Why should I trust tokens launched under SNS?

All ingress messages are in the chain so yes, so is the Wasm.

Essentially, given the (empty) genesis state, full chain and all replica versions that were used you can reach (and verify) the current state of the subnet. Same as with any other blockchain.

1 Like

finally!!! The community and investors have been waiting for the block data to be public for a year! Without block data being fully public, no consensus could be fully trusted

2 Likes

We must differentiate between the condition of trust and verifiability. All block chains require some degree of trust in the nodes (and the software they run) that produce the chain, even bitcoin. Usually this means we implicitly trust that more than 1/2 nodes are honest. This also applies to subnets in IC. Without this trust being the precondition, we can’t talk about verifiability.

Now on verifiability. Opening up block data is of course a simple (or should I say, naive) way to prove both data and execution are executed correctly (according to the code). But it is also complex, and out of reach to most end users, who still end up having to trust some 3rd party providers (like Infura). This is why IC invented chain key, which means it is enough to trust a message execution result by verifying a signature, putting the power of verification back in the hands of end users. Of course aforementioned pre-condition of trust still applies.

So a user can already verify a message call or certified asset really has not been tampered (because they trust 1/2 nodes of a subnet). But it is still quite far from being able to trust a canister, or a service running on IC. In addition to verifying canister’s code (module hash), we also need to pay attention to its upgrades, and configuration changes. I think this community project (also mentioned in this forum thread ) deserves more attention:

It offers a creative solution to the verifiability of canisters, tracking all upgrade histories and administrative changes. It is a great demonstration that the community can lead the innovation, instead of waiting for the foundation to deliver solutions.

I work for the foundation, and I don’t think there is an excuse not to make SNS as secure as possible. But on the other hand, publishing block data really isn’t something that’s going to benefit average users since they won’t be doing the verification. Verifying IC message calls only needs a public key. Verifying canister or services, well, now you got launch-trail.

I encourage everyone to take a look at launch-trail and see if it does solve most of the trust issues raised here, or if not, why not.

EDIT: with the above being said, I do agree that we should publish NNS block data, which is the root of trust of IC because of the automated governance.

13 Likes