HIP-17: Blacklist

Not sure if you even understand what I wrote. And as you respond this looks for me you don’t really understand the process of a proposal.
Till 5 hours ago this was a process like make a proposal, getting constructive feedback and implement those and get it to a finished proposal. What now happens is that after a Video on Youtube was posted people came up with just comments and no more constructive discussion.

I hope you know that you can be blacklisted on any smart contract? USDC and USDT do it regular. And also I hope you check all your investments and those smart contracts? Here just a example from a Token on Harmony with $5m TVL

1 Like

Thank you for sharing the info on that contract. About USDC and USDT, ofc it can be frozen, this is why it’s much better to turn to $UST.

Also I am very interested in knowing which is that smart contract. This is the type of information that we need. For instance, a smart contract like that could be listed on a website as malicious, just a warning so users can know if they are willing to take the risk of having their funds frozen or not.

Since you know your way around these things. What you could do was sharing a tutorial on how to audit smart contracts for instance so any individual can know. That would be tremendously beneficial for the community. To share these things.

And have say, a website where automated audits that exist on Harmony would be available. So before people jump in they can research it very fast just on the website. They see for instance that a SC can do what you listed, they have the conscious decision to go in or not. Most people on hearing that their token can be frozen would probably step back. A warning is something that always helps.

Also 5 TVL is nothing. Everyone should stay away from that smart contract if they can do that. That’s a very red flag.

2 Likes

100% agree I just found out about this on reddit. This needs to be more public for such a massive change.

3 Likes

Awful idea! What on earth are thinking! This sets a very dangerous precedent for an ecosystem that should be permissionless - if people got rugged, tough luck, that’s life.

6 Likes

One key point you made - education is key.

Let’s have a discourse on a few terms - as I think people are not all on the same page with even defining these base terms.

To start, could you put clearly into words what you mean by “one of the principles of a permissionless and decentralized blockchain”?

  1. What is a decentralized blockchain?
  2. What is a permissionless blockchain?

I think this is a good place to start answering that first question - please read the following post by Vitalik Buterin from 2017 regarding the meaning of decentralization. The Meaning of Decentralization. “Decentralization” is one of the words… | by Vitalik Buterin | Medium

As you will see, there are different “axes” (or perspectives) you can think about decentralization in the design of the chain. It is important to realize that any blockchain is DESIGNED (rules, mechanisms, processes are envisioned and implemented). We should look to the Harmony whitepaper for information on their vision of decentralization in designing the Harmony blockchain.

Also, it is important to realize that when using these terms these concepts often exist as a spectrum in practice. This means, instead of something being either “decentralized” or “not decentralized”, we are rather looking at how much decentralization is in place.

A blockchain’s “decentralization status” may change over time – Harmony is one such case, as they are increasing validator nodes and the core team is relinquishing control over the nodes, such that the protocol is moving toward a more decentralized state.

It may be that mechanisms which are put in place at one point in time during a blockchain’s lifespan are not a good fit for it later on – if that’s the case, the mechanism can get removed.

There is further a need to accurately define the premises of a “permissionless” blockchain. I will follow up with additional posts once I’ve had time to gather some sources and examples to illustrate.

A few questions which should be considered:

  1. Why are people equating “decentralized” with essentially, “no rules”? (Making arguments that we shouldn’t have mechanisms in place to deter or stop malicious actors like wallet hackers, is, to me, an argument for “no rules”). The Harmony blockchain is a system designed with a set of rules (and yes those rules can change, which is what these proposals are for), for actors within the system.

  2. Do people realize that the system is in fact designed with deterrents for malicious actors (validators) already? Ex. slashing.

8 Likes

This is pointless. This wont stop people to ape in to projects with out DYOR. Ant the best way to avoid loosing your funds to rugs is to DYOR. Been proven time and time again.

7 Likes

I read this idea on Reddit absolutely speechless, I signed up just to vote no.

1 Like

A continuation of my post from earlier, I now move on to see if I can clarify what I believe “permissionless” should mean, and why I think the concept is being misconstrued by many in the crypto space.

As a preface, all I did was google “permissionless blockchain”, and there are a variety of hits that discussion permission vs permissionless blockchains.

