Cryptocurrency TxID Explained: Find Transaction in Open Ledger

Just how bad is Chainalysis?

I've read about how some guy got his account blocked in Binance because he sent a transaction from Wasabi wallet. I've read it goes deep into several iterations after the mix. For instance:
You send the coins into a mixer -> send it back to you to address A -> send it back to you to address B -> send it to an exchanger.
Chainalaysis will notice the coins are mixed even if you've send it to 2 "clean addresses" before that. This is insanity. It could put people into trouble since one could mix the coins, send it to someone else, then this person sends it to an exchange where he is identified with his real name, and he ends up in some money laundering investigation scheme. Just nuts.
Does it recognize all mixers? If you use helix, chipmixer or whatever else... how would it even know? Do they just keep adding more and more "blacklisted" addresses? In a long enough timeline the % of ending up in some "money laundering investigation" is increasingly higher.
Until we have proper fungibility in Bitcoin, I wouldn't send a single satoshi to an exchanger that doesn't come from:
1) Coins you've bought from an exchange that uses Chainalysis (whitelisted by default since they had it on their custody wallet, one would assume those are safe)
2) Mined coins with no tx history
These f*ckers are just developing an scheme to put people in trouble and confiscate coins. Use bisq outside of the above mentioned cases IMO. Just assume 0 privacy when dealing with your average big exchange. Better safe than sorry. Our only hope is smart devs crush their Chainalysis dreams where every coin has an ID.
submitted by cryptomann1 to Bitcoin [link] [comments]

Where's My Money? Deposits And Withdrawals At Blockfi, Celsius, Crypto.Com And Nexo Compared

Does your crypto show up in your account? And can you get it back? Looking through 100+ complaints about deposits and withdrawals, the insights are obvious but good to know...
- They require additional information like tags (XRP, XLM)
- Had major software changes (BCH, BNB, DAI / MCD, ADA)
So if you're going to move one of these coins, make sure to not forget the extra information or wait a few weeks after the change (to give these companies time to get caught up).
Raw data is below, organized by company and whether it seems the complaint was resolved. Some important notes to consider
  1. Posts about waiting a few hours for a transaction to complete were not counted. Many times (most of the time?) when it takes more than 20 minutes, nothing is broken. E.g. High gas fees on the ethereum network will mean slower processing times for stable coins and other ERC-20 tokens. Less popular tokens, like GUSD, might require people manually going into cold storage. Large (> $30,000 USD) transactions require additional verification. If it takes > 8 hours then yes something is not right. And you should email support and start posting. Otherwise sit tight.
  2. Comments from different people on the same post saying they have the same problem were not counted for "scores". Most of these comments don't add useful information and make it harder to collect the data.
  3. Posts about fiat belong to a different category because a very different set of skills and software features are needed to safely move around dollars, euros, etc. This post is about whether or not your coins are likely to get lost or be unreachable.
  4. I asked "Did this get fixed?" to a lot of people who posted about problems. Not only to see how things turned out. Also to generate a possible data point about the quality of the post. I.e. Trolls and other "special" people venting online can be identified by not bothering to follow up or respond to questions. I also hope this encourages people to not forget to follow up a few weeks later and share a final outcome - good or bad.
Company Resolved Total complaints
BlockFi 50% 2 resolved, 2 not resolved
CDC 58% 29 resolved, 21 not resolved
Celsius 61% 23 resolved, 15 not resolved
Nexo 67% 8 resolved, 4 not resolved
BlockFi (Resolved)
https://www.reddit.com/blockfi/comments/hbcxqq/withdrawal_pending/
https://www.reddit.com/blockfi/comments/dkpy38/tx_confirmed_but_no_deposit/
BlockFi (Not resolved)
https://www.reddit.com/blockfi/comments/gvnbz0/withdrawal_of_large_requires_id_and_facial_scan/
https://www.reddit.com/blockfi/comments/hwqin8/refused_withdrawal_due_to_kyc/

CDC (Resolved)
https://www.reddit.com/Crypto_com/comments/grjphd/is_the_wallet_app_buggy_for_anyone_else_crashes/
https://www.reddit.com/Crypto_com/comments/gkduf8/unable_to_add_a_wallet_to_withdraw_funds/
https://www.reddit.com/Crypto_com/comments/cpaj2y/issues_with_crypto_invest_portfolio_and/
https://www.reddit.com/Crypto_com/comments/ceu0vd/1130pm_hkt_update_withdrawals_and_deposits_are/
https://www.reddit.com/Crypto_com/comments/gi62j3/missing_cro_sending_to_the_exchange/
https://www.reddit.com/Crypto_com/comments/d6qjtb/thank_you/
https://www.reddit.com/Crypto_com/comments/gjx3xp/where_are_my_coins/
https://www.reddit.com/Crypto_com/comments/ffiz9x/transfer_bch/
https://www.reddit.com/Crypto_com/comments/f7se85/usdt_delisted_on_cryptocom/
https://www.reddit.com/Crypto_com/comments/dw8vmn/my_funds_are_being_held_hostage_by_cryptocom_yes/
https://www.reddit.com/Crypto_com/comments/clg9r2/cryptocom_is_just_a_regular_bank_be_awared/
https://www.reddit.com/Crypto_com/comments/hqa0pm/btc_withdrawal_delay_5_hrs/
https://www.reddit.com/Crypto_com/comments/hmjq69/withdrawals_and_deposits_back_online/
https://www.reddit.com/Crypto_com/comments/hlro5y/ada_withdraw_erro
https://www.reddit.com/Crypto_com/comments/hlud4t/issues_since_app_update/
https://www.reddit.com/Crypto_com/comments/hlukqc/how_long_does_it_usually_take/
https://www.reddit.com/Crypto_com/comments/hm66xm/withdrawal_impossible/
https://www.reddit.com/Crypto_com/comments/hm81fj/no_bitcoin_withdrawals_since_saturday/
https://www.reddit.com/Crypto_com/comments/hm8irg/issue_with_withdrawing_eth/
https://www.reddit.com/Crypto_com/comments/hm8kn2/communication_near_to_0/
https://www.reddit.com/Crypto_com/comments/hmbo5a/cant_withdraw_any_bitcoin/
https://www.reddit.com/Crypto_com/comments/hikkx6/withdrawal_pending/
https://www.reddit.com/Crypto_com/comments/h91u4i/issues_on_cryptocom_app/
https://www.reddit.com/Crypto_com/comments/hb5fpusdt_withdrawal_from_exchange_doesnt_work_claims/
https://www.reddit.com/Crypto_com/comments/hdjrmz/keep_getting_a_withdrawal_erro
https://www.reddit.com/Crypto_com/comments/hebtyf/withdrawal_pending_taking_over_16_hours/
https://www.reddit.com/Crypto_com/comments/hgt61j/one_exchange_withdrawal_two_app_deposits/
https://www.reddit.com/Crypto_com/comments/htf578/withdrawal_dia_is_taking_8_hrs/
https://www.reddit.com/Crypto_com/comments/he151z/btc_withdrawal_delay/
CDC (Not resolved)
https://www.reddit.com/Crypto_com/comments/gx2oyo/pending_withdrawal/
https://www.reddit.com/Crypto_com/comments/gk8wlc/wont_let_me_buy_or_withdraw/
https://www.reddit.com/Crypto_com/comments/gh6v2c/usdc_withdrawing_to_external_address/
https://www.reddit.com/Crypto_com/comments/ggk51x/cryptocom_withdrawal/
https://www.reddit.com/Crypto_com/comments/g925xg/withdraw_blocked/
https://www.reddit.com/Crypto_com/comments/cfjess/withdraw_is_in_progress_from_23h/
https://www.reddit.com/Crypto_com/comments/gk8wlc/wont_let_me_buy_or_withdraw/
https://www.reddit.com/Crypto_com/comments/9xbi1c/withdrawals_delayed/
https://www.reddit.com/Crypto_com/comments/cga2eq/delayed_transfe
https://www.reddit.com/Crypto_com/comments/hd1to7/missing_funds_from_the_exchange_after_the/
https://www.reddit.com/Crypto_com/comments/grr4vh/crypto_wallet_scammed_me_beware/
https://www.reddit.com/Crypto_com/comments/cg5zfj/helpbnb_wallet_address_in_app_is_still_old_eth/
https://www.reddit.com/Crypto_com/comments/hrwpsq/btc_withdrawl_pending_for_24_hours_zero_custome
https://www.reddit.com/Crypto_com/comments/hpteje/how_to_withdraw_cro_from_the_exchange/
https://www.reddit.com/Crypto_com/comments/hottg4/cryptocom_app_is_not_working/
https://www.reddit.com/Crypto_com/comments/ha8o7v/problem_with_the_2fa_need_help_pls/
https://www.reddit.com/Crypto_com/comments/he3qco/btc_withdraw_pending_post_7_hours/
https://www.reddit.com/Crypto_com/comments/he45kj/withdrawal_stuck/
https://www.reddit.com/Crypto_com/comments/heb85q/btc_withdraw_pending_72_hours_now/
https://www.reddit.com/Crypto_com/comments/hhqruv/withdrawal_from_cryptocom_wallet_to_cryptocom_app/
https://www.reddit.com/Crypto_com/comments/hihl04/i_cant_withdraw_whats_happening/

Celsius (Resolved)
https://www.reddit.com/CelsiusNetwork/comments/gantb4/withdraw_delay/fp11iut/?context=3
https://www.reddit.com/CelsiusNetwork/comments/gb7c4t/withdrawal_still_pending_only_for_btc/fp4wmc3/?context=3
https://www.reddit.com/CelsiusNetwork/comments/gncvj9/my_withdraw_experience_with_celsius_network/
https://www.reddit.com/CelsiusNetwork/comments/fk844a/over_20k_withdrawals_processing_time/
https://www.reddit.com/CelsiusNetwork/comments/fhftgh/where_do_i_find_pending_or_past_withdrawals/
https://www.reddit.com/CelsiusNetwork/comments/epl29a/cant_withdraw_my_deposited_sai_as_a_texas_resident/
https://www.reddit.com/CelsiusNetwork/comments/dn0vg2/problem_withdrawing_eth_from_celsius_account/
https://www.reddit.com/CelsiusNetwork/comments/cw00t5/not_receiving_withdrawal_confirmation_email/
https://www.reddit.com/CelsiusNetwork/comments/ci3h6w/eth_withdrawal_appears_as_an_internal_transaction/
https://www.reddit.com/CelsiusNetwork/comments/c2w5gk/unable_to_withdraw_anything_from_the_app/
https://www.reddit.com/CelsiusNetwork/comments/br2v75/how_do_i_withdraw_the_interest/
https://www.reddit.com/CelsiusNetwork/comments/bqynbv/unable_to_withdraw_full_account_balance/
https://www.reddit.com/CelsiusNetwork/comments/a9d2vj/withdrawals_of_any_currency_are_not_currently/
https://www.reddit.com/CelsiusNetwork/comments/gfby9l/celsius_fixed_my_deposit_issue/fpw51u3/?context=3
https://www.reddit.com/CelsiusNetwork/comments/g9oiea/deposit_missing/
https://www.reddit.com/CelsiusNetwork/comments/dkb55t/deposit_not_showing_up/
https://www.reddit.com/CelsiusNetwork/comments/eudo3n/not_receiving_deposited_bitcoin/
https://www.reddit.com/CelsiusNetwork/comments/gepzpp/all_good_all_fix/
https://www.reddit.com/CelsiusNetwork/comments/hf334d/withdrawal_issue_trueusd_tusd_stable_coin/
https://www.reddit.com/CelsiusNetwork/comments/hiriqz/celsius_is_witholding_my_crypto/
https://www.reddit.com/CelsiusNetwork/comments/hjv0io/dai_withdrawal_pending_for_24hrs_subsequently/
https://www.reddit.com/CelsiusNetwork/comments/hme5xm/its_been_more_than_3_days_of_withdrawing_my_usdc/
https://www.reddit.com/CelsiusNetwork/comments/hvi45o/eth_and_cel_good_on_etherscan_not_show_in_app/
Celsius (Not resolved)
https://www.reddit.com/CelsiusNetwork/comments/fbpnw4/why_this_app_shutdown_when_we_try_to_change/
https://www.reddit.com/CelsiusNetwork/comments/f7i2f3/withdrawal_issues/
https://www.reddit.com/CelsiusNetwork/comments/f4ptd7/cant_get_my_crypto_not_getting_withdrawal_emails/
https://www.reddit.com/CelsiusNetwork/comments/ea3hi5/eth_withdrawal_made_from_a_smart_contract/
https://www.reddit.com/CelsiusNetwork/comments/cb08he/can_you_withdraw_to_a_bech32_btc_address/
https://www.reddit.com/CelsiusNetwork/comments/c8yovc/minimum_withdraws/
https://www.reddit.com/CelsiusNetwork/comments/bqqiqg/i_cant_withdraw_my_eth/
https://www.reddit.com/CelsiusNetwork/comments/askghy/what_is_the_withdrawal_fees_service_told_me_there/
https://www.reddit.com/CelsiusNetwork/comments/gtjoc9/btc_withdraw_transaction_still_pensing_after_1_day/
https://www.reddit.com/CelsiusNetwork/comments/g9f7ym/stolen_or_lost_deposits_hold_off_on_transferring/
https://www.reddit.com/CelsiusNetwork/comments/gf8v3i/mcdai_deposit_pending_for_days/
https://www.reddit.com/CelsiusNetwork/comments/d1sc3q/eth_deposit_address_is_a_contract_address/
https://www.reddit.com/CelsiusNetwork/comments/ca2wpd/warning_celsius_does_lock_up_your_funds/
https://www.reddit.com/CelsiusNetwork/comments/hnu53f/is_anyone_else_having_trouble_withdrawing_xrp/
https://www.reddit.com/CelsiusNetwork/comments/hv2czp/celsius_received_thousands_of_dollars_of_my_funds/

