Thorchain AMA January 2021
Questions by Can Gurel, answers by Leena.
Afaik txns in THORchain are traceable (txOUTs contain inhash and outhash data). How does peer-to-pool increase privacy? Where do you position mgEtchain in terms of privacy?
Every transaction is auditable (necessarily so), so THORChain is *not* private. In fact, it could become the source of the largest publicly queryable cross-chain address graph. In this way it could be viewed favourably by regulators (compare to black-box asian exchange that not even subpoenas can touch). However, THORChain will support privacy coins, but it is up to the users of those privacy coins to make the transactions required to access those anonymity sets. THORChain is not private, but does not stop users leaving through the back door.
How did you solve non-finality (chain reorg) problem of Bitcoin? What happens when it’s too late to remove a witness txn from state machine (psOVI already signed & broadcasted on another chain)
PoS chains with bounded validator sets can reach finality deterministically. PoW chains with unbounded validator sets can never reach finality, simply because the size of validator set is never known. THORChain assumes that blocks won’t be re-orged if the cost to reorg those blocks exceeds the economic gain from undoing all the relevant transactions (only consider first-order gains). THORChain assumes the “cost” of the block is equal to the “value” of the block (block rewards + transaction fees), and simply measures the value of the transactions in the block against this, and rounds up. Ie, 10 incoming Bitcoin will require 2 confirmations, because 2 confirmations has a cost of 12.5 Bitcoins. THORChain then scans for re-orgs, and if it finds a previously reported transaction has “disappeared” in a re-org, then it tells THORChain in a special “errata” tx, to undo the state, and socialise the losses. Essentially THORChain expects to be maliciously re-orged at some point, it can gracefully recover.
What are your estimates on gas usage? (would BTC-ETH swap on THORchain consume less or more than WBTC-WETH swap on uniswap) What is the tradeoff you make when setting gas costs. Why did you make that tradeoff?
Gas is a rabbit-hole. THORChain applies some broad-brushed “good-enough” thinking, expecting at some point that something can go wrong, but has options to recover. All outgoing gas is paid directly from the gas-asset pools, essentially BTC/ETH/BNB LPs are paying for all gas on each chain, but they get paid back in RUNE a block later. Nodes continually update a trailing average of gas prices for each chain (average of each block), and users will pay a cost that is 3x that. Ie, if $1 is the average gas cost for BTC, users will pay $3. Nodes then use a gas price that is 1.5x, which means that each transaction in theory can tolerate more than a 50% rise in gas prices from block-to-block. For BTC, child-pays-for-parent, so subsequent transactions can bump up pending outs. For ETH, there is no fee-bumping logic, since THORChain is not aware of chain-primitives like account nonces. If an ETH transaction gets stuck from a ygg vault, Asgard will process it with a newer, higher gas price, and the ygg node will be forced to cancel the transaction and get slashed 1.5x the gas used, which is insignificant. Having said that, THORChain is likely to be cheaper than a CEX and Uniswap. Cheaper than CEX because CEXs tend to use high withdrawal fees, and cheaper than Uniswap, because it’s a token transfer (60–80k gas), instead of a contract call (170k-250k on Uniswap).
Where can I access most updated and accurate supply(emission) curve?
See this link.
What is the motivation behind separating vaults (primary/secondary) & moving funds from one vault to another frequently?
There are two vaults, primary (asgard) and secondary (yggdrasil). Asgard is a 24/36 TSS committee, each key-sign takes 15 seconds and throughput is very slow. Yggdrasils (36 of them) are 1-of-1 and can do swaps in <1 second. So more than 500 times the throughput. Ygg was originally intended to be 2 of 3 TSS vaults, but there is complexity tradeoff. 1-of-1 has some other nice characteristics such as better funds availability, less coordination and the possibility in future of doing memo-less transactions via sub-addresses. The only downside of 1-of-1 is that nodes lose plausible deniability on outgoing transactions. However, if a node is ever delegated to do a swap to an address they don’t like, they can deliberately skip it. They will get slashed and Asgard will do it, which has plausible deniability. So each node as an “out”, although it inevitably will cost them. The other part of the question is churning — churning regularly:
- proves solvency — the funds are there
- proves liveness the funds can still be accessed.
- stops validator stagnation and network capture
- encourages node bond bidding up — increases security
- allows fast upgrades — the network rebuilds itself continually
You should be extremely skeptical of any network that does not churn its validator set regularly.
Is there an explicit incentive for node operators to blow whistle on each other when they spot each other not conforming to consensus rules (earning part of the slashed points etc.)
Nodes continually monitor each other. Nodes that don’t witness get slashed. Nodes that don’t sign get slashed. Nodes that double-sign blocks get slashed. All of this is built in to the software. Operators don’t need to do any out-of-band monitoring.
“if a node sends funds without authorization, the bond is slashed 1.5x the value of the stolen funds. The slashed bond is dumped into the pool(s) where the funds were stolen and added to the reserve.” Can nodes send funds without TSS? If so, under which circumstances?
Yggdrasil vaults are 1-of-1
Where is the intended business logic (swap, 1p removal etc.) embodied inside a bitcoin txn?
OP_RETURN — VOUT2 and VOUT3 specifically.
How is the network governed? What decisions (churn speed, min bond etc.) can be made by admins?
Mimir simply tweaks network parameters currently, in time these will ossify and mimir can be purged. There is no need for admins. After mimir is gone and a network parameter *needs* to be update, it can be done via a network upgrade. Mimir does *not* have access to funds, nor can invoke the network to stop or make a transaction.
⦁ Who gets to decide the winner of competition in node cycling?
The winner of the churn is the highest bonded standby node.
What exactly can nodes steal if %67 collude? Funds in primary or secondary vaults or both? what about rune in pools? Can a node steal any funds at all without a 67% collusion?
67% of the nodes can steal everything except for funds in yqg vaults. This is why you should be highly dubious of any network that does not have over-collaterised vaults (nodes must bond more than they secure). Ygg vaults can steal all their own funds but they will get slashed 1.5x.
Which properties will/must stand out for THORchain to achieve product market fit in your opinion? (security/reliability, privacy, liquidity/optional KYC, ease of use/UX, gas fee?, prevention of front running etc.)
THORChain must deliver a working cross-chain liquidity network with BTC and ETH as a minimum with a decentralised validator set. Technically THORChain can recover from a pOwned Asgard vault (think 0-day TSS exploit) because it can recover some funds and re-start the network. It can definitely recover from any other funds loss from any one vault or chain. It can handle re-orgs and chain halts. THORChain gets close to full uptime, but it doesn’t need 100% reliability, just “eventual consistency”. THORChain is not private, but it gives users the option of being private.
THORChain will always be liquid enough for the needs of the day. THORChain is a protocol, not an interface. Centralised interfaces can build KYC into the products as a service, plugging into THORChain as the “backend”. The community will in time build excellent interfaces, partly because THORChain now supports affiliate fees — interfaces can add an optional fee parameter to all swaps signed from their interfaces and collect revenue.
It’s not possible to front-run on THORChain due to its swap-queue. The highest fee and highest slip transactions are always processed first.
If you’d like to read more articles/guides about Thorchain check this Medium page out.