We are now 3 months away from the expiry of this extension which is expected to expire on the Friday, 13 January 2023 (what a date!).
The emergency switch allows the core team to temporarily halt the creation or spending of new Lelantus private transactions in the event there is suspicion of an exploit or an ongoing emergency (such as 51% attack) or a vulnerable time (transition periods). This switch is used very sparingly and previously mitigated damage during a discovered implementation flaw in Lelantus.
The core team has used this switch a total of three times.
January 2021 - 51% attack
Feb 2021 - Lelantus vulnerability fixes and hardening
August 2021 (very short time) - Moving Lelantus data to payload to enable hardware wallet support for Lelantus spends. Re-enabled almost immediately after successful hard fork.
However it is a centralization risk as the core team is able to temporarily (but publicly) halt the processing of all Lelantus transactions. Given the recent events of Tornado Cash, the core team wants to reduce control over the network.
With Lelantus Spark upcoming, we intend to retire Lelantus and not allow new Lelantus mints but still allow Lelantus spends for a period of time so that users can migrate their funds over to Lelantus Spark. My recommendation is that this period is not less than 1 year as the last thing we want is users losing access to their funds because they had life issues and failed to migrate in time.As decided previously, we will require existing users to move from Lelantus to transparent before going into Spark. This allows an audit of the supply of FIRO before moving fully into Lelantus Spark.
There are three things to decide at the moment.
To extend Lelantus emergency switch or let it expire?
To implement emergency switch for Lelantus Spark or not? If so for how long?
How long should we give for Lelantus users to bridge out before we stop allowing Lelantus spends?
We appreciate community feedback on these important issues!
Unsure, it would depend on how fast community transition to Spark.
If people have funds parked in Lelantus and we disable spends, does that mean they lose access to funds?
Actually I think 6 months is quite short. Person can be in coma, or in some serious situation.
Most likely even if it will be year some people will loose funds, but 6 months is just too short.
We could see after rebrand and hard forks few people write because they have old version of wallet, etc… Many of us are pretty often on forum, Telegram, Discord, but seems some people check stuff once a year.
Yes I know some people in DERO that lost their funds after missing a 6 month window. The guy had personal matters to deal with (family issues and death of a friend) and then missed the window. Would really like to avoid these type of scenarios.
I’m not very into the tech side of things but could there be some sort of swap. Everyone holding a coin in Lelantus would get 1:1 on Spark?
If we can enable something like that then no waiting needed.
This needs to be as long as we can make possible. Having your money “turned off“ in someway, in my mind, was one of the main issues cryptocurrencies were trying to address in the first place.
What would be the monthly overhead to keep spends available on the old chain?
To extend Lelantus emergency switch or let it expire?
So the emergency switch was used already multiple times as i see, so maybe worth to extend it a bit more in case of unexpected issues never thought of, maybe 12 months to be safe.
To implement emergency switch for Lelantus Spark or not? If so for how long?
Well, basically same answer here, if unexpected issues could surface, maybe 6 months to be safe.
How long should we give for Lelantus users to bridge out before we stop allowing Lelantus spends?
Difficult to answer, people could be away from crypto for a while with that double bear market going on. It’s already obvious on the mining front, they are living. Maybe give them until next BTC halving, thing might shake up at this point and people could come back. Latecomers could move their funds at this point.
Extend the switch for 6 months to allow users and zombies to migrate, revisited again after 6 months and agree on new time frame.
Enable a kill switch for spark until community agrees it is safe to remove. (After audits, and hackathons) revisit bounty payouts to encourage continued security work after. Personal opinion is this should be at least a year or two…
At least 6 months (plus the current 3). Maximum 1 year, maybe more depending on the statistics of users who have moved. Would be nice to impliment some type of deteriorating trade off after X time?
I agree that the team should be as hands off as posible. But for now a safety switch is helpful, as new things get added new bugs get created. Firo still has room for growth. We can not control how our users trade thier funds, but lets not fall victim of a blackhat because we removed a security feture too early. With 2miners current hashrate and the uncertainty of whats going on with GPU mining I would feel more vaulnerable with out a kill switch (FOR NOW!)
Having a cut-off date for Lelantus spends means we know exactly how much supply is moving into Spark and can ascertain the supply of Firo accurately. Leaving Lelantus open forever means we just have to guess at this.
There’s a way to get Lelantus mints converted automatically to Spark but we lose the supply audit function and hence we decided not to go with this and instead have it go from Lelantus > Transparent > Spark.
One of the reasons why we also want to close Lelantus spends off is so that we don’t have to maintain and watch Lelantus anymore since it’s possible that a vulnerability is found and because our attention is not on Lelantus anymore, it’s more possible that it can happen. This is basically what happened with us and Zerocoin where we were focused on doing Sigma that we stopped dedicating time to hardening Zerocoin which left us more vulnerable.
The deteriorating trade-off won’t really cover what we are trying to solve here. If I understand correctly, your suggestion is about let’s say I have 1000 FIRO and if I convert within 6 months I’ll get 1000 still but if I delay, this amount will get smaller and smaller.
The main risk is that we don’t want any vulnerabilities in Lelantus to ever bite us back as we stop maintaining it. The vulnerabilities usually are of forging a zero knowledge proof somehow that passes validation and allows coins to be created out of thin air. So it doesn’t matter that it’s deteriorating since I just forge a proof for any amount that I want.