I picked one from a law firm link on page 1, as I think they have less incentive to be potentially biased compared to a media outlet, though I did not read every hit from my search. See here: https://freemanlaw.com/permission-and-permissionless-blockchains/

Relevant excerpt here:

As you can see, the “permissionless” nature of the blockchain is really used in the context of permission to participate in the upkeep of the chain (i.e. being a validator). Anyone can, so long as they meet the requirements set forth in the chain’s governance model (for Harmony, I believe all validators can vote, but only elected ones that have achieved the minimum stake required, can generate rewards and have their work counted for consensus…but I could be wrong).
It is not meant to apply to any USER of the chain, in my opinion.

However, even in that sense, for the most part, usage of the chain is also permissionless — anyone can add Harmony mainnet to their metamask, and start using it. I don’t think this should extend to “abusing” it.

And this is where the “blacklisting wallets” part comes into play. If you are a user of the blockchain (and maybe also for malicious validators), but your intent is to be malicious, perhaps we as the stewards of this chain decide that we want to deter you from further access/profiting off your actions. Since the chain is decentralized, transactions are transparent. We can identify these addresses as the actors, even if the owner identity remains anonymous. The chain is still decentralized because the consensus mechanisms are still untouched by this “blacklist wallet” feature.

Decentralized and permissionless does not mean ungoverned. Personally, I would hope that the community of Harmony users do find importance in setting forth deterrents for bad actors.

I do agree that proposals need to be well-thought through before being implemented. But I think the rhetoric of any types of “control” or “censure” ability being against the “ethos” of a decentralized and permissionless blockchain to be a bit off-base.

Harmony is one chain among many. Nobody forces a person to use a particular chain, which has a particular structure is governed with its own set of rules. If one does not like the structure/rules of a particular chain, then just don’t use that chain. I would hope that if we can get thoughtful, useful, mechanisms in place, we (the community of Harmony users/governance tokenholders) can deter potential malicious actors from wanting to use the Harmony chain.

When I originally started writing these threads, it was in response to a Twitter thread I saw that encouraged many to come on here to vote “no”, due to what I think is a misunderstanding of the terms “decentralized” and “permissionless”.

After looking at the initial proposal itself, I do think there needs to be more thought into the design of such a mechanism (as some mentioned, if consensus is required, how do we ever act quickly enough to blacklist an address in many cases?). However, that’s a separate issue than the general question of just “is it ever okay for this chain to be able to blacklist wallets”? I don’t think it goes against the “ethos” of the Harmony chain. In fact, since Harmony espouses a mission of building bridges and working together/being harmonious, I think the ethos clearly favors strong deterrents to bad actors that seek to do harm to other users on the chain.

4 Likes

Lot of angst directed at the OP but can I remind everyone that Harmony has had a blacklist since 2020 and is currently (correct me if I am wrong @sophoah ) managed by Harmony on the Leader nodes.

It is a setting in the harmony.conf file if you have ever noticed…

image

This proposal was to decentralise this process as currently we have no idea who is blacklisted or why. (If it is still operational)

Maybe things are different but I think we could do with some clarification about the current status first before piling on 1 person.

This is also not the first time this has been discussed and I have made my position clear previously about how this is not decentralised or permissionless.

Having a community and proposal process is a good thing. Healthy discussion and debate is crucial to the progress of the protocol.

Just because someone makes a suggestion, does not mean that it is guaranteed to be implemented and attacking people because you disagree with them is not a good look for the community. The OP has been publicly berated for having an suggestion and not a new one at that.

I 100% disagree with this proposal but it is a community decision, not a single one and EVERY voice in the community deserves a chance to be heard no matter how ludicrous you think it is.

THIS is decentralisation and community.

:blue_heart:

9 Likes

Big no. Although the cause is correct, this could easily be abused.

3 Likes

People have made some pretty good points on this post.

I just want to thank @ben2k_Stakeridoo for bringing this proposal up. Although people have come to a consensus of no, It’s great that this discussion has been brought to the table.

As governors, we won’t always bring up proposals that get agreed upon and passed, but I believe the most important thing is that governors continue to bring options to the table for potential change in case people would like the option.

If only we had this much participation from the community on posts that don’t have such a controversial edge to it…

8 Likes

(post deleted by author)

To make my point clearer:

Everything human-related needs a government, we have DAOs on blockchains too.

However blacklisting on the consensus layer of the blockchain is giving out too much privileges even it’s carefully reviewed and can be an expensive mistake.

However this gives an idea of creating a DAO which will DYOR for newbies.

