Emergency Switch Functionality for Lelantus / Lelantus Spark: To extend or retire?

The community previously gave feedback to extend the emergency switch for Lelantus for another year.

We are now 3 months away from the expiry of this extension which is expected to expire on the Friday, 13 January 2023 (what a date!).

The emergency switch allows the core team to temporarily halt the creation or spending of new Lelantus private transactions in the event there is suspicion of an exploit or an ongoing emergency (such as 51% attack) or a vulnerable time (transition periods). This switch is used very sparingly and previously mitigated damage during a discovered implementation flaw in Lelantus.

The core team has used this switch a total of three times.

  • January 2021 - 51% attack
  • Feb 2021 - Lelantus vulnerability fixes and hardening
  • August 2021 (very short time) - Moving Lelantus data to payload to enable hardware wallet support for Lelantus spends. Re-enabled almost immediately after successful hard fork.

However it is a centralization risk as the core team is able to temporarily (but publicly) halt the processing of all Lelantus transactions. Given the recent events of Tornado Cash, the core team wants to reduce control over the network.

With Lelantus Spark upcoming, we intend to retire Lelantus and not allow new Lelantus mints but still allow Lelantus spends for a period of time so that users can migrate their funds over to Lelantus Spark. My recommendation is that this period is not less than 1 year as the last thing we want is users losing access to their funds because they had life issues and failed to migrate in time.As decided previously, we will require existing users to move from Lelantus to transparent before going into Spark. This allows an audit of the supply of FIRO before moving fully into Lelantus Spark.

There are three things to decide at the moment.

  1. To extend Lelantus emergency switch or let it expire?
  2. To implement emergency switch for Lelantus Spark or not? If so for how long?
  3. How long should we give for Lelantus users to bridge out before we stop allowing Lelantus spends?

We appreciate community feedback on these important issues!

2 Likes

I suppose 6 month is long enough if we keep giving people warnings and head’s up through our channels and social media.

  1. Extend - 12 Months
  2. Yes - 12 Months
  3. Unsure, it would depend on how fast community transition to Spark.
    If people have funds parked in Lelantus and we disable spends, does that mean they lose access to funds?

Yes if we disable Lelantus spends, they lose access to their funds permanently.

  1. extend
  2. implement (half or full year with possible extension if needed)
  3. at least year (and wallets should have warning and remind user to move it from Lelantus)

This is for which item?

sorry i was not clear:

  1. Extend 6month after Lelantus Spark is out (just incase)
  2. Yes, 6 more month after Spark
  3. 6 month after Spark

Hope it makes sense. I dont think we need to extend for to long and take time from Devs. 6 month is plenty.

Actually I think 6 months is quite short. Person can be in coma, or in some serious situation.

Most likely even if it will be year some people will loose funds, but 6 months is just too short.

We could see after rebrand and hard forks few people write because they have old version of wallet, etc… Many of us are pretty often on forum, Telegram, Discord, but seems some people check stuff once a year.

3 Likes

Yes I know some people in DERO that lost their funds after missing a 6 month window. The guy had personal matters to deal with (family issues and death of a friend) and then missed the window. Would really like to avoid these type of scenarios.

4 Likes

Can (% of coins transferred) be used in conjunction with a time duration?

  1. エックステンド
  2. インプレメント フォレバー
  3. ワン・ヤー

Will we be able to see how many coins are in Lelantus pool as well as Spark?

I’m not very into the tech side of things but could there be some sort of swap. Everyone holding a coin in Lelantus would get 1:1 on Spark?
If we can enable something like that then no waiting needed.

1 Like

I think the trouble is the coins in Lelantus are anonymous.

  1. Extend 12 months
  2. Yes, 12 months
  3. This needs to be as long as we can make possible. Having your money “turned off“ in someway, in my mind, was one of the main issues cryptocurrencies were trying to address in the first place.

What would be the monthly overhead to keep spends available on the old chain?

It seems to be a quite difficult topic actually.

  1. To extend Lelantus emergency switch or let it expire?
  • So the emergency switch was used already multiple times as i see, so maybe worth to extend it a bit more in case of unexpected issues never thought of, maybe 12 months to be safe.
  1. To implement emergency switch for Lelantus Spark or not? If so for how long?
  • Well, basically same answer here, if unexpected issues could surface, maybe 6 months to be safe.
  1. How long should we give for Lelantus users to bridge out before we stop allowing Lelantus spends?
  • Difficult to answer, people could be away from crypto for a while with that double bear market going on. It’s already obvious on the mining front, they are living. Maybe give them until next BTC halving, thing might shake up at this point and people could come back. Latecomers could move their funds at this point.
  1. 12 month
  2. also 12 month
  3. at least 12 month if permanent is not possible.

Hi, could you elaborate what you mean by this?

  1. Extend the switch for 6 months to allow users and zombies to migrate, revisited again after 6 months and agree on new time frame.
  2. Enable a kill switch for spark until community agrees it is safe to remove. (After audits, and hackathons) revisit bounty payouts to encourage continued security work after. Personal opinion is this should be at least a year or two…
  3. At least 6 months (plus the current 3). Maximum 1 year, maybe more depending on the statistics of users who have moved. Would be nice to impliment some type of deteriorating trade off after X time?

I agree that the team should be as hands off as posible. But for now a safety switch is helpful, as new things get added new bugs get created. Firo still has room for growth. We can not control how our users trade thier funds, but lets not fall victim of a blackhat because we removed a security feture too early. With 2miners current hashrate and the uncertainty of whats going on with GPU mining I would feel more vaulnerable with out a kill switch (FOR NOW!)

2 Likes

Having a cut-off date for Lelantus spends means we know exactly how much supply is moving into Spark and can ascertain the supply of Firo accurately. Leaving Lelantus open forever means we just have to guess at this.

There’s a way to get Lelantus mints converted automatically to Spark but we lose the supply audit function and hence we decided not to go with this and instead have it go from Lelantus > Transparent > Spark.

One of the reasons why we also want to close Lelantus spends off is so that we don’t have to maintain and watch Lelantus anymore since it’s possible that a vulnerability is found and because our attention is not on Lelantus anymore, it’s more possible that it can happen. This is basically what happened with us and Zerocoin where we were focused on doing Sigma that we stopped dedicating time to hardening Zerocoin which left us more vulnerable.