21: Thankful for Privacy

21:1 What’s under your Mask?

With an updated Privacy Statement from ConsenSys this week indicating they collect IP and wallet address information as part of using MetaMask, the need for privacy came to the forefront again in the web3 space.

Pocket Network does not log IP addresses, and quickly became a favorite alternative for the Infura RPC, jumping about 200MM daily relays as new users switched their wallet RPC source. CTO Art Sabintsev advised that they will be publishing an updated privacy statement that explicitly spells out their commitment, along with new dashboards offering greater transparency in network usage. In the meantime, if you’re ready to switch to a private decentralized back-end RPC for your wallet, head on over to RPCList, where it takes about ten seconds to make the switch.

21:2 Bug Stompers

If you’re an infosec specialist who likes to find bugs and exploits, Pocket Network wants you! This week, the launch of the Pocket Bug Bounty program was announced, offering up to 10K USD in $POKT for folks who responsibly disclose potential vulnerabilities in the network. The tl;dr from Pocket:

We have a bug bounty program that pays up to $10k in POKT. The bounty will be valid for all open source projects owned by both Pocket Network Incorporated and Pocket Network Foundation, until PNF defines its own bug bounty program. We also encourage members of the Pocket DAO to define their own bug bounty program if they wish to further incentivize white hats.

The goal is to have the DAO and Foundation take over the bug bounty program by proposal and vote, but in the meantime, PNI will operate it. The program will use the CVSS 3.1 scoring system to determine the severity of the bug, and pay out according to the following schedule:

Vulnerabilities which affect the following repositories will be eligible for payment:

So, put on your white hats, and head on over to the repos to take a look. Happy hunting!

21:3 Community, Ecosystem, and Governance

Two active proposals have debates worth paying attention to this week. The first is PUP-26: Mitigations for Validator Downtime. The goal of the proposal is to implement harsher penalties for underperforming validators, intending to act as a pre-emptive punitive measure to enforce high uptime and QoS. While I, Olshansky, and others have voiced support for this proposal, some in the community feel it may go too far:

I’m all for increasing the penelty. But personally think reducing the downtime before jailing isn’t a good idea as it massively reduces the time to rectify any issues before being jailed. Currently it’s not really an issue because slashing is peanuts but increasing the punishment makes this much more impactful.

Having a 30min jail window basically means you are extremely unlikely to fix an issue before being jailed and thus slashed. Pretty much all other networks I can think of (and have worked with) have a 12-48hr downtime window here which gives ample time to mitigate any issues.

You could have a fail over node but this imposes other risk when automated (I. E. Double signing) and being on hand for a manual 30min switch 24/7 seems optimistic.

Also have the risk of people below the threshold running nodes with higher stakes but setups not optimised for validation (pruned DBs and so on) been considered here?. Having shorter Windows will result in more nodes potentially being jailed which could have a knock on effect if it brings these nodes into the set (if I remember correctly incorrectly pruned nodes caused halts in the past). – Andy-Liquify


This proposal is hard to accept.
The downtime window of 30 minutes is tiny.
We can assume that leaves us with 20 minutes to fix the issue after catching it.

Downloading an official Pocket snapshot and restoring it takes roughly 4 hours, and many issues in the past required downloading the snapshot.
This change would encourage all operators to work with fully pruned nodes.

If we want to compare this to other networks:
MinSignedPerWindow: 0.05
SignedBlocksWindow: 10 000
DowntimeJailDuration: 600s
SlashFractionDowntime: 0.01
MinSignedPerWindow: 0.05
SignedBlocksWindow: 30 000
DowntimeJailDuration: 60s
SlashFractionDowntime: 0.00
In the case of ATOM, we are looking at ~15 hours and ~45 hours for osmosis. – Dominik

I’ll be following this one closely as I think it’s an important enforcement action, but want to make sure we account for the needs of the validator runners.

Next up is PUP-28: Increase MaxValidators – Take Two. This proposal seeks to double the total validator count to 2000. On the surface, it seems to be another method for improving validator security, but some technical issues have been raised:

I do not support this proposal due to (please read justifications below):

  1. While the block size seems to be low enough, in the case of an increase in TXs, there could be problems with lost TXs. There is no room to increase the number of validators if we want to stay in a 96% confidence zone.

  2. Consensus will be more difficult to reach.

  3. Validators nodes requirements will increase due to gossip overhead and probably the new 1000 validators wont be able to handle this (as they did not choose to be validators, this has happened in the past with PIP-22 up-staking)

  4. Increased blockchain disk size (increases costs, disk is very expensive on cloud instances).

  5. The number of validators is already outside the Tendermint normal number of validators (1000 of Pocket vs 150 in Cosmos).

  6. Increasing validator number will reduce the average validator rewards. Reducing the rewards of servicers to remedy this is something that I find unfair (just an opinion, since it is not part of the proposal). – RawthiL

He goes on to break out each of those points into a broader explanation of his concerns, and it’s worth a read. While we want to continue to improve validator security over time, it must be balanced with careful technical oversight to reduce the scenarios in which a chain halt might occur.

21:4 /dev/null

We talk a lot about narrative in the crypto space; so much of the message around what we’re building is about stories. Dapp builders being able to achieve scale without spending millions on infra. A web3 future that is so decentralized that we don’t even have to think about infra or privacy or any of the current considerations, because you can see the full scope of the data being transferred on-chain. I think we’re closer to it than ever, and it inspires me every day to push this space forward.

But, it’s incredibly easy to let our stories be monocultural and anglocentric. One of the things that inspires me most about this space is talking with other founders who, like me, have come out of hard times both in emerging economies, and other places where the barrier to entry is so much higher. I take it as a point of pride that I work with other VCs who also consider it a cultural value in the space to find and fund the opportunities that don’t always get the narrative focus they should because their story is different from the ones who are listening to it. I was reminded of that this week when my friend healingfya.eth talked about his narrative within our greater web3 story. Too many voices aren’t heard often enough. One of the greatest promises of the DAO is that it removes many cultural and system barriers to entry in our space, since it’s so meritocratic, but that narrative often breaks down when it comes to find someone to write the check that carries them to the next level.

Pocket’s founder Michael O’Rourke talks about the supranational, a place where the cultural divides of previous social structure fall away in the face of mass participation. The achievements of a supranational body can far exceed a body divided by meaningless lines which serve to gatekeep, and a body which lifts up all of the stories in its space is far more interesting to read about. I sincerely hope that we don’t lose sight of that as we build the future of a connected world.

That’s all for this week. See you on Twitter.