Nexo (Resolved)
https://www.reddit.com/Nexo/comments/gixzgu/cant_deposit_or_withdraw_stablecoins_right_now/
https://www.reddit.com/Nexo/comments/flshbb/my_withdraw_was_rejected/
https://www.reddit.com/Nexo/comments/fiit3u/nexo_withdrawal/
https://www.reddit.com/Nexo/comments/e2ij06/withdrawal_problems/
https://www.reddit.com/Nexo/comments/fhgmxg/missing_deposit/
https://www.reddit.com/Nexo/comments/f3z9kq/account_showing_no_balance/
https://www.reddit.com/Nexo/comments/gj3ub0/bnb_withdrawals/
https://www.reddit.com/Nexo/comments/hlxpnd/i_made_an_eth_deposit_36_hours_ago_the_txid_shows/
Nexo (Not resolved)
https://www.reddit.com/Nexo/comments/dpvrgj/nexo_withdrawal_pending_1_day/
https://www.reddit.com/Nexo/comments/dno3up/withdrawal_email_confirmation/
https://www.reddit.com/Nexo/comments/dm6nn9/withdraw_from_binance_dex/
https://www.reddit.com/Nexo/comments/c67gis/anyone_else_having_problems_with_loan_withdrawals/
submitted by thegoldlust to Crypto_com [link] [comments]

Where's My Money? Deposits And Withdrawals At Blockfi, Celsius, Crypto.Com And Nexo Compared

Does your crypto show up in your account? And can you get it back? Looking through 100+ complaints about deposits and withdrawals, the insights are obvious but good to know...
- They require additional information like tags (XRP, XLM)
- Had major software changes (BCH, BNB, DAI / MCD, ADA)
So if you're going to move one of these coins, make sure to not forget the extra information or wait a few weeks after the change (to give these companies time to get caught up).
Raw data is below, organized by company and whether it seems the complaint was resolved. Some important notes to consider
  1. Posts about waiting a few hours for a transaction to complete were not counted. Many times (most of the time?) when it takes more than 20 minutes, nothing is broken. E.g. High gas fees on the ethereum network will mean slower processing times for stable coins and other ERC-20 tokens. Less popular tokens, like GUSD, might require people manually going into cold storage. Large (> $30,000 USD) transactions require additional verification. If it takes > 8 hours then yes something is not right. And you should email support and start posting. Otherwise sit tight.
  2. Comments from different people on the same post saying they have the same problem were not counted for "scores". Most of these comments don't add useful information and make it harder to collect the data.
  3. Posts about fiat belong to a different category because a very different set of skills and software features are needed to safely move around dollars, euros, etc. This post is about whether or not your coins are likely to get lost or be unreachable.
  4. I asked "Did this get fixed?" to a lot of people who posted about problems. Not only to see how things turned out. Also to generate a possible data point about the quality of the post. I.e. Trolls and other "special" people venting online can be identified by not bothering to follow up or respond to questions. I also hope this encourages people to not forget to follow up a few weeks later and share a final outcome - good or bad.
Company Resolved Total complaints
BlockFi 50% 2 resolved, 2 not resolved
CDC 58% 29 resolved, 21 not resolved
Celsius 61% 23 resolved, 15 not resolved
Nexo 67% 8 resolved, 4 not resolved
BlockFi (Resolved)
https://www.reddit.com/blockfi/comments/hbcxqq/withdrawal_pending/
https://www.reddit.com/blockfi/comments/dkpy38/tx_confirmed_but_no_deposit/
BlockFi (Not resolved)
https://www.reddit.com/blockfi/comments/gvnbz0/withdrawal_of_large_requires_id_and_facial_scan/
https://www.reddit.com/blockfi/comments/hwqin8/refused_withdrawal_due_to_kyc/

CDC (Resolved)
https://www.reddit.com/Crypto_com/comments/grjphd/is_the_wallet_app_buggy_for_anyone_else_crashes/
https://www.reddit.com/Crypto_com/comments/gkduf8/unable_to_add_a_wallet_to_withdraw_funds/
https://www.reddit.com/Crypto_com/comments/cpaj2y/issues_with_crypto_invest_portfolio_and/
https://www.reddit.com/Crypto_com/comments/ceu0vd/1130pm_hkt_update_withdrawals_and_deposits_are/
https://www.reddit.com/Crypto_com/comments/gi62j3/missing_cro_sending_to_the_exchange/
https://www.reddit.com/Crypto_com/comments/d6qjtb/thank_you/
https://www.reddit.com/Crypto_com/comments/gjx3xp/where_are_my_coins/
https://www.reddit.com/Crypto_com/comments/ffiz9x/transfer_bch/
https://www.reddit.com/Crypto_com/comments/f7se85/usdt_delisted_on_cryptocom/
https://www.reddit.com/Crypto_com/comments/dw8vmn/my_funds_are_being_held_hostage_by_cryptocom_yes/
https://www.reddit.com/Crypto_com/comments/clg9r2/cryptocom_is_just_a_regular_bank_be_awared/
https://www.reddit.com/Crypto_com/comments/hqa0pm/btc_withdrawal_delay_5_hrs/
https://www.reddit.com/Crypto_com/comments/hmjq69/withdrawals_and_deposits_back_online/
https://www.reddit.com/Crypto_com/comments/hlro5y/ada_withdraw_erro
https://www.reddit.com/Crypto_com/comments/hlud4t/issues_since_app_update/
https://www.reddit.com/Crypto_com/comments/hlukqc/how_long_does_it_usually_take/
https://www.reddit.com/Crypto_com/comments/hm66xm/withdrawal_impossible/
https://www.reddit.com/Crypto_com/comments/hm81fj/no_bitcoin_withdrawals_since_saturday/
https://www.reddit.com/Crypto_com/comments/hm8irg/issue_with_withdrawing_eth/
https://www.reddit.com/Crypto_com/comments/hm8kn2/communication_near_to_0/
https://www.reddit.com/Crypto_com/comments/hmbo5a/cant_withdraw_any_bitcoin/
https://www.reddit.com/Crypto_com/comments/hikkx6/withdrawal_pending/
https://www.reddit.com/Crypto_com/comments/h91u4i/issues_on_cryptocom_app/
https://www.reddit.com/Crypto_com/comments/hb5fpusdt_withdrawal_from_exchange_doesnt_work_claims/
https://www.reddit.com/Crypto_com/comments/hdjrmz/keep_getting_a_withdrawal_erro
https://www.reddit.com/Crypto_com/comments/hebtyf/withdrawal_pending_taking_over_16_hours/
https://www.reddit.com/Crypto_com/comments/hgt61j/one_exchange_withdrawal_two_app_deposits/
https://www.reddit.com/Crypto_com/comments/htf578/withdrawal_dia_is_taking_8_hrs/
https://www.reddit.com/Crypto_com/comments/he151z/btc_withdrawal_delay/
CDC (Not resolved)
https://www.reddit.com/Crypto_com/comments/gx2oyo/pending_withdrawal/
https://www.reddit.com/Crypto_com/comments/gk8wlc/wont_let_me_buy_or_withdraw/
https://www.reddit.com/Crypto_com/comments/gh6v2c/usdc_withdrawing_to_external_address/
https://www.reddit.com/Crypto_com/comments/ggk51x/cryptocom_withdrawal/
https://www.reddit.com/Crypto_com/comments/g925xg/withdraw_blocked/
https://www.reddit.com/Crypto_com/comments/cfjess/withdraw_is_in_progress_from_23h/
https://www.reddit.com/Crypto_com/comments/gk8wlc/wont_let_me_buy_or_withdraw/
https://www.reddit.com/Crypto_com/comments/9xbi1c/withdrawals_delayed/
https://www.reddit.com/Crypto_com/comments/cga2eq/delayed_transfe
https://www.reddit.com/Crypto_com/comments/hd1to7/missing_funds_from_the_exchange_after_the/
https://www.reddit.com/Crypto_com/comments/grr4vh/crypto_wallet_scammed_me_beware/
https://www.reddit.com/Crypto_com/comments/cg5zfj/helpbnb_wallet_address_in_app_is_still_old_eth/
https://www.reddit.com/Crypto_com/comments/hrwpsq/btc_withdrawl_pending_for_24_hours_zero_custome
https://www.reddit.com/Crypto_com/comments/hpteje/how_to_withdraw_cro_from_the_exchange/
https://www.reddit.com/Crypto_com/comments/hottg4/cryptocom_app_is_not_working/
https://www.reddit.com/Crypto_com/comments/ha8o7v/problem_with_the_2fa_need_help_pls/
https://www.reddit.com/Crypto_com/comments/he3qco/btc_withdraw_pending_post_7_hours/
https://www.reddit.com/Crypto_com/comments/he45kj/withdrawal_stuck/
https://www.reddit.com/Crypto_com/comments/heb85q/btc_withdraw_pending_72_hours_now/
https://www.reddit.com/Crypto_com/comments/hhqruv/withdrawal_from_cryptocom_wallet_to_cryptocom_app/
https://www.reddit.com/Crypto_com/comments/hihl04/i_cant_withdraw_whats_happening/

