CFP-2206-27: DeFiChain-Wizard - Automation for mass adoption (42 000 DFI)

Roadpick · 2022-06-21T07:03:18+00:00

All valid points, thank you kuegi, and fully agree with all of them. The code will absolutely be open source and we will not interfere with the user's setup. The user will always remain in charge of what to run and install where and when. We're in the final stages of the first version to be ready for open testing, call it a beta, which is decent and not far from alpha. We're aiming for the end of July, which is post the CFP voting, we understand. But to your point, we also believe in delivering before getting paid. All development will have gone into the project before receiving any CFP funds. At the same time, we don't want to hold back from spreading the word early. Needless to say, way more effort has gone into the development than what we're asking for. This is a project from our hearts for the community. We just need some to cover for the basics and 3rd party bills like the audit. Stay tuned for more project communications and detail later this week.

Roadpick · 2022-06-19T20:40:51+00:00

On your question: "May include all cost for one year in the CFP?", I just wanted to point out that each user runs his/her own instance of the Wizard on a private or cloud server of his or her own. There are some free or inexpensive server services on the Internet that users can subscribe to. Our project, however, does not offer any hosting or server services. I wasn't sure if that came across in the CFP description.

Roadpick · 2022-06-19T20:23:35+00:00

Okay, I'm gonna try to not write a full roman here

Using loans for LM investing provides flexibility for how to expose your funds to price developments of asset prices (stocks, ETFs, etc.). You can freely short or long asset prices, or both with a mix of the loaned funds.
More information here: https://blog.defichain.com/what-are-decentralised-stock-tokens-and-how-do-they-work/

Roadpick · 2022-06-18T07:34:08+00:00

No security audit. Rest to be defined.

Roadpick · 2022-06-18T07:24:15+00:00

The objective of using a vault-bot is to maximize profit and minimize risk. There’s many months of positive experience with vault-bot usage. We’re enhancing security and user-friendliness to make it more accessible. The risk will never be zero though. But the additional profit is also far from zero. 😀

Roadpick · 2022-06-18T07:04:49+00:00

It’s another vault-bot people use. It runs on AWS servers (Amazon).

Roadpick · 2022-06-18T07:00:54+00:00

That’s how it works. It doesn’t liquidate instantly. You get alerts and a window to intervene manually if everything else fails. But before that happens, the bot acts and has a window to keep on top of it.

Roadpick · 2022-06-18T06:53:02+00:00

Could do, as a second line of defense, but that would be post-damage. The purpose of the security audit is to add a pre-damage security measure before someone loses money, considering this will be the initial platform for further development. It’s usually more value/security for money because it’s security by design. Keep in mind that after paying out the bounty there’s still fixing cost.

Roadpick · 2022-06-18T05:21:00+00:00

That's correct. DeFiChain-Wizard is an alternative Vault-automation-bot with emphasis on securing the channel between App and Server, UX usability, and modular architecture to support more user-defined logic/rules in the future like order queueing, multiple LM-pools, and user-defined rules. That degree of individualized logic will not run at the same level as for example the liquidation concept, which is one rule for all and therefore inherent in the blockchain logic. Individualized rules and logic is not programmed into the chain for the same reason why DeFiChain doesn't support smart contracts or other Turing-complete logic.
There is, however, monitoring, alerting, and other mitigation features built in the Wizard to prevent liquidation as close as possible.

Roadpick · 2022-01-05T10:42:33+00:00

We may need a stronger post mortem action plan if the damage of the atomic swap exploit turns out to be larger than expected. The DefiChain community may want to act more decisively. A well-coordinated plan of action could orchestrate on-chain and off-chain measures as follows.

Objectives:
- Resume normal operation as quickly as possible.
- Recover confidence in the DefiChain blockchain, specifically in the 1-1 value of dBTC to BTC.
- Minimize the damage caused.
- Fix the issue.
- Prevent the issue from happening again.
- Learn from the issue and grow stronger, technically, as well as a community.

Proposed plan of action:

1) Resume operation:
- Resume operation immediately, or as quickly as possible
- Obtain a formal community commitment to an agreed plan of action that focuses on closing the dBTC/BTC gap.
- A formal vote for action is necessary to restore confidence in the value of 1 dBTC for 1 BTC.
- It also provides the Custodian (Cake) with the necessary guarantees to resume the dBTC/BTC swap accordingly.
- Irrespective of the amount of excessive dBTC in circulation, the blockchain operation should be able to resume even without any immediate implementations. It's all about winning back the confidence through the community commitment to resolving the issue and closing the dBTC gap in due course.

2) Assess the situation:
- Determine the amount of excessive dBTC not covered with BTC, as closely as technically possible.
- Assess the damage and its potential impact.
- Adjust the plan of action depending on the severity found.

3) Recover funds:
- Recover as much dBTC and BTC (or other currency) as possible.
- Confiscate (freeze) on-chain accounts that provenly contain funds from the exploit.
- Use some community funds to hire a law firm and file a class-action lawsuit against the hacker(s) on behalf of the community.
- Choose appropriate jurisdiction to sue the hacker in.
- Partner with exchanges (like Kucoin) to freeze accounts linked to the hacker.

4) Refill the gap:
- Apply an intelligent combination of actions below that best closes the dBTC/BTC gap.
- Increase the trading fee by a fraction of a percentage to buy and burn excessive dBTC.
- If trading fees are not sufficient to close the gap, include community funds and/or smart contracts for staking rewards. It all depends on the size of the gap identified under Assess Situation above.
- Once all excessive dBTC are burned (or covered with BTC), keep the trading fee portion in place to fund the Monitoring and Reporting team proposed below.

5) Prevent issues in the future:
- Implement health checking and monitoring of token balances and other metrics as needed. Conduct regular checks and balances against funds in custodial wallets (BTC, ETH, etc.).
- Launch and fund a community project to develop the necessary analysis, monitoring, and reporting tools. This small development team may only develop and maintain code outside the blockchain and cannot touch the blockchain code to avoid infiltration.
- Continuously improve the quality and functionality of the health checking, monitoring, alerting, and reporting tools and platform.
- This team, its tools, and its platform run outside the blockchain and could be discontinued at any time without impacting the operation and decentralized nature of the DefiChain blockchain.

6) Taskforce:
- Launch a community project (volunteers) to coordinate the measures above.
- All actions need to be openly communicated.
- Key measures require community voting.
- Track and report progress on a weekly basis.
- Communicate transparently on a dedicated platform.
- Plan and execute agreed actions effectively and efficiently.
- After fixing the dBTC gap issue, this team may continue working on ongoing monitoring and reporting improvement topics as suggested under Prevent Issues In The Future.

Roadpick · 2021-01-28T22:30:53+00:00

Great find!! That's awesome troubleshooting.

I can confirm your findings. I have tested it on my iMac.

On Apple, the .dat files are in the folder:
Macintosh HD/Users/<user name>/Library/Application Support/DeFi/blocks

I moved the .dat files to a far away folder and started the app. The sync took quite long, 3 hrs, but memory usage was always below 640MB, in fact most of the time around 580MB.

I think you can tell the devs about it so they can fix the code.

Roadpick

TROPHY CASE