Just saw a new project announced on twitter:
Which made me thinking, how can I trust transactions on the NNS Ledger?
One may argue that its code is open source, and there is nothing malicious in it. But hypothetically, if tomorrow someone were to accuse DFINITY Foundation by saying a million ICP was moved from his account to another one without consent, what can the foundation do to prove there is no foul play?
I understand that NNS Ledger keeps all historical transactions permanently in archive canisters, but these records only show which account is debited and which account is credited, and there is no record of authorization, whether a user signature or a canister’s (which is even harder since canisters don’t sign a signature to transfer ICPs).
What evidence can show that it was not the Foundation who manufactured a transaction through a malicious upgrade (followed by another correct one that covers the trail)?
Now that question gets into how NNS works, since all upgrades are handled by NNS. But by the same logic, why should I trust the records kept by NNS? NNS may also self-upgrade to remove malicious records from its state.
It seems to me that the only proof is the raw block data since genesis. Do node providers keep those?
I hope everyone can see why this is a HARD problem. Now imagine every DeFi project would have to answer similar questions… Did nobody realize this was a problem? Hard to believe…
Anyway, LaunchTrail seems to be “right on money”, solving the real problem so (hopefully) end users can go back to DONT TRUST, VERIFY!