Celsius (Resolved)
https://www.reddit.com/CelsiusNetwork/comments/gantb4/withdraw_delay/fp11iut/?context=3
https://www.reddit.com/CelsiusNetwork/comments/gb7c4t/withdrawal_still_pending_only_for_btc/fp4wmc3/?context=3
https://www.reddit.com/CelsiusNetwork/comments/gncvj9/my_withdraw_experience_with_celsius_network/
https://www.reddit.com/CelsiusNetwork/comments/fk844a/over_20k_withdrawals_processing_time/
https://www.reddit.com/CelsiusNetwork/comments/fhftgh/where_do_i_find_pending_or_past_withdrawals/
https://www.reddit.com/CelsiusNetwork/comments/epl29a/cant_withdraw_my_deposited_sai_as_a_texas_resident/
https://www.reddit.com/CelsiusNetwork/comments/dn0vg2/problem_withdrawing_eth_from_celsius_account/
https://www.reddit.com/CelsiusNetwork/comments/cw00t5/not_receiving_withdrawal_confirmation_email/
https://www.reddit.com/CelsiusNetwork/comments/ci3h6w/eth_withdrawal_appears_as_an_internal_transaction/
https://www.reddit.com/CelsiusNetwork/comments/c2w5gk/unable_to_withdraw_anything_from_the_app/
https://www.reddit.com/CelsiusNetwork/comments/br2v75/how_do_i_withdraw_the_interest/
https://www.reddit.com/CelsiusNetwork/comments/bqynbv/unable_to_withdraw_full_account_balance/
https://www.reddit.com/CelsiusNetwork/comments/a9d2vj/withdrawals_of_any_currency_are_not_currently/
https://www.reddit.com/CelsiusNetwork/comments/gfby9l/celsius_fixed_my_deposit_issue/fpw51u3/?context=3
https://www.reddit.com/CelsiusNetwork/comments/g9oiea/deposit_missing/
https://www.reddit.com/CelsiusNetwork/comments/dkb55t/deposit_not_showing_up/
https://www.reddit.com/CelsiusNetwork/comments/eudo3n/not_receiving_deposited_bitcoin/
https://www.reddit.com/CelsiusNetwork/comments/gepzpp/all_good_all_fix/
https://www.reddit.com/CelsiusNetwork/comments/hf334d/withdrawal_issue_trueusd_tusd_stable_coin/
https://www.reddit.com/CelsiusNetwork/comments/hiriqz/celsius_is_witholding_my_crypto/
https://www.reddit.com/CelsiusNetwork/comments/hjv0io/dai_withdrawal_pending_for_24hrs_subsequently/
https://www.reddit.com/CelsiusNetwork/comments/hme5xm/its_been_more_than_3_days_of_withdrawing_my_usdc/
https://www.reddit.com/CelsiusNetwork/comments/hvi45o/eth_and_cel_good_on_etherscan_not_show_in_app/
Celsius (Not resolved)
https://www.reddit.com/CelsiusNetwork/comments/fbpnw4/why_this_app_shutdown_when_we_try_to_change/
https://www.reddit.com/CelsiusNetwork/comments/f7i2f3/withdrawal_issues/
https://www.reddit.com/CelsiusNetwork/comments/f4ptd7/cant_get_my_crypto_not_getting_withdrawal_emails/
https://www.reddit.com/CelsiusNetwork/comments/ea3hi5/eth_withdrawal_made_from_a_smart_contract/
https://www.reddit.com/CelsiusNetwork/comments/cb08he/can_you_withdraw_to_a_bech32_btc_address/
https://www.reddit.com/CelsiusNetwork/comments/c8yovc/minimum_withdraws/
https://www.reddit.com/CelsiusNetwork/comments/bqqiqg/i_cant_withdraw_my_eth/
https://www.reddit.com/CelsiusNetwork/comments/askghy/what_is_the_withdrawal_fees_service_told_me_there/
https://www.reddit.com/CelsiusNetwork/comments/gtjoc9/btc_withdraw_transaction_still_pensing_after_1_day/
https://www.reddit.com/CelsiusNetwork/comments/g9f7ym/stolen_or_lost_deposits_hold_off_on_transferring/
https://www.reddit.com/CelsiusNetwork/comments/gf8v3i/mcdai_deposit_pending_for_days/
https://www.reddit.com/CelsiusNetwork/comments/d1sc3q/eth_deposit_address_is_a_contract_address/
https://www.reddit.com/CelsiusNetwork/comments/ca2wpd/warning_celsius_does_lock_up_your_funds/
https://www.reddit.com/CelsiusNetwork/comments/hnu53f/is_anyone_else_having_trouble_withdrawing_xrp/
https://www.reddit.com/CelsiusNetwork/comments/hv2czp/celsius_received_thousands_of_dollars_of_my_funds/

Nexo (Resolved)
https://www.reddit.com/Nexo/comments/gixzgu/cant_deposit_or_withdraw_stablecoins_right_now/
https://www.reddit.com/Nexo/comments/flshbb/my_withdraw_was_rejected/
https://www.reddit.com/Nexo/comments/fiit3u/nexo_withdrawal/
https://www.reddit.com/Nexo/comments/e2ij06/withdrawal_problems/
https://www.reddit.com/Nexo/comments/fhgmxg/missing_deposit/
https://www.reddit.com/Nexo/comments/f3z9kq/account_showing_no_balance/
https://www.reddit.com/Nexo/comments/gj3ub0/bnb_withdrawals/
https://www.reddit.com/Nexo/comments/hlxpnd/i_made_an_eth_deposit_36_hours_ago_the_txid_shows/
Nexo (Not resolved)
https://www.reddit.com/Nexo/comments/dpvrgj/nexo_withdrawal_pending_1_day/
https://www.reddit.com/Nexo/comments/dno3up/withdrawal_email_confirmation/
https://www.reddit.com/Nexo/comments/dm6nn9/withdraw_from_binance_dex/
https://www.reddit.com/Nexo/comments/c67gis/anyone_else_having_problems_with_loan_withdrawals/
submitted by thegoldlust to CelsiusNetwork [link] [comments]

Binance scammed me 1516 USDT with unethical verification requests! Stay Away from this Scam Exchance!

Binance scammed me 1516 USDT with unethical verification requests! Stay Away from this Scam Exchance!
I woud like here to point how BINANCE scammed me 1516 USD with some bullshit and unethical requests.
What happened?
On 2019-12-20 I registered a binance account. I choosed to not verify my account as the limits of 2 BTC were more than enough for me!
I deposited same day 0.21 BTC and sold it for USDT.
Since I didn't use my account. On March 30 I logged in from a new computer. The system sent me an email to authorize the new device. This was done successfully.
Later I tried to withdraw around 700 USD worth of BTC. The request was cancelled an the sytem asked me to verify my identiy. What???? What's the purpose of using unverified account????? So whenever I change my machine and login, I will have to submit my documents??
Meanwhile I had some discussion with live support, who tried to help. Finally, I have been told that I have no other choice than doing the full verification. I decided then to do the verification which was done finally successfully.
You can see here:

https://preview.redd.it/pkqhioutdfs41.png?width=493&format=png&auto=webp&s=fe4b632deb7d6d133d0894f6dfe1ac39b458b463

I spoke again with the support, they told me that I can try again, now that I'm fully verified, I can withdraw my funds.

https://preview.redd.it/v0gddx81efs41.png?width=488&format=png&auto=webp&s=fbe27450f5a0a6247080be59d0c0f064c736eb55
So I tried again to withdraw some BTC, first the status for "Waiting for approval" then later it changed "Rejected" with the info "Withdraw rejected. Risk control". What???
I contacted again the support and I have been told that I will receive an email from Binance within few hours.
Almost 20hrs passed, nothing from Binance. So I opened a Ticket.
u/ilir_binance 2821529 # is Ticket number for reference! Ticket was opened on 03/31/2020 (12 days ago by the time of writing this post).
Next day I received an answer from Binance support. And look what these people are asking me:
Dear user,
Thanks for reaching out,
We apologize for the delay in response due to the high volume of requests. As per checking, we found that the withdraw function was suspended due to the withdrawal risk control. We are willing to help you resume the withdrawal of your account. However, we may need some information to make progress.
Security questions:
  1. Account registration date
  2. Account registration IP
  3. Device information
So far this is not a problem to provide. I already provided this.
Furthermore, they asked me to record a video :
A video of the first deposit you made to your Binance account. The video would contain the login process (do NOT show password) of the platform/wallet where you made this transaction to your Binance account, find the transaction and show us the full TxID, date and amount information.
Seriously?????? These were parts of my answer to them, same day:
Hello guys,
Thank you for your reply, but I'm sorry to say that what you are asking is absolutely unethical, but it's okay. Your Kingdom, Your rules. I'm happy to solve this issue, take out my money out and never use again your terrible exchange.
[...]
  1. You wrote:
", please provide your withdrawal records and communication records with Binance CS"
Where the hell should I get communication records?? I had some chat with your support when my account got locked.
But where the hell should I get these communications?? Are you kidding me?
You asked for my withdrawal records? Which ones??? One was rejected, the other was cancelled.
So there was no withdrawal so far. So why are you asking something that does not exist??
[...]
  1. And finally you wrote:
"A video of the first deposit you made to your Binance account. The video would contain the login process (do NOT show password) of the platform/wallet where you made this transaction to your Binance account, find the transaction and show us the full TxID, date and amount information. "
My account was opened on the 20th December 2019!
I made my first deposit on the same day, 0.21.. BTC.
This has been now now more than 4 months!!!! How should I remember now which wallet I used by that time and what Transaction ID?
Are you kidding me??????
It was not a platform, I remember I used a wallet, but I dont remember which one anymore. I checked all my current wallets and I couldn't find this transaction.
It was this transaction based on my deposit history:https://www.blockchain.com/btc/tx/....

So they basically are asking me things that they know I can't provide and so would get a way to keep my money.

I asked them if it will be enough to provide anything else and close this case.
I will request then to withdraw all my coins and after that I will request you to close my account.
I will never use again your service.
I look forward to reading you soon, as we can close this case.

Since there have been no answer from their support! I sent few email to remind them, there was simply no answer!
So this was my last email to them, 5 days ago:

https://preview.redd.it/hryd3ghsefs41.png?width=474&format=png&auto=webp&s=bd853ce43499946e225dcbd2101fbc60c7efc24d
Still today, I didn't get any answer.
I want to let everyone know about this. If this company is not a scam, I'm asking them to let me withdraw my money simply.

Bitcoin BinanceExchange CryptoCurrency CryptoCurrencyTrading CryptoScam CryptoScamAlert CryptoScamsVictims
submitted by churgercold to binance [link] [comments]

There is new a HODLING world champ

Yesterday there was a transaction that received a lot of attention, as it spent the coinbase reward from a very early block. Here is the txID for it: f38d6f043c070ce9805ee81f46db4d32d0c9f148d62bbfbc0378bc5847c7dc70
Something interesting about this transaction that I haven't seen mentioned much online, is that whoever spent those coins is now officially the HODL world champion! What is meant by this, is that of all now-spent UTXOs, the coinbase reward they spent in that block now holds the record for being the longest-held.
This is a pretty cool title to hold, the individual who owned that UTXO had been sitting on it since the absolute earliest days of the Bitcoin network. When that block was mined, BTC had no value, beyond fascinating a handful of crypto and computer nerds around the world. When spent, the output was worth almost $500,000 USD. Thats quite the HODL!
In total, this UTXO was held for 627,404 blocks, which is about 11 years, 3 months, and 11 days.
For more info, and a list of all the runner ups, see this post on stack exchange: https://bitcoin.stackexchange.com/questions/88517/what-was-the-longest-held-utxo-ever-spent/96055#96055
submitted by Chytrik to Bitcoin [link] [comments]

FAQ for Beginners

What is Bitcoin?

Bitcoin is scarce, decentralized, and global digital money that cannot be censored.

