You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
multi-signature DAO, so several people who hold a stake in the protocol should sign the proposed verified build to be published. all parties stake so that DAO take stake when somebody misbehaves (e.g. spams with proposals:)
so what we lack is on-chain web of trust
Solana(so another chain can work too):
Solana storage model is a graph, not kv/arrays.
so it is natively mapped to the real web of trust
Solana can be mined to reveal a current web of trust
price chain of accounts(nodes in the graph) can be passed to any contracts(including deploy contracts)
so the contract can read the chain of trust
sure you can do that in git, but git is centralized (until it migrated to ipfs or every hosts his own ipv6 enabled server it is - GitHub is centralized - imagine removal by MS some white hat trust account)
but that is not all. how to build an incentive layer on top of git? hard. Solana is easier.
Economical incentive for crev reviews (for sure it is not work as is, but may be something like this) :
As of now people pay for deploy.
They pay to solana, but can pay to DAO too.
DAO registered root nodes and rules of trust (max lengths and trust level diminishing over length)
Several oracles publish verifiable builds version onto chain. If oracle publishes different version, hash, or does not publish updates or misses some - he is punished. Like usual oracles. So we map git chain onto solana chain.
Solana program itself is also package. And can have hash in git. So it is published by Oracles. As its dependencies.
Reviewers publish their review. May be they are Oracles too.
So when the proposer proposes deploy of new contract, he must provide proves of verification by Reviewers/Oracles accepted by DAO.
If that happens, Reviewers got vested (long term contract to transfer money as time goes, not immediately) with part of SOL give for deploy.
If somebody will deploy to often, final approvers (which do not get money from approvals), will reject, and proposer will be slashed.
So people to accept proposal setup DAO and allow proposers to earn and reviewers to earn.
If DAO signatures, reviewers and proposer are same people, than only Solana earns:) So it does not makes sense to be such.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
in blockchain, we need to be very secure.
we have the next gates in place:
0. we use rust
reproducible builds - as in other places
multi-signature DAO, so several people who hold a stake in the protocol should sign the proposed verified build to be published. all parties stake so that DAO take stake when somebody misbehaves (e.g. spams with proposals:)
so what we lack is on-chain web of trust
Solana(so another chain can work too):
sure you can do that in git, but git is centralized (until it migrated to ipfs or every hosts his own ipv6 enabled server it is - GitHub is centralized - imagine removal by MS some white hat trust account)
but that is not all. how to build an incentive layer on top of git? hard. Solana is easier.
another topic - on blockchain we have to trust 3rd parties for now. but the solution is more or less clear solana-labs/solana-program-library#2713
but not for dependencies review.
Economical incentive for crev reviews (for sure it is not work as is, but may be something like this) :
Beta Was this translation helpful? Give feedback.
All reactions