The proposal as it is is a very bad idea, both as concept and as effectivity.
First, it allows to arbitrarily freeze any account. This goes against the concept of a permissionless blockchain. The ability of meddling with addresses is a big reason why EOS lost steam.
Second, with the current block times o 2s, when the victim realizes that the funds were hacked/rugpulled, they could have been forwarded several times to multiple addresses, making it very difficult to track and freeze.

An option would be to give the hacked address the possibility to freeze just the funds transfered to the destination address for a maximum and renewable amount of epochs. This would give the opportunity to deal with the specific dispute without compromising the permissionless nature of the whole blockchain.

1 Like

I understand your point and your concern and thanks for continuing the conversation I really appreciate having other perspectives to consider!

But even if I agree with your intention I also see some serious flaws incompatible with a decentralized system, for example when you mention “malicious actions”

We do not have a written book about infinite truth to check what is good and what is bad, what’s wrong or what´s right so, in the end, everything is a subjective point of view of the people involved.

Just think for a second in real politics among people living in different countries, with different beliefs and different traditions you will notice really fast how something “bad” for some is “not bad” for others. And who can be the judge to decide who is right or not?

We can now all see a very clear case of someone doing a Rugpull, So in this case, we would have a pretty good consensus about something “malicious” but even in this case it would not be something that everyone would agree, it would be just a large portion of us.

And here you can already see the complications if we start to forbid, block, and detain users in the network according to what “a large group” decides.

Checking our history you will find that often not because a decision was taken by a large group it was right, in fact, often minorities were the right ones.

Establishing some kind of rules is something obviously necessary for being able to cohabit together I agree with you totally in there, but restricting someone, blocking, or even not allowing that person to use his wallet is something that without any doubt and due to the fact that we are not perfect, people would abuse really fast.

And large groups of people will find ways to abuse the system and in the end, being banned or canceled or blocked will be just a question of politics like happens in the real world, and the idea of anonymity and decentralization will fade awawy and we will be cohabiting in a centralized system who “takes care of us”.

In my humble opinion, the only way to stop this to happen is not even to consider the possibility of banning, blocking individuals under any concept.

Instead, we can use other kinds of measures, like warning users about dangers and educating them well, also we could make public the information of the events happening so people can learn to protect themselves well

Just my personal point of view about what I consider the most important part of the decentralization

3 Likes

providing 1 person/a group of people the power to be the arbiter of truth over an entire blockchain…? yeah, that doesn’t sound like it could go horribly wrong later down the line when it comes to malicious 3rd party influence and other means of abuse that would certainly pop up. not to mention the absolutely abysmal reputation Harmony would obtain after implementing such a feature. no!

1 Like

The team should provide more information about that list for sure but from my understanding they use it as a workaround during the spamming attack to block the attacker. The team said they will work on a rate limiter and other solutions later on to prevent this problem from happening again.

For me there is a difference between blocking an attacker paralyzing the network for a temporary period of time (despite the fact I don’t really like that solution) and to judge the fraudulent actions of people in order to decide if we should blacklist them or not.

Also keep in mind harmony is a public blockchain and if funds have been stolen, there could be an investigation made by the police.

That being said, stakeridoo had good intentions with this proposal and rug pulls are not funny at all.

4 Likes

Honestly I don’t care this anymore, if anyone in here who was commenting has read it clearly through he would saw we have since begin of this month with loosless something very fantastic ongoing! But people here just started a tribalism and attacks. Those came over Twitter from Reddit so I went to the root of his intiative and posted there my answer: https://www.reddit.com/r/harmony_one/comments/r16zfs/comment/hm2r31b/?utm_source=share&utm_medium=web2x&context=3

@Jacksteroo or @giv please close!

6 Likes

We need urgent clarification on this piece of code you just posted. Thank you for sharing it. I can only assume we are missing something because if someone on the Harmony team can freeze accounts then we have a very serious issue and a proposal to remove that functionality must be discussed asap.

3 Likes

We need a team or some Audit DAO that will audit every single project on Harmony.
People should know: not audited by DAO - high risk, you are on your own. Audited - low risk.
Additionally, a fund could be established to cover losses for audited projects in case it happens.
The initiative of @ben2k_Stakeridoo to make this space safe is something that needs to be supported and helped with suggestions that would shape it in the best way possible for the community’s benefit.
Trust we are smart enough to support each other and keep our Harmony.

2 Likes