Quick Advice

  • Do not respond to strangers messaging you with investment advice or offers and read how to avoid being scammed from the posts below.
  • Do not invest in Bitcoin until you do basic research, paid off all high interest debt, and have a emergency savings account of a stable fiat currency.
  • If investing do not expect to get rich quickly. You should expect to wait at least 1-2 years before taking profits. Bitcoin is currently very volatile. In the interim spend and replace Bitcoin because its a useful currency.
  • Beginners should avoid all mining and day trading until at least very familiar with Bitcoin. Mining is very professional(You cannot efficiently mine with your computer and need to buy special ASIC machines) and most people lose money day trading.
  • Never store your Bitcoins on an exchange or web wallet. Buy your bitcoins and withdraw it to your personal wallet where you actually own them instead of IOUs. Services like Robinhood and Revoult should be avoided because you cannot withdraw or use Bitcoin.
  • Make sure you make a backup of your wallet(software holding keys to your BTC) and preferably keep it offline and physical and private. Typically 12 to 24 words you write down on paper or metal. This onetime backup will restore all your keys, addresses , and Bitcoins on a new wallet if you lose your old wallet.
  • Beginners should avoid altcoins, tokens, and ICOs at least initially until they learn about Bitcoin. Most of these are scams and you should be familiar with the basics first. Bitcoin is referred to as BTC or XBT.

Exchanges Requiring ID Verification

Bitcoin = BTC or XBT on exchanges
Exchange Buy fee* Withdraw BTC Notes
Cash App Sliding ~2.2% to 1% 0 BTC Instant Withdraw, USA only
Coinbase Debit3.99% ACH1.49% 1-4USD ~7Day hold BTC withdraw
CoinbasePro 0.5% 1-4USD ~7Day hold free ACH Deposit or €0.15 EUR SEPA fee
Gemini 1.49% to 0.25%ATrader 0 BTC 10 free BTC withdraws w/ActiveTrader
Kraken 0.16% 0.0005 BTC Deposit Fiat=USwire+5USD or SEPA free
Bitstamp 0.50% 0.0005 BTC Deposit Fiat=0 SEPA or 5% card fee
Note: Exchanges all have unique market prices and spreads so fees alone will not tell you the best rates. Best way is to directly compare the rates between exchanges. Buy fees above are for normal trading volumes. Verification and hold times can vary based upon lack of history, verification level or credit.
More exchanges per location
For a secure Decentralized Exchange (DEX) use https://bisq.network

Recommended Wallets

Best wallets for securing small amounts of BTC
electrum For Desktop and Android
Pros= Great Desktop and Android wallet with advanced functionality like coin control
Cons= UX is not as polished as some other wallets, make sure you only upgrade from official sources like play store or https://electrum.org as malicious servers or adverts can tell you to upgrade malware from other sites
https://www.youtube.com/watch?v=E4EhZg5QslI
Phoenix LN wallets for Android
Pros- Lightning network integration(as well as onchain) allowing you to spend with LN merchants for instant confirmations and much lower fees. Easiest lightning wallet to use
Cons- Lightning is still somewhat experimental and less merchants accept it.
https://phoenix.acinq.co/
https://www.youtube.com/watch?v=Cx5PK1H5OR0
Breez LN wallet for Android and IOS
https://breez.technology
https://www.youtube.com/watch?v=t_4b-y4T8bY
Pros- Lightning network integration(as well as onchain) allowing you to spend with LN merchants for instant confirmations and much lower fees
Cons- Lightning is still somewhat experimental and less merchants accept it.
Other Lightning wallets - http://lightningnetworkstores.com/wallets
Blockstream Green Wallet IOS and android wallet
Pros- Great UX, easy hardware wallet and full node integration, RBF, HW wallet support and advanced 2fa options Cons- Until single signature is released 2 of 2 multisig means that one must depend upon blockstream’s server for tx signing. Other light wallets are dependent upon other servers as well but light wallets like electrum allow you to swap servers.
https://www.youtube.com/watch?v=uO3Zi9D5b0Y
https://blockstream.com/green/
Securing Larger amounts of Bitcoin
ledger nano S wallet = ~68 USD https://shop.ledger.com/products/ledger-nano-s
https://www.youtube.com/watch?v=YI1OntWB7wc
https://www.youtube.com/watch?v=AGe2GgfkO64
trezor one wallet = ~54 USD https://shop.trezor.io
https://www.youtube.com/watch?v=pT1j_kbZBEo
Trezor Model T = ~164 USD https://shop.trezor.io
https://www.youtube.com/watch?v=i3BIo5Ac_n4
Cold Card Hardware wallet = 119.97 USD https://store.coinkite.com/store/coldcard
https://www.youtube.com/watch?v=kocEpndQcsg
https://www.youtube.com/watch?v=f8dBNrlwJ0k
Digital Bitbox 02 = 109 USD https://shiftcrypto.ch/bitbox02/
https://www.youtube.com/watch?v=tdP_7LgZw7s
https://www.youtube.com/watch?v=z7nRq2OEhiw
https://www.youtube.com/watch?v=6D4FgJo3j64
Best Advanced Bitcoin Wallet= Bitcoin Core
Pros= Great privacy and security
Cons= UX is for more experienced users, takes ~week to sync and requires ~5GB minimum disk space if prunned
https://bitcoincore.org/en/download/
Best High Privacy Bitcoin Wallet = Wasabi
Pros= Best Privacy with Chaumian CoinJoin built in
Cons= mixing coins costs more fees and for more advanced users
https://www.wasabiwallet.io/#download
https://www.youtube.com/watch?v=ECQHAzSckK0
https://www.youtube.com/watch?v=zPKpC9cRcZo&list=PLmoQ11MXEmahCG1nkbKK6DiAwVx9giJCi
https://www.youtube.com/watch?v=y8wQK-Ndl3Q&list=PLPj3KCksGbSaEmjU0sywoTYDVYYSu8LsS

Further Resources

https://www.lopp.net/bitcoin-information.html
https://www.lopp.net/lightning-information.html
https://10hoursofbitcoin.com/
http://bitcoinrabbithole.org/
https://bitcoin-resources.com
https://www.bitcoin101.club
https://21lessons.com
submitted by bitusher to BitcoinBeginners [link] [comments]

[UPDATE][M] Ryo Currency 0.5.0.0 "Fermi Paradox"

[UPDATE][M] Ryo Currency 0.5.0.0
https://preview.redd.it/o6o6y8g9rwi41.jpg?width=1920&format=pjpg&auto=webp&s=fe52faff108d163f476907e004cac1ef47aaa1a9
[M] - Mandatory. The update contains security fixes or contains fork update (wallet will stop working after some height reach).
IMPORTANT: The latest version is 0.5.0.1 (contains minor update after 0.5.0.1)
Meet Ryo Currency 0.5.0.0 update - Fermi Paradox. In this update we will discuss 3 updates and do one announcement in the source code, 2 of them will be the first among any Cryptonote projects:
  • Wallet Scan speedup thanks to ECC and multi-threading library. Increased wallet scan speed when processing blockchain. New Elliptic Curve Cryptography library combined with implemented multi-threading that ustilises user's CPU results in reduced block verification up to 5x times compared with previous modes.
  • Plateau emission curve. Ryo's block reward changes every 6-months following a "Plateau Curve" distribution model. The modification of emission curve was initiated and debated with Ryo community. The following fork will finalise and implement that change.Notice: the difference between previous and this model will take effect at block height 394470.Read more about Ryo plateau emission curve
  • Various code edits, refactoring and minor fixes. There are multiple code fixes and edits that could be considered minor when looked in particular, but when looked in general - result in more than 35.000 lines of code being changed making core code more clean, optimised and bugfixed.Check Ryo Github repository
https://preview.redd.it/qv27xxdarwi41.png?width=2000&format=png&auto=webp&s=34836461eb348619f37f75fbc91e94a58dc065f8
Research and studies of Ryo Dev team showed that current ring signature technology as it is - is obsolete and has too many flaws to be considered as a means for reaching the goal of the second level of of privacy. Therefore we will be replacing ring signatures with second generation ZK-proofs technology in observable future and temporarily downgrade privacy level to 1.
In general, you can consider privacy levels like that:
  • level 0 - everyone can look into your wallet and know your transactions (BTC level)
  • level 1 - nobody can see inside of your wallet, but each note has a serial number (yes, this is real life money level and in CN coins is implemented using stealth addresses)
  • level 2 - notes you have don't have a serial number to a guy that gave you one, and no-one can't know if you spent it later (In CN coins it is implemented using ring signatures - which are the failing ones)
What we are saying is over the past year or two, researches stripped ring signatures of their privacy properties so much, that we think it is no longer fair to say that we (or Monero, which is even worse since it has even smaller ring size compared to Ryo) or any other CN project that uses it - meet the level 2 of privacy.
So, summarising in non-tech words what does it mean - when you are doing a transaction and want to imagine how it looks like in system:
  • bitcoin - "I spent output 10, worth 1 BTC and output 22, worth 0.5 BTC"
  • ring signature (current CN coins) - "I spent output 10, 14, 18 or 20, and output 16, 18, 19, or 22"
  • zk-proof - "I spent something."

Fork is scheduled on block 362000: you can check fork countdown on Ryo Currency website

Please update your wallets before this block, or your previous wallet will stop synchronising after the block 362000:
  • Ryo Wallet Atom: download latest Atom installer when annouced update to version 1.5.0, start it and perform reinstall.
  • Ryo cli binaries: download or compile from source updated binaries from Github version 0.5.0.0 and unzip it, and place your wallet key files in new folder.
  • Pool owners and exchanges are notified about updating their nodes to the latest version before the fork.
Questions you might have regarding the fork:
  • What will happen with mining algorithm - will it change or what does "fork" mean - coin is split on 2? No, "fork" basically means major code update that is being activated on a specified block height. There will be no mining algorithm change or chainsplit.
  • Ryo roadmap indicates that you had in plans reaching 100x ring sizes. In light of future introduction of ZK-proofs does it mean that this is not aplicable? Yes, we eventually will be replacing ring signature technology on ZK-proofs, which is more fundamental change than trying to "beat dead horse" with ring signatures.
  • What about atomic swaps? Ryo roadmap indicates it being planned, is it still possible with introducing ZK-proofs? Yes it is! And we aim to implement this feature after all necessary updates in core code. It is important to have everything implemented and tested before adding that feature.
  • What is a ZK-proof? ZK stands for zero-knowledge. In cryptography, a zero-knowledge proof is a method by which one party (the prover) can prove to another party (the verifier) that they know a value x, without conveying any information apart from the fact that they know the value xYou can read more about zero-knowledge proof (with real life examples) here.
  • Will blockchain grow faster (what about tx size) when moving to ZK-proofs? Overall, transactions and blocks using ZK-proofs will be even smaller in size than pre-fork ring signatures with bulletproofs! Plus it enables transactions to be aggregated together - this is obviously a major scalability gain for Ryo Currency.
  • I heard or as far I understand that ZK-proofs are somewhat less private? Does it mean that you are not privacy-oriented project anymore? No, in short - we decided to do this change to second gen. ZK-proofs, because ring signatures as is are too weak on providing enough for us default level of privacy and overall are considered now as an obsolete technology. So we don't want to say that we have a privacy level of 2, when research shows that it is not.
  • Ok, after 0.5.0.0 fork - will we be using uniform payment ID-s to do transactions on exchanges? Yes. There are no changes regarding usage of payment ID-s and integrated addresses. We will be still using ring signatures, but also are announcing our goal on moving to ZK-proofs.
  • What else is there in plans/ideas you have in development of Ryo? Besides all plans and development ongoing with Ryo (wallets, infrastructure, core code and researches) we also developed and improve Mining platform RagerX. It is a all-in-one mining platform that unites a miner, pplns pool, OS, GUI flasher utillity, pool frontend and has advanced social features as well as 2 level affiliate program. In observable future we will add Cryptonight-GPU mining possibillity.We are implementing RagerX so people can mine CPU coins and Ryo simultaneously. Which means more eyes on Ryo, especially from fresh members.
  • Are the ring signature issues that have been discovered are applicable to other ring signature based coins like Monero? Yes.
https://preview.redd.it/x5jqtb8brwi41.png?width=1000&format=png&auto=webp&s=06a0de33b10014e0fdf1b847939718475cbe6fbe
submitted by RyocurrencyRu to ryocurrency [link] [comments]

FlowCards: A Declarative Framework for Development of Ergo dApps

FlowCards: A Declarative Framework for Development of Ergo dApps
Introduction
ErgoScript is the smart contract language used by the Ergo blockchain. While it has concise syntax adopted from Scala/Kotlin, it still may seem confusing at first because conceptually ErgoScript is quite different compared to conventional languages which we all know and love. This is because Ergo is a UTXO based blockchain, whereas smart contracts are traditionally associated with account based systems like Ethereum. However, Ergo's transaction model has many advantages over the account based model and with the right approach it can even be significantly easier to develop Ergo contracts than to write and debug Solidity code.
Below we will cover the key aspects of the Ergo contract model which makes it different:
Paradigm
The account model of Ethereum is imperative. This means that the typical task of sending coins from Alice to Bob requires changing the balances in storage as a series of operations. Ergo's UTXO based programming model on the other hand is declarative. ErgoScript contracts specify conditions for a transaction to be accepted by the blockchain (not changes to be made in the storage state as result of the contract execution).
Scalability
In the account model of Ethereum both storage changes and validity checks are performed on-chain during code execution. In contrast, Ergo transactions are created off-chain and only validation checks are performed on-chain thus reducing the amount of operations performed by every node on the network. In addition, due to immutability of the transaction graph, various optimization strategies are possible to improve throughput of transactions per second in the network. Light verifying nodes are also possible thus further facilitating scalability and accessibility of the network.
Shared state
The account-based model is reliant on shared mutable state which is known to lead to complex semantics (and subtle million dollar bugs) in the context of concurrent/ distributed computation. Ergo's model is based on an immutable graph of transactions. This approach, inherited from Bitcoin, plays well with the concurrent and distributed nature of blockchains and facilitates light trustless clients.
Expressive Power
Ethereum advocated execution of a turing-complete language on the blockchain. It theoretically promised unlimited potential, however in practice severe limitations came to light from excessive blockchain bloat, subtle multi-million dollar bugs, gas costs which limit contract complexity, and other such problems. Ergo on the flip side extends UTXO to enable turing-completeness while limiting the complexity of the ErgoScript language itself. The same expressive power is achieved in a different and more semantically sound way.
With the all of the above points, it should be clear that there are a lot of benefits to the model Ergo is using. In the rest of this article I will introduce you to the concept of FlowCards - a dApp developer component which allows for designing complex Ergo contracts in a declarative and visual way.

From Imperative to Declarative

In the imperative programming model of Ethereum a transaction is a sequence of operations executed by the Ethereum VM. The following Solidity function implements a transfer of tokens from sender to receiver . The transaction starts when sender calls this function on an instance of a contract and ends when the function returns.
// Sends an amount of existing coins from any caller to an address function send(address receiver, uint amount) public { require(amount <= balances[msg.sender], "Insufficient balance."); balances[msg.sender] -= amount; balances[receiver] += amount; emit Sent(msg.sender, receiver, amount); } 
The function first checks the pre-conditions, then updates the storage (i.e. balances) and finally publishes the post-condition as the Sent event. The gas which is consumed by the transaction is sent to the miner as a reward for executing this transaction.
Unlike Ethereum, a transaction in Ergo is a data structure holding a list of input coins which it spends and a list of output coins which it creates preserving the total balances of ERGs and tokens (in which Ergo is similar to Bitcoin).
Turning back to the example above, since Ergo natively supports tokens, therefore for this specific example of sending tokens we don't need to write any code in ErgoScript. Instead we need to create the ‘send’ transaction shown in the following figure, which describes the same token transfer but declaratively.
https://preview.redd.it/sxs3kesvrsv41.png?width=1348&format=png&auto=webp&s=582382bc26912ff79114d831d937d94b6988e69f
The picture visually describes the following steps, which the network user needs to perform:
  1. Select unspent sender's boxes, containing in total tB >= amount of tokens and B >= txFee + minErg ERGs.
  2. Create an output target box which is protected by the receiver public key with minErg ERGs and amount of T tokens.
  3. Create one fee output protected by the minerFee contract with txFee ERGs.
  4. Create one change output protected by the sender public key, containing B - minErg - txFee ERGs and tB - amount of T tokens.
  5. Create a new transaction, sign it using the sender's secret key and send to the Ergo network.
What is important to understand here is that all of these steps are preformed off-chain (for example using Appkit Transaction API) by the user's application. Ergo network nodes don't need to repeat this transaction creation process, they only need to validate the already formed transaction. ErgoScript contracts are stored in the inputs of the transaction and check spending conditions. The node executes the contracts on-chain when the transaction is validated. The transaction is valid if all of the conditions are satisfied.
Thus, in Ethereum when we “send amount from sender to recipient” we are literally editing balances and updating the storage with a concrete set of commands. This happens on-chain and thus a new transaction is also created on-chain as the result of this process.
In Ergo (as in Bitcoin) transactions are created off-chain and the network nodes only verify them. The effects of the transaction on the blockchain state is that input coins (or Boxes in Ergo's parlance) are removed and output boxes are added to the UTXO set.
In the example above we don't use an ErgoScript contract but instead assume a signature check is used as the spending pre-condition. However in more complex application scenarios we of course need to use ErgoScript which is what we are going to discuss next.

From Changing State to Checking Context

In the send function example we first checked the pre-condition (require(amount <= balances[msg.sender],...) ) and then changed the state (i.e. update balances balances[msg.sender] -= amount ). This is typical in Ethereum transactions. Before we change anything we need to check if it is valid to do so.
In Ergo, as we discussed previously, the state (i.e. UTXO set of boxes) is changed implicitly when a valid transaction is included in a block. Thus we only need to check the pre-conditions before the transaction can be added to the block. This is what ErgoScript contracts do.
It is not possible to “change the state” in ErgoScript because it is a language to check pre-conditions for spending coins. ErgoScript is a purely functional language without side effects that operates on immutable data values. This means all the inputs, outputs and other transaction parameters available in a script are immutable. This, among other things, makes ErgoScript a very simple language that is easy to learn and safe to use. Similar to Bitcoin, each input box contains a script, which should return the true value in order to 1) allow spending of the box (i.e. removing from the UTXO set) and 2) adding the transaction to the block.
If we are being pedantic, it is therefore incorrect (strictly speaking) to think of ErgoScript as the language of Ergo contracts, because it is the language of propositions (logical predicates, formulas, etc.) which protect boxes from “illegal” spending. Unlike Bitcoin, in Ergo the whole transaction and a part of the current blockchain context is available to every script. Therefore each script may check which outputs are created by the transaction, their ERG and token amounts (we will use this capability in our example DEX contracts), current block number etc.
In ErgoScript you define the conditions of whether changes (i.e. coin spending) are allowed to happen in a given context. This is in contrast to programming the changes imperatively in the code of a contract.
While Ergo's transaction model unlocks a whole range of applications like (DEX, DeFi Apps, LETS, etc), designing contracts as pre-conditions for coin spending (or guarding scripts) directly is not intuitive. In the next sections we will consider a useful graphical notation to design contracts declaratively using FlowCard Diagrams, which is a visual representation of executable components (FlowCards).
FlowCards aim to radically simplify dApp development on the Ergo platform by providing a high-level declarative language, execution runtime, storage format and a graphical notation.
We will start with a high level of diagrams and go down to FlowCard specification.

FlowCard Diagrams

The idea behind FlowCard diagrams is based on the following observations: 1) An Ergo box is immutable and can only be spent in the transaction which uses it as an input. 2) We therefore can draw a flow of boxes through transactions, so that boxes flowing in to the transaction are spent and those flowing out are created and added to the UTXO. 3) A transaction from this perspective is simply a transformer of old boxes to the new ones preserving the balances of ERGs and tokens involved.
The following figure shows the main elements of the Ergo transaction we've already seen previously (now under the name of FlowCard Diagram).
https://preview.redd.it/06aqkcd1ssv41.png?width=1304&format=png&auto=webp&s=106eda730e0526919aabd5af9596b97e45b69777
There is a strictly defined meaning (semantics) behind every element of the diagram, so that the diagram is a visual representation (or a view) of the underlying executable component (called FlowCard).
The FlowCard can be used as a reusable component of an Ergo dApp to create and initiate the transaction on the Ergo blockchain. We will discuss this in the coming sections.
Now let's look at the individual pieces of the FlowCard diagram one by one.
1. Name and Parameters
Each flow card is given a name and a list of typed parameters. This is similar to a template with parameters. In the above figure we can see the Send flow card which has five parameters. The parameters are used in the specification.
2. Contract Wallet
This is a key element of the flow card. Every box has a guarding script. Often it is the script that checks a signature against a public key. This script is trivial in ErgoScript and is defined like the def pk(pubkey: Address) = { pubkey } template where pubkey is a parameter of the type Address . In the figure, the script template is applied to the parameter pk(sender) and thus a concrete wallet contract is obtained. Therefore pk(sender) and pk(receiver) yield different scripts and represent different wallets on the diagram, even though they use the same template.
Contract Wallet contains a set of all UTXO boxes which have a given script derived from the given script template using flow card parameters. For example, in the figure, the template is pk and parameter pubkey is substituted with the `sender’ flow card parameter.
3. Contract
Even though a contract is a property of a box, on the diagram we group the boxes by their contracts, therefore it looks like the boxes belong to the contracts, rather than the contracts belong to the boxes. In the example, we have three instantiated contracts pk(sender) , pk(receiver) and minerFee . Note, that pk(sender) is the instantiation of the pk template with the concrete parameter sender and minerFee is the instantiation of the pre-defined contract which protects the miner reward boxes.
4. Box name
In the diagram we can give each box a name. Besides readability of the diagram, we also use the name as a synonym of a more complex indexed access to the box in the contract. For example, change is the name of the box, which can also be used in the ErgoScript conditions instead of OUTPUTS(2) . We also use box names to associate spending conditions with the boxes.
5. Boxes in the wallet
In the diagram, we show boxes (darker rectangles) as belonging to the contract wallets (lighter rectangles). Each such box rectangle is connected with a grey transaction rectangle by either orange or green arrows or both. An output box (with an incoming green arrow) may include many lines of text where each line specifies a condition which should be checked as part of the transaction. The first line specifies the condition on the amount of ERG which should be placed in the box. Other lines may take one of the following forms:
  1. amount: TOKEN - the box should contain the given amount of the given TOKEN
  2. R == value - the box should contain the given value of the given register R
  3. boxName ? condition - the box named boxName should check condition in its script.
We discuss these conditions in the sections below.
6. Amount of ERGs in the box
Each box should store a minimum amount of ERGs. This is checked when the creating transaction is validated. In the diagram the amount of ERGs is always shown as the first line (e.g. B: ERG or B - minErg - txFee ). The value type ascription B: ERG is optional and may be used for readability. When the value is given as a formula, then this formula should be respected by the transaction which creates the box.
It is important to understand that variables like amount and txFee are not named properties of the boxes. They are parameters of the whole diagram and representing some amounts. Or put it another way, they are shared parameters between transactions (e.g. Sell Order and Swap transactions from DEX example below share the tAmt parameter). So the same name is tied to the same value throughout the diagram (this is where the tooling would help a lot). However, when it comes to on-chain validation of those values, only explicit conditions which are marked with ? are transformed to ErgoScript. At the same time, all other conditions are ensured off-chain during transaction building (for example in an application using Appkit API) and transaction validation when it is added to the blockchain.
7. Amount of T token
A box can store values of many tokens. The tokens on the diagram are named and a value variable may be associated with the token T using value: T expression. The value may be given by formula. If the formula is prefixed with a box name like boxName ? formula , then it is should also be checked in the guarding script of the boxName box. This additional specification is very convenient because 1) it allows to validate the visual design automatically, and 2) the conditions specified in the boxes of a diagram are enough to synthesize the necessary guarding scripts. (more about this below at “From Diagrams To ErgoScript Contracts”)
8. Tx Inputs
Inputs are connected to the corresponding transaction by orange arrows. An input arrow may have a label of the following forms:
  1. [email protected] - optional name with an index i.e. [email protected] or u/2 . This is a property of the target endpoint of the arrow. The name is used in conditions of related boxes and the index is the position of the corresponding box in the INPUTS collection of the transaction.
  2. !action - is a property of the source of the arrow and gives a name for an alternative spending path of the box (we will see this in DEX example)
Because of alternative spending paths, a box may have many outgoing orange arrows, in which case they should be labeled with different actions.
9. Transaction
A transaction spends input boxes and creates output boxes. The input boxes are given by the orange arrows and the labels are expected to put inputs at the right indexes in INPUTS collection. The output boxes are given by the green arrows. Each transaction should preserve a strict balance of ERG values (sum of inputs == sum of outputs) and for each token the sum of inputs >= the sum of outputs. The design diagram requires an explicit specification of the ERG and token values for all of the output boxes to avoid implicit errors and ensure better readability.
10. Tx Outputs
Outputs are connected to the corresponding transaction by green arrows. An output arrow may have a label of the following [email protected] , where an optional name is accompanied with an index i.e. [email protected] or u/2 . This is a property of the source endpoint of the arrow. The name is used in conditions of the related boxes and the index is the position of the corresponding box in the OUTPUTS collection of the transaction.

Example: Decentralized Exchange (DEX)

Now let's use the above described notation to design a FlowCard for a DEX dApp. It is simple enough yet also illustrates all of the key features of FlowCard diagrams which we've introduced in the previous section.
The dApp scenario is shown in the figure below: There are three participants (buyer, seller and DEX) of the DEX dApp and five different transaction types, which are created by participants. The buyer wants to swap ergAmt of ERGs for tAmt of TID tokens (or vice versa, the seller wants to sell TID tokens for ERGs, who sends the order first doesn't matter). Both the buyer and the seller can cancel their orders any time. The DEX off-chain matching service can find matching orders and create the Swap transaction to complete the exchange.
The following diagram fully (and formally) specifies all of the five transactions that must be created off-chain by the DEX dApp. It also specifies all of the spending conditions that should be verified on-chain.

https://preview.redd.it/piogz0v9ssv41.png?width=1614&format=png&auto=webp&s=e1b503a635ad3d138ef91e2f0c3b726e78958646
Let's discuss the FlowCard diagram and the logic of each transaction in details:
Buy Order Transaction
A buyer creates a Buy Order transaction. The transaction spends E amount of ERGs (which we will write E: ERG ) from one or more boxes in the pk(buyer) wallet. The transaction creates a bid box with ergAmt: ERG protected by the buyOrder script. The buyOrder script is synthesized from the specification (see below at “From Diagrams To ErgoScript Contracts”) either manually or automatically by a tool. Even though we don't need to define the buyOrder script explicitly during designing, at run time the bid box should contain the buyOrder script as the guarding proposition (which checks the box spending conditions), otherwise the conditions specified in the diagram will not be checked.
The change box is created to make the input and output sums of the transaction balanced. The transaction fee box is omitted because it can be added automatically by the tools. In practice, however, the designer can add the fee box explicitly to the a diagram. It covers the cases of more complex transactions (like Swap) where there are many ways to pay the transaction fee.
Cancel Buy, Cancel Sell Transactions
At any time, the buyer can cancel the order by sending CancelBuy transaction. The transaction should satisfy the guarding buyOrder contract which protects the bid box. As you can see on the diagram, both the Cancel and the Swap transactions can spend the bid box. When a box has spending alternatives (or spending paths) then each alternative is identified by a unique name prefixed with ! (!cancel and !swap for the bid box). Each alternative path has specific spending conditions. In our example, when the Cancel Buy transaction spends the bid box the ?buyer condition should be satisfied, which we read as “the signature for the buyer address should be presented in the transaction”. Therefore, only buyer can cancel the buy order. This “signature” condition is only required for the !cancel alternative spending path and not required for !swap .
Sell Order Transaction
The Sell Order transaction is similar to the BuyOrder in that it deals with tokens in addition to ERGs. The transaction spends E: ERG and T: TID tokens from seller's wallet (specified as pk(seller) contract). The two outputs are ask and change . The change is a standard box to balance transaction. The ask box keeps tAmt: TID tokens for the exchange and minErg: ERG - the minimum amount of ERGs required in every box.
Swap Transaction
This is a key transaction in the DEX dApp scenario. The transaction has several spending conditions on the input boxes and those conditions are included in the buyOrder and sellOrder scripts (which are verified when the transaction is added to the blockchain). However, on the diagram those conditions are not specified in the bid and ask boxes, they are instead defined in the output boxes of the transaction.
This is a convention for improved usability because most of the conditions relate to the properties of the output boxes. We could specify those properties in the bid box, but then we would have to use more complex expressions.
Let's consider the output created by the arrow labeled with [email protected] . This label tells us that the output is at the index 0 in the OUTPUTS collection of the transaction and that in the diagram we can refer to this box by the buyerOut name. Thus we can label both the box itself and the arrow to give the box a name.
The conditions shown in the buyerOut box have the form bid ? condition , which means they should be verified on-chain in order to spend the bid box. The conditions have the following meaning:
  • tAmt: TID requires the box to have tAmt amount of TID token
  • R4 == bid.id requires R4 register in the box to be equal to id of the bid box.
  • script == buyer requires the buyerOut box to have the script of the wallet where it is located on the diagram, i.e. pk(buyer)
Similar properties are added to the sellerOut box, which is specified to be at index 1 and the name is given to it using the label on the box itself, rather than on the arrow.
The Swap transaction spends two boxes bid and ask using the !swap spending path on both, however unlike !cancel the conditions on the path are not specified. This is where the bid ? and ask ? prefixes come into play. They are used so that the conditions listed in the buyerOut and sellerOut boxes are moved to the !swap spending path of the bid and ask boxes correspondingly.
If you look at the conditions of the output boxes, you will see that they exactly specify the swap of values between seller's and buyer's wallets. The buyer gets the necessary amount of TID token and seller gets the corresponding amount of ERGs. The Swap transaction is created when there are two matching boxes with buyOrder and sellOrder contracts.

From Diagrams To ErgoScript Contracts

What is interesting about FlowCard specifications is that we can use them to automatically generate the necessary ErgoTree scripts. With the appropriate tooling support this can be done automatically, but with the lack of thereof, it can be done manually. Thus, the FlowCard allows us to capture and visually represent all of the design choices and semantic details of an Ergo dApp.
What we are going to do next is to mechanically create the buyOrder contract from the information given in the DEX flow card.
Recall that each script is a proposition (boolean valued expression) which should evaluate to true to allow spending of the box. When we have many conditions to be met at the same time we can combine them in a logical formula using the AND binary operation, and if we have alternatives (not necessarily exclusive) we can put them into the OR operation.
The buyOrder box has the alternative spending paths !cancel and !swap . Thus the ErgoScript code should have OR operation with two arguments - one for each spending path.
/** buyOrder contract */ { val cancelCondition = {} val swapCondition = {} cancelCondition || swapCondition } 
The formula for the cancelCondition expression is given in the !cancel spending path of the buyOrder box. We can directly include it in the script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = {} cancelCondition || swapCondition } 
For the !swap spending path of the buyOrder box the conditions are specified in the buyerOut output box of the Swap transaction. If we simply include them in the swapCondition then we get a syntactically incorrect script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = { tAmt: TID && R4 == bid.id && @contract } cancelCondition || swapCondition } 
We can however translate the conditions from the diagram syntax to ErgoScript expressions using the following simple rules
  1. [email protected] ==> val buyerOut = OUTPUTS(0)
  2. tAmt: TID ==> tid._2 == tAmt where tid = buyerOut.tokens(TID)
  3. R4 == bid.id ==> R4 == SELF.id where R4 = buyerOut.R4[Coll[Byte]].get
  4. script == buyer ==> buyerOut.propositionBytes == buyer.propBytes
Note, in the diagram TID represents a token id, but ErgoScript doesn't have access to the tokens by the ids so we cannot write tokens.getByKey(TID) . For this reason, when the diagram is translated into ErgoScript, TID becomes a named constant of the index in tokens collection of the box. The concrete value of the constant is assigned when the BuyOrder transaction with the buyOrder box is created. The correspondence and consistency between the actual tokenId, the TID constant and the actual tokens of the buyerOut box is ensured by the off-chain application code, which is completely possible since all of the transactions are created by the application using FlowCard as a guiding specification. This may sound too complicated, but this is part of the translation from diagram specification to actual executable application code, most of which can be automated.
After the transformation we can obtain a correct script which checks all the required preconditions for spending the buyOrder box.
/** buyOrder contract */ def DEX(buyer: Addrss, seller: Address, TID: Int, ergAmt: Long, tAmt: Long) { val cancelCondition: SigmaProp = { buyer } // verify buyer's sig (ProveDlog) val swapCondition = OUTPUTS.size > 0 && { // securing OUTPUTS access val buyerOut = OUTPUTS(0) // from [email protected] buyerOut.tokens.size > TID && { // securing tokens access val tid = buyerOut.tokens(TID) val regR4 = buyerOut.R4[Coll[Byte]] regR4.isDefined && { // securing R4 access val R4 = regR4.get tid._2 == tAmt && // from tAmt: TID R4 == SELF.id && // from R4 == bid.id buyerOut.propositionBytes == buyer.propBytes // from script == buyer } } } cancelCondition || swapCondition } 
A similar script for the sellOrder box can be obtained using the same translation rules. With the help of the tooling the code of contracts can be mechanically generated from the diagram specification.

Conclusions

Declarative programming models have already won the battle against imperative programming in many application domains like Big Data, Stream Processing, Deep Learning, Databases, etc. Ergo is pioneering the declarative model of dApp development as a better and safer alternative to the now popular imperative model of smart contracts.
The concept of FlowCard shifts the focus from writing ErgoScript contracts to the overall flow of values (hence the name), in such a way, that ErgoScript can always be generated from them. You will never need to look at the ErgoScript code once the tooling is in place.
Here are the possible next steps for future work:
  1. Storage format for FlowCard Spec and the corresponding EIP standardized file format (Json/XML/Protobuf). This will allow various tools (Diagram Editor, Runtime, dApps etc) to create and use *.flowcard files.
  2. FlowCard Viewer, which can generate the diagrams from *.flowcard files.
  3. FlowCard Runtime, which can run *.flowcard files, create and send transactions to Ergo network.
  4. FlowCard Designer Tool, which can simplify development of complex diagrams . This will make designing and validation of Ergo contracts a pleasant experience, more like drawing rather than coding. In addition, the correctness of the whole dApp scenario can be verified and controlled by the tooling.
submitted by eleanorcwhite to btc [link] [comments]

FlowCards: A Declarative Framework for Development of Ergo dApps

FlowCards: A Declarative Framework for Development of Ergo dApps
Introduction
ErgoScript is the smart contract language used by the Ergo blockchain. While it has concise syntax adopted from Scala/Kotlin, it still may seem confusing at first because conceptually ErgoScript is quite different compared to conventional languages which we all know and love. This is because Ergo is a UTXO based blockchain, whereas smart contracts are traditionally associated with account based systems like Ethereum. However, Ergo's transaction model has many advantages over the account based model and with the right approach it can even be significantly easier to develop Ergo contracts than to write and debug Solidity code.
Below we will cover the key aspects of the Ergo contract model which makes it different:
Paradigm
The account model of Ethereum is imperative. This means that the typical task of sending coins from Alice to Bob requires changing the balances in storage as a series of operations. Ergo's UTXO based programming model on the other hand is declarative. ErgoScript contracts specify conditions for a transaction to be accepted by the blockchain (not changes to be made in the storage state as result of the contract execution).
Scalability
In the account model of Ethereum both storage changes and validity checks are performed on-chain during code execution. In contrast, Ergo transactions are created off-chain and only validation checks are performed on-chain thus reducing the amount of operations performed by every node on the network. In addition, due to immutability of the transaction graph, various optimization strategies are possible to improve throughput of transactions per second in the network. Light verifying nodes are also possible thus further facilitating scalability and accessibility of the network.
Shared state
The account-based model is reliant on shared mutable state which is known to lead to complex semantics (and subtle million dollar bugs) in the context of concurrent/ distributed computation. Ergo's model is based on an immutable graph of transactions. This approach, inherited from Bitcoin, plays well with the concurrent and distributed nature of blockchains and facilitates light trustless clients.
Expressive Power
Ethereum advocated execution of a turing-complete language on the blockchain. It theoretically promised unlimited potential, however in practice severe limitations came to light from excessive blockchain bloat, subtle multi-million dollar bugs, gas costs which limit contract complexity, and other such problems. Ergo on the flip side extends UTXO to enable turing-completeness while limiting the complexity of the ErgoScript language itself. The same expressive power is achieved in a different and more semantically sound way.
With the all of the above points, it should be clear that there are a lot of benefits to the model Ergo is using. In the rest of this article I will introduce you to the concept of FlowCards - a dApp developer component which allows for designing complex Ergo contracts in a declarative and visual way.
From Imperative to Declarative
In the imperative programming model of Ethereum a transaction is a sequence of operations executed by the Ethereum VM. The following Solidity function implements a transfer of tokens from sender to receiver . The transaction starts when sender calls this function on an instance of a contract and ends when the function returns.
// Sends an amount of existing coins from any caller to an address function send(address receiver, uint amount) public { require(amount <= balances[msg.sender], "Insufficient balance."); balances[msg.sender] -= amount; balances[receiver] += amount; emit Sent(msg.sender, receiver, amount); } 
The function first checks the pre-conditions, then updates the storage (i.e. balances) and finally publishes the post-condition as the Sent event. The gas which is consumed by the transaction is sent to the miner as a reward for executing this transaction.
Unlike Ethereum, a transaction in Ergo is a data structure holding a list of input coins which it spends and a list of output coins which it creates preserving the total balances of ERGs and tokens (in which Ergo is similar to Bitcoin).
Turning back to the example above, since Ergo natively supports tokens, therefore for this specific example of sending tokens we don't need to write any code in ErgoScript. Instead we need to create the ‘send’ transaction shown in the following figure, which describes the same token transfer but declaratively.
https://preview.redd.it/id5kjdgn9tv41.png?width=1348&format=png&auto=webp&s=31b937d7ad0af4afe94f4d023e8c90c97c8aed2e
The picture visually describes the following steps, which the network user needs to perform:
  1. Select unspent sender's boxes, containing in total tB >= amount of tokens and B >= txFee + minErg ERGs.
  2. Create an output target box which is protected by the receiver public key with minErg ERGs and amount of T tokens.
  3. Create one fee output protected by the minerFee contract with txFee ERGs.
  4. Create one change output protected by the sender public key, containing B - minErg - txFee ERGs and tB - amount of T tokens.
  5. Create a new transaction, sign it using the sender's secret key and send to the Ergo network.
What is important to understand here is that all of these steps are preformed off-chain (for example using Appkit Transaction API) by the user's application. Ergo network nodes don't need to repeat this transaction creation process, they only need to validate the already formed transaction. ErgoScript contracts are stored in the inputs of the transaction and check spending conditions. The node executes the contracts on-chain when the transaction is validated. The transaction is valid if all of the conditions are satisfied.
Thus, in Ethereum when we “send amount from sender to recipient” we are literally editing balances and updating the storage with a concrete set of commands. This happens on-chain and thus a new transaction is also created on-chain as the result of this process.
In Ergo (as in Bitcoin) transactions are created off-chain and the network nodes only verify them. The effects of the transaction on the blockchain state is that input coins (or Boxes in Ergo's parlance) are removed and output boxes are added to the UTXO set.
In the example above we don't use an ErgoScript contract but instead assume a signature check is used as the spending pre-condition. However in more complex application scenarios we of course need to use ErgoScript which is what we are going to discuss next.
From Changing State to Checking Context
In the send function example we first checked the pre-condition (require(amount <= balances[msg.sender],...) ) and then changed the state (i.e. update balances balances[msg.sender] -= amount ). This is typical in Ethereum transactions. Before we change anything we need to check if it is valid to do so.
In Ergo, as we discussed previously, the state (i.e. UTXO set of boxes) is changed implicitly when a valid transaction is included in a block. Thus we only need to check the pre-conditions before the transaction can be added to the block. This is what ErgoScript contracts do.
It is not possible to “change the state” in ErgoScript because it is a language to check pre-conditions for spending coins. ErgoScript is a purely functional language without side effects that operates on immutable data values. This means all the inputs, outputs and other transaction parameters available in a script are immutable. This, among other things, makes ErgoScript a very simple language that is easy to learn and safe to use. Similar to Bitcoin, each input box contains a script, which should return the true value in order to 1) allow spending of the box (i.e. removing from the UTXO set) and 2) adding the transaction to the block.
If we are being pedantic, it is therefore incorrect (strictly speaking) to think of ErgoScript as the language of Ergo contracts, because it is the language of propositions (logical predicates, formulas, etc.) which protect boxes from “illegal” spending. Unlike Bitcoin, in Ergo the whole transaction and a part of the current blockchain context is available to every script. Therefore each script may check which outputs are created by the transaction, their ERG and token amounts (we will use this capability in our example DEX contracts), current block number etc.
In ErgoScript you define the conditions of whether changes (i.e. coin spending) are allowed to happen in a given context. This is in contrast to programming the changes imperatively in the code of a contract.
While Ergo's transaction model unlocks a whole range of applications like (DEX, DeFi Apps, LETS, etc), designing contracts as pre-conditions for coin spending (or guarding scripts) directly is not intuitive. In the next sections we will consider a useful graphical notation to design contracts declaratively using FlowCard Diagrams, which is a visual representation of executable components (FlowCards).
FlowCards aim to radically simplify dApp development on the Ergo platform by providing a high-level declarative language, execution runtime, storage format and a graphical notation.
We will start with a high level of diagrams and go down to FlowCard specification.
FlowCard Diagrams
The idea behind FlowCard diagrams is based on the following observations: 1) An Ergo box is immutable and can only be spent in the transaction which uses it as an input. 2) We therefore can draw a flow of boxes through transactions, so that boxes flowing in to the transaction are spent and those flowing out are created and added to the UTXO. 3) A transaction from this perspective is simply a transformer of old boxes to the new ones preserving the balances of ERGs and tokens involved.
The following figure shows the main elements of the Ergo transaction we've already seen previously (now under the name of FlowCard Diagram).
https://preview.redd.it/9kcxl11o9tv41.png?width=1304&format=png&auto=webp&s=378a7f50769292ca94de35ff597dc1a44af56d14
There is a strictly defined meaning (semantics) behind every element of the diagram, so that the diagram is a visual representation (or a view) of the underlying executable component (called FlowCard).
The FlowCard can be used as a reusable component of an Ergo dApp to create and initiate the transaction on the Ergo blockchain. We will discuss this in the coming sections.
Now let's look at the individual pieces of the FlowCard diagram one by one.
  1. Name and Parameters
Each flow card is given a name and a list of typed parameters. This is similar to a template with parameters. In the above figure we can see the Send flow card which has five parameters. The parameters are used in the specification.
  1. Contract Wallet
This is a key element of the flow card. Every box has a guarding script. Often it is the script that checks a signature against a public key. This script is trivial in ErgoScript and is defined like the def pk(pubkey: Address) = { pubkey } template where pubkey is a parameter of the type Address . In the figure, the script template is applied to the parameter pk(sender) and thus a concrete wallet contract is obtained. Therefore pk(sender) and pk(receiver) yield different scripts and represent different wallets on the diagram, even though they use the same template.
Contract Wallet contains a set of all UTXO boxes which have a given script derived from the given script template using flow card parameters. For example, in the figure, the template is pk and parameter pubkey is substituted with the `sender’ flow card parameter.
  1. Contract
Even though a contract is a property of a box, on the diagram we group the boxes by their contracts, therefore it looks like the boxes belong to the contracts, rather than the contracts belong to the boxes. In the example, we have three instantiated contracts pk(sender) , pk(receiver) and minerFee . Note, that pk(sender) is the instantiation of the pk template with the concrete parameter sender and minerFee is the instantiation of the pre-defined contract which protects the miner reward boxes.
  1. Box name
In the diagram we can give each box a name. Besides readability of the diagram, we also use the name as a synonym of a more complex indexed access to the box in the contract. For example, change is the name of the box, which can also be used in the ErgoScript conditions instead of OUTPUTS(2) . We also use box names to associate spending conditions with the boxes.
  1. Boxes in the wallet
In the diagram, we show boxes (darker rectangles) as belonging to the contract wallets (lighter rectangles). Each such box rectangle is connected with a grey transaction rectangle by either orange or green arrows or both. An output box (with an incoming green arrow) may include many lines of text where each line specifies a condition which should be checked as part of the transaction. The first line specifies the condition on the amount of ERG which should be placed in the box. Other lines may take one of the following forms:
  1. amount: TOKEN - the box should contain the given amount of the given TOKEN
  2. R == value - the box should contain the given value of the given register R
  3. boxName ? condition - the box named boxName should check condition in its script.
We discuss these conditions in the sections below.
  1. Amount of ERGs in the box
Each box should store a minimum amount of ERGs. This is checked when the creating transaction is validated. In the diagram the amount of ERGs is always shown as the first line (e.g. B: ERG or B - minErg - txFee ). The value type ascription B: ERG is optional and may be used for readability. When the value is given as a formula, then this formula should be respected by the transaction which creates the box.
It is important to understand that variables like amount and txFee are not named properties of the boxes. They are parameters of the whole diagram and representing some amounts. Or put it another way, they are shared parameters between transactions (e.g. Sell Order and Swap transactions from DEX example below share the tAmt parameter). So the same name is tied to the same value throughout the diagram (this is where the tooling would help a lot). However, when it comes to on-chain validation of those values, only explicit conditions which are marked with ? are transformed to ErgoScript. At the same time, all other conditions are ensured off-chain during transaction building (for example in an application using Appkit API) and transaction validation when it is added to the blockchain.
  1. Amount of T token
A box can store values of many tokens. The tokens on the diagram are named and a value variable may be associated with the token T using value: T expression. The value may be given by formula. If the formula is prefixed with a box name like boxName ? formula , then it is should also be checked in the guarding script of the boxName box. This additional specification is very convenient because 1) it allows to validate the visual design automatically, and 2) the conditions specified in the boxes of a diagram are enough to synthesize the necessary guarding scripts. (more about this below at “From Diagrams To ErgoScript Contracts”)
  1. Tx Inputs
Inputs are connected to the corresponding transaction by orange arrows. An input arrow may have a label of the following forms:
  1. [email protected] - optional name with an index i.e. [email protected] or u/2 . This is a property of the target endpoint of the arrow. The name is used in conditions of related boxes and the index is the position of the corresponding box in the INPUTS collection of the transaction.
  2. !action - is a property of the source of the arrow and gives a name for an alternative spending path of the box (we will see this in DEX example)
Because of alternative spending paths, a box may have many outgoing orange arrows, in which case they should be labeled with different actions.
  1. Transaction
A transaction spends input boxes and creates output boxes. The input boxes are given by the orange arrows and the labels are expected to put inputs at the right indexes in INPUTS collection. The output boxes are given by the green arrows. Each transaction should preserve a strict balance of ERG values (sum of inputs == sum of outputs) and for each token the sum of inputs >= the sum of outputs. The design diagram requires an explicit specification of the ERG and token values for all of the output boxes to avoid implicit errors and ensure better readability.
  1. Tx Outputs
Outputs are connected to the corresponding transaction by green arrows. An output arrow may have a label of the following [email protected] , where an optional name is accompanied with an index i.e. [email protected] or u/2 . This is a property of the source endpoint of the arrow. The name is used in conditions of the related boxes and the index is the position of the corresponding box in the OUTPUTS collection of the transaction.
Example: Decentralized Exchange (DEX)
Now let's use the above described notation to design a FlowCard for a DEX dApp. It is simple enough yet also illustrates all of the key features of FlowCard diagrams which we've introduced in the previous section.
The dApp scenario is shown in the figure below: There are three participants (buyer, seller and DEX) of the DEX dApp and five different transaction types, which are created by participants. The buyer wants to swap ergAmt of ERGs for tAmt of TID tokens (or vice versa, the seller wants to sell TID tokens for ERGs, who sends the order first doesn't matter). Both the buyer and the seller can cancel their orders any time. The DEX off-chain matching service can find matching orders and create the Swap transaction to complete the exchange.
The following diagram fully (and formally) specifies all of the five transactions that must be created off-chain by the DEX dApp. It also specifies all of the spending conditions that should be verified on-chain.

https://preview.redd.it/fnt5f4qp9tv41.png?width=1614&format=png&auto=webp&s=34f145f9a6d622454906857e645def2faba057bd
Let's discuss the FlowCard diagram and the logic of each transaction in details:
Buy Order Transaction
A buyer creates a Buy Order transaction. The transaction spends E amount of ERGs (which we will write E: ERG ) from one or more boxes in the pk(buyer) wallet. The transaction creates a bid box with ergAmt: ERG protected by the buyOrder script. The buyOrder script is synthesized from the specification (see below at “From Diagrams To ErgoScript Contracts”) either manually or automatically by a tool. Even though we don't need to define the buyOrder script explicitly during designing, at run time the bid box should contain the buyOrder script as the guarding proposition (which checks the box spending conditions), otherwise the conditions specified in the diagram will not be checked.
The change box is created to make the input and output sums of the transaction balanced. The transaction fee box is omitted because it can be added automatically by the tools. In practice, however, the designer can add the fee box explicitly to the a diagram. It covers the cases of more complex transactions (like Swap) where there are many ways to pay the transaction fee.
Cancel Buy, Cancel Sell Transactions
At any time, the buyer can cancel the order by sending CancelBuy transaction. The transaction should satisfy the guarding buyOrder contract which protects the bid box. As you can see on the diagram, both the Cancel and the Swap transactions can spend the bid box. When a box has spending alternatives (or spending paths) then each alternative is identified by a unique name prefixed with ! (!cancel and !swap for the bid box). Each alternative path has specific spending conditions. In our example, when the Cancel Buy transaction spends the bid box the ?buyer condition should be satisfied, which we read as “the signature for the buyer address should be presented in the transaction”. Therefore, only buyer can cancel the buy order. This “signature” condition is only required for the !cancel alternative spending path and not required for !swap .
Sell Order Transaction
The Sell Order transaction is similar to the BuyOrder in that it deals with tokens in addition to ERGs. The transaction spends E: ERG and T: TID tokens from seller's wallet (specified as pk(seller) contract). The two outputs are ask and change . The change is a standard box to balance transaction. The ask box keeps tAmt: TID tokens for the exchange and minErg: ERG - the minimum amount of ERGs required in every box.
Swap Transaction
This is a key transaction in the DEX dApp scenario. The transaction has several spending conditions on the input boxes and those conditions are included in the buyOrder and sellOrder scripts (which are verified when the transaction is added to the blockchain). However, on the diagram those conditions are not specified in the bid and ask boxes, they are instead defined in the output boxes of the transaction.
This is a convention for improved usability because most of the conditions relate to the properties of the output boxes. We could specify those properties in the bid box, but then we would have to use more complex expressions.
Let's consider the output created by the arrow labeled with [email protected] . This label tells us that the output is at the index 0 in the OUTPUTS collection of the transaction and that in the diagram we can refer to this box by the buyerOut name. Thus we can label both the box itself and the arrow to give the box a name.
The conditions shown in the buyerOut box have the form bid ? condition , which means they should be verified on-chain in order to spend the bid box. The conditions have the following meaning:
  • tAmt: TID requires the box to have tAmt amount of TID token
  • R4 == bid.id requires R4 register in the box to be equal to id of the bid box.
  • script == buyer requires the buyerOut box to have the script of the wallet where it is located on the diagram, i.e. pk(buyer)
Similar properties are added to the sellerOut box, which is specified to be at index 1 and the name is given to it using the label on the box itself, rather than on the arrow.
The Swap transaction spends two boxes bid and ask using the !swap spending path on both, however unlike !cancel the conditions on the path are not specified. This is where the bid ? and ask ? prefixes come into play. They are used so that the conditions listed in the buyerOut and sellerOut boxes are moved to the !swap spending path of the bid and ask boxes correspondingly.
If you look at the conditions of the output boxes, you will see that they exactly specify the swap of values between seller's and buyer's wallets. The buyer gets the necessary amount of TID token and seller gets the corresponding amount of ERGs. The Swap transaction is created when there are two matching boxes with buyOrder and sellOrder contracts.
From Diagrams To ErgoScript Contracts
What is interesting about FlowCard specifications is that we can use them to automatically generate the necessary ErgoTree scripts. With the appropriate tooling support this can be done automatically, but with the lack of thereof, it can be done manually. Thus, the FlowCard allows us to capture and visually represent all of the design choices and semantic details of an Ergo dApp.
What we are going to do next is to mechanically create the buyOrder contract from the information given in the DEX flow card.
Recall that each script is a proposition (boolean valued expression) which should evaluate to true to allow spending of the box. When we have many conditions to be met at the same time we can combine them in a logical formula using the AND binary operation, and if we have alternatives (not necessarily exclusive) we can put them into the OR operation.
The buyOrder box has the alternative spending paths !cancel and !swap . Thus the ErgoScript code should have OR operation with two arguments - one for each spending path.
/** buyOrder contract */ { val cancelCondition = {} val swapCondition = {} cancelCondition || swapCondition } 
The formula for the cancelCondition expression is given in the !cancel spending path of the buyOrder box. We can directly include it in the script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = {} cancelCondition || swapCondition } 
For the !swap spending path of the buyOrder box the conditions are specified in the buyerOut output box of the Swap transaction. If we simply include them in the swapCondition then we get a syntactically incorrect script.
/** buyOrder contract */ { val cancelCondition = { buyer } val swapCondition = { tAmt: TID && R4 == bid.id && @contract } cancelCondition || swapCondition } 
We can however translate the conditions from the diagram syntax to ErgoScript expressions using the following simple rules
  1. [email protected] ==> val buyerOut = OUTPUTS(0)
  2. tAmt: TID ==> tid._2 == tAmt where tid = buyerOut.tokens(TID)
  3. R4 == bid.id ==> R4 == SELF.id where R4 = buyerOut.R4[Coll[Byte]].get
  4. script == buyer ==> buyerOut.propositionBytes == buyer.propBytes
Note, in the diagram TID represents a token id, but ErgoScript doesn't have access to the tokens by the ids so we cannot write tokens.getByKey(TID) . For this reason, when the diagram is translated into ErgoScript, TID becomes a named constant of the index in tokens collection of the box. The concrete value of the constant is assigned when the BuyOrder transaction with the buyOrder box is created. The correspondence and consistency between the actual tokenId, the TID constant and the actual tokens of the buyerOut box is ensured by the off-chain application code, which is completely possible since all of the transactions are created by the application using FlowCard as a guiding specification. This may sound too complicated, but this is part of the translation from diagram specification to actual executable application code, most of which can be automated.
After the transformation we can obtain a correct script which checks all the required preconditions for spending the buyOrder box.
/** buyOrder contract */ def DEX(buyer: Addrss, seller: Address, TID: Int, ergAmt: Long, tAmt: Long) { val cancelCondition: SigmaProp = { buyer } // verify buyer's sig (ProveDlog) val swapCondition = OUTPUTS.size > 0 && { // securing OUTPUTS access val buyerOut = OUTPUTS(0) // from [email protected] buyerOut.tokens.size > TID && { // securing tokens access val tid = buyerOut.tokens(TID) val regR4 = buyerOut.R4[Coll[Byte]] regR4.isDefined && { // securing R4 access val R4 = regR4.get tid._2 == tAmt && // from tAmt: TID R4 == SELF.id && // from R4 == bid.id buyerOut.propositionBytes == buyer.propBytes // from script == buyer } } } cancelCondition || swapCondition } 
A similar script for the sellOrder box can be obtained using the same translation rules. With the help of the tooling the code of contracts can be mechanically generated from the diagram specification.
Conclusions
Declarative programming models have already won the battle against imperative programming in many application domains like Big Data, Stream Processing, Deep Learning, Databases, etc. Ergo is pioneering the declarative model of dApp development as a better and safer alternative to the now popular imperative model of smart contracts.
The concept of FlowCard shifts the focus from writing ErgoScript contracts to the overall flow of values (hence the name), in such a way, that ErgoScript can always be generated from them. You will never need to look at the ErgoScript code once the tooling is in place.
Here are the possible next steps for future work:
  1. Storage format for FlowCard Spec and the corresponding EIP standardized file format (Json/XML/Protobuf). This will allow various tools (Diagram Editor, Runtime, dApps etc) to create and use *.flowcard files.
  2. FlowCard Viewer, which can generate the diagrams from *.flowcard files.
  3. FlowCard Runtime, which can run *.flowcard files, create and send transactions to Ergo network.
  4. FlowCard Designer Tool, which can simplify development of complex diagrams . This will make designing and validation of Ergo contracts a pleasant experience, more like drawing rather than coding. In addition, the correctness of the whole dApp scenario can be verified and controlled by the tooling.
submitted by Guilty_Pea to CryptoCurrencies [link] [comments]

Technical: A Brief History of Payment Channels: from Satoshi to Lightning Network

Who cares about political tweets from some random country's president when payment channels are a much more interesting and are actually capable of carrying value?
So let's have a short history of various payment channel techs!

Generation 0: Satoshi's Broken nSequence Channels

Because Satoshi's Vision included payment channels, except his implementation sucked so hard we had to go fix it and added RBF as a by-product.
Originally, the plan for nSequence was that mempools would replace any transaction spending certain inputs with another transaction spending the same inputs, but only if the nSequence field of the replacement was larger.
Since 0xFFFFFFFF was the highest value that nSequence could get, this would mark a transaction as "final" and not replaceable on the mempool anymore.
In fact, this "nSequence channel" I will describe is the reason why we have this weird rule about nLockTime and nSequence. nLockTime actually only works if nSequence is not 0xFFFFFFFF i.e. final. If nSequence is 0xFFFFFFFF then nLockTime is ignored, because this if the "final" version of the transaction.
So what you'd do would be something like this:
  1. You go to a bar and promise the bartender to pay by the time the bar closes. Because this is the Bitcoin universe, time is measured in blockheight, so the closing time of the bar is indicated as some future blockheight.
  2. For your first drink, you'd make a transaction paying to the bartender for that drink, paying from some coins you have. The transaction has an nLockTime equal to the closing time of the bar, and a starting nSequence of 0. You hand over the transaction and the bartender hands you your drink.
  3. For your succeeding drink, you'd remake the same transaction, adding the payment for that drink to the transaction output that goes to the bartender (so that output keeps getting larger, by the amount of payment), and having an nSequence that is one higher than the previous one.
  4. Eventually you have to stop drinking. It comes down to one of two possibilities:
    • You drink until the bar closes. Since it is now