFT collectors have until Wednesday at 12 noon EST to finish a full set of the Blockchain Heroes trading cards.If you’re looking to complete your set make sure to do so quickly!
Of note, every wallet that holds a full set of the varieties common, uncommon, rare, epic and legendary. will be rewarded with a new card.
Speaking of Blockchain Heroes, we continue to be impressed by Joel Comm and Travis Wright’s engagement with the community. They hold weekly meetups in which they come up with new challenges and reward drops such as the recent Blockchain Heroes medals.
However, the Blockchain Heroes are not the only WAX NFT project that Joel and Travis are working on. The Nifty Shopping Network is next and is the first WAX-based sale of original digital collectible artworks. For their debut, they have partnered with a selection of 3 artists to work on a set of limited NFTs.
“The Nifty Shopping Network spotlights original and unique digital artwork on the WAX blockchain. Curated artists and works are featured in limited quantity to provide collectors with inspiring, provocative and highly collectible art. To view the marketplace visit nifty.deals”
In order to promote this sale, they tried out a new feature fromAtomicHub which allows NFTs to be claimed, albeit with limited amount and time, by any WAX Wallet holder.
The UI for this feature is still in development, but it should be available soon along with other new features such as bundled sales, auctions and an NFT creator update.
The WAX community is growing at a rapid speed!
For that matter, the WAX team published a great review with the first WAX NFT Roundup.
The next big sale on WAX will be Original Season 2 of the Garbage Pail Kids scheduled for the end of September and we found plenty of good stuff on the roadmap for KOGS that includes:
- September: RFOX Games brand release launch (incl. whitepaper)
- October: Game economy revealed
- November: Staking & Rewards
- December: KOGs 2nd edition, Public Beta Game launch
- March: KOGs 3rd edition, New Game Reveal
We can see the hype for NFTs continues to grow week over week! The last 3 months of 2020 should be especially exciting in the world of WAX & EOS NFTs!
Ultra Community Update #9
This week we got the pleasure of reading the 9th Ultra Community Update which introduced a completely new website and a streamlined terminology of all the different components that the Ultra platform is going to offer.
We also learned about an upcoming Liquidity Program for the UOS token on Uniswap and further community-building activities such as the Ultra Telegram Sticker Contest, running from September 18th to 27th. If you want to participate in the contest, join this Telegram Chat for further instructions. UOS prizes are up for grabs!
While the community is buzzing with anticipation for the mainnet launch and first game scheduled for later this year, the general crypto media is also picking up on Ultra.
The team shared an impressive list of recent coverage, interviews and AMAs. This included a paid advertisement on the Chico Crypto YouTube channel. We especially like how Chico Crypto is upfront and transparent about the payment received in exchange for ad space. This is a refreshing change from the way crypto YouTubers usually conduct their business so we encourage you to check out his video and his channel.
Meanwhile, the Ultra testnet is making great progress and we can expect the technical team to share some first results soon. The performance of this EOSIO network is above expectations! Sounds like good times ahead for Ultra!
DeFi with BOSCore
With the BOS.IBC being utilized to realize the first iterations of Cross-chain Defi on EOSIO, BOSCore has officially entered the Defi Arena.
However, there’s a lot more BOSCore has to offer for developers to build Defi applications on BOS. The team published a detailed breakdown of all the core features and how they can be used for Defi. A pretty impressive list that is.
Kudos to BOSCore!
Womplay: Earn EOS While Gaming!
The EOS VC funded company Spielworks, creators of the Wombat wallet, just released a new product.
A gaming platform for EOSIO based blockchain games and it’s directly connected to the Wombat Wallet, to ensure an easy onboarding and a smooth gaming experience.
Gamers can earn Wombucks just by playing and win additional prizes by entering challenges.
For now, Womplay features 3 different challenge schemes:
– Performance-based Challenges.
– Point-based Challenges.
– Cashout Challenges.
Gamers can cash out Wombucks into Fiat through partnering platforms such as Coinbase and CryptoLocally.
Upland is growing as the game just expanded its map to New York and more plans become public about how Upland will become a full fledged Metaverse in the future.
In a recent NFT Hype episode, the Upland Blogger Recourier gave a great overview of all the things in the pipeline for Upland. Soon users will be able to obtain business licenses and develop retail properties, such as cafés, which allow in-game chats, galleries for NFT trading, and arcades to integrate 3rd party games.
Very exciting stuff!
The Upland team also introduced landmarks and called for creatives to participate in the NYC Landmark Design Contest.
The goal of the contest is to design 1 of these 3 locations:
- Chrysler Building
- Guggenheim Museum
- UN Building
The deadline is on September 21st at 3pm PT.
A great initiative to shape the looks of this real-world inspired metaverse with the community.
We’re looking forward to seeing the winning designs which will eventually come out in VR!
PixEOS Gallery Ready for 3D Objects
Speaking about VR and creativity. We’re happy to report that the Pixeos Gallery now supports 3D GLB assets, paving the way for 3D VR.
That’s a first for EOS based NFT marketplaces as far as we know.
3D artists can reach out to us to get onboarded via firstname.lastname@example.org.
EOS Nation is a top Block Producer on the EOS public network. We earn inflation rewards based on the percentage of tokens staked towards us. Those rewards are reinvested into EOSIO community, tools, and infrastructure. Help grow the ecosystem by staking your vote to eosnationftw for BP or proxying to proxy4nation.
Remember, we never accept compensation in exchange for featuring projects in the EOS Hot Sauce. That means if a project is included in the EOS Hot Sauce it’s because we believe that project brings value to the EOSIO ecosystem and we want our community to know about it!
Are you building an interesting project on EOSIO? We want to hear from you! Reach out to us on social media or email email@example.com.
Thank you for supporting EOS Nation and for reading this week’s edition of EOS Hot Sauce! Want more spicy updates? Check out some of our recent EOS Hot Sauce episodes!
EOS Hot Sauce ingredients: 1 Token 1 Vote: A Thorny Issue, Vigor Launch is a Success, Learning EOSIO with Lena: Block.one Webinars, Ultra & Theta AMA, WAX Detective & More NFT Launches, EOS Name Service is Back, EOS Nation’s Nigerian Campus Tour: Voice
WAX Detective puts forensic data analysis for the WAX blockchain at your fingertips — and EOS Nation is proud to make it available to everyone.
Curious? Explore the WAX blockchain like never before, and visualize the journey of tokens between accounts. Whether you’re a token holder just snooping around, or an exchange investigating the relationships between hacked accounts, anyone can be their own Sherlock with WAX Detective.
This week Yves La Rose, CEO of EOS Nation, sat down with Chaney Moore, Head Writer at Cryptowriter, for an in-depth interview about the thorny topic of 1-Token-1-Vote (1T1V) on the EOS mainnet. Chaney Moore did a great job writing this article and we hope that the community will appreciate the additional context behind our recently announced public support of 1T1V.
Thank you for sharing the EOS Hot Sauce!
Pour EOS Hot Sauce straight into your inbox
Subscribe to to the EOS Nation newsletter for weekly emails.
Disclaimer: The information provided above does not constitute investment advice, financial advice, trading advice, or any other type of advice whatsoever, and the information on our website should not be trusted as such. We present this information to you as general market commentary. The information does not constitute investment advice or any professional financial advice of any sort whatsoever. We do not advise or recommend that you buy, sell, or hold any cryptocurrency, digital token, ICO, or digital asset whatsoever. We advise users to conduct their own due diligence and consult with a qualified financial advisor before buying, selling, or holding any type of digital asset or cryptocurrency. We will not be held responsible for any investment decisions made based on the information provided on the website.