Hey folks,
Here is my follow-up to the quote above, what do all you think? Below is draft NNS motion proposal to bless the change to the plan.
Postponing proposal 20588 (Enabling canisters to hold ICP) for security concerns
1. Objective
The engineers and researchers working on the project “enabling canisters to hold ICP” discovered some security risks and issues that lead them to delay this project until some security issues are resolved (ETA: end of December 2021).
2. Background
September 17, 2021: NNS motion proposal #20588 to work on “enabling canisters to hold ICP” passed. This is an important proposal and feature as it can accelerate the growth of defi on the Internet Computer.
October 22, 2021: the team working on the project announced that they had discovered some security issues which their better judgment leads them to address first before enabling canisters to hold ICP.
October 26, 2021: After discussing in the developer forum, the consensus was the project should not be delayed unilaterally by the security concerns, but rather that the community vote and bless the delay. Enable Canisters to Hold ICP - #129 by diegop
3. State of the project currently
Implementation
The change with respect to allowing canisters to transfer ICP is small and the team working on it has the enablement of canisters to transfer ICP ready and tested. Accompanying it is a bigger piece of work, a Candid interface to specify how to interact with the ledger.
Documentation
The team has has written a spec for the ledger canister. They are working on developer guidance on how to transfer ICP in canisters and also guidance on how to verify canister smart contracts. As part of verifying a canister smart contract one may want to check that the canister’s Wasm code is correct, so they have already published guidance to verify it matches original source code 3.
Security
The team is “deliberately vague” with respect to the security
concerns, but the gist has two areas:
a. “Congestion” - This relates to the concern that there can be delays in transferring ICP, an unfortunate outcome could for instance be that one sends an ICP to fulfill a smart contract obligation but it arrives too late because an attack has clogged the system. Congestion is an umbrella term, there are several things the team wants to improve, some of them found recently. They currently have one feature addressing the most important of these issues with ETA at the end of November, other features are in the works.
b. “Sandboxing” - The team is not aware of concrete attacks but are concerned about the risk of Wasm jailbreak. We have increased the priority of canister sandboxing to address this issue, with ETA at the end of December.