@StakedICP legit or scam (solving in process )

Dear all,

Here are some screenshots taken today.

Statement : Non custodial
image

Statement : unlock any time

  1. Proof its custodial ( they say it themself )
  2. Proof you can possibily not unlock it at any time

And hey, some people.

image

Totally unbiased and expert on the subject - seems to be very willing to defend the team.

In this thread :slight_smile:

Enjoy reading and happy to get your opinion about this.

imo its misleading and probably a scam, and I dont want that to be associated with Dfinity.

Enjoy your day.

1 Like

Stakedicp is the protocol that mint sticp while the nns is clearly the custodian of the underlying assets

?

Read again

Stakedicp holds the keys from their stacked neurons where they store other peoples ICP

Are you also a part of it ?

The code is opensource i think you should check their github repositories

Maybe the goal is to be non-custodial, but currently, it’s not. A quick check of their canisters shows they are controlled by 3 non-canister principals. So these are your custodians.


It’s impossible to say if the solution is properly made since its source is closed.

EDIT: Actually it’s open source https://github.com/AegirFinance/StakedICP/blob/master/src/deposits/deposits.mo
I was misled by an un-updated FAQ

2 Likes

IT WILL BE CONTROL BY THE SNS / that why i think it is not right to call the project that are srill in building a scam

Are you a part of the team to say so ? Perhaps its time to write that it WILL BE NON CUSTODIAL

and not IS

Cheers,

It is non custodial cuz the icp is alr held within the nns

Not a scam. We’ve been collaborating with the founder for a while now. It’s still in its early stages, but the project holds significant potential.

4 Likes

Hey @anon98653474, thanks for raising this! I’m the founder of StakedICP.

Going to reply to a few different points in this post…

Firstly, the FAQ was a bit out-of-date. I’ve just pushed a couple updates to (hopefully) clarify.

Secondly, I guess it would be more accurate to say we are in the process of becoming non-custodial.

In v1 of the protocol (released 2022), both the staking neurons and the canisters were controlled by the StakedICP team directly. This allowed me to ship faster and test the product.

As of May 2023, the v2 of the protocol has launched. In v2, the staking neurons are no-longer directly controlled by the team, but are owned and controlled on-chain by the canisters themselves. The canisters, however are still managed by the StakedICP team. This allows the team to upgrade
the code, adding features and continuing to build.

Eventually, we would like for the protocol to be fully under community goverenance. Full DAO control is the goal.

Any suggestions on how we could communicate this better on the website would be welcome. I’m just a dev, so I don’t always nail the phrasing on things, tbh :sweat_smile:

Lastly, the code is all open-source (both the backend canisters, and the website! Yay IC!) at GitHub - AegirFinance/StakedICP. I’ve added another link to the website to highlight that.

Side note: @Zan is not part of the team, just a passionate early adopter & supporter.

8 Likes

Thanks for the feedback,

Glad to hear your good intentions and that this is just a communication issue.

All best,

Cheers

1 Like

An overview of what happens will make things clearer. From quickly checking the code it seems you are using Threshold ECDSA (inside a rust canister) to create and set up your neurons, probably setting the main canister as a hotkey so you can control it. But then I guess you need to call the ledger with the same PK to disburse neuron rewards. Not seeing HTTP outcalls in your code means you are doing that with an off-chain script. In theory, if it gets completed it will work and be non-custodial, but there are tradeoffs. You trade security for mobility. The security downgrades will come from:

  • having additional contracts that may be exploited
  • the subnet used may have lower security than the NNS one
  • the DAO can be taken over
  • the NNS doesn’t want transferrable neurons, so it may add protections which may result in the solution ceasing to work. Example: adding proof of humanity restrictions, captcha on disbursement, etc.

That risk could be worth it a bit more if you could put these tokens in an LP and still get rewards, but it’s not what will happen it seems. In order to receive rewards you need to have them staked in your contracts as far as I understand.

3 Likes

Yeah, I really need to write this all up into some docs.

HTTP outcalls are in a branch right now. That was (and is) the plan, but in the interest of shipping v2 in May, I added an off-chain relay (in cmd/oracle if you’re diving into the code) as a temporary workaround. I was trying to use the agent-rs library (same as in quill), but there are some issues to resolve to get it compiling into WASM (so it can run in a canister). The oracle script does a few things (see the code), but the short version is that it:

  • asks the main canister what it needs to do
  • builds the NNS commands
  • asks the signing canister (which owns the tECDSA keys) to sign them
  • sends the signed txns off to the NNS
  • lets the main canister know that it is all done.

Once I can get the agent-rs compiling to WASM all this can move back on-chain using HTTP outcalls. Which would be great, and remove a point-of-failure in the system. But it just hasn’t been a top priority yet.

For the bullet points you raised:

  • having additional contracts that may be exploited
    • Absolutely. We need to make sure any new/updated contracts are 100% secure. I do an internal code-review before any deploys, and we had an overall system code review done before v1 launch. We’ve been in contact with a couple auditing firms, and will get that done in due course.
  • the subnet used may have lower security than the NNS one
    • The “signing” canister, which owns the tECDSA keys, and approves all neuron operations runs on a “fiduciary” subnet. That means it runs on extra nodes for better security guarantees.
  • the DAO can be taken over
    • Definitely a risk. The DAO needs careful design to avoid a Dragginz situation. So, it can’t be rushed.
  • the NNS doesn’t want transferrable neurons, so it may add protections which may result in the solution ceasing to work. Example: adding proof of humanity restrictions, captcha on disbursement, etc.
    • Definitely a risk. We’re engaging with Dfinity to figure out how best to proceed. I am confident that as long as we’re doing our best to be a good citizen and keep the network healthy that they will be supportive. stICP can be a huge benefit to DeFi on the IC, and we’ve had loads of inbound interest from protocols building and looking to integrate.

Re LP-ing: The current stICP token design makes LPing+rewards tricky (because the balances change daily). I’m currently working on changing the token design to make that possible (more info on that). After that the priority will be getting an exchange setup so there is liquidity to sell stICP for a instant cash-out (vs delayed unstaking).

5 Likes

I look forward to see how you set this up. I think we are still trying to understand how to best set it up.

@0xAegir Thank you for your explanation. Given that you mentioned it’s an open-source project, could you please provide some insight into why the license file is missing?

The license file was missing because I hadn’t added one yet, so it was public source but copyright until now. :smile: Just consulted with the lawyers and uploaded a GPLv3 one.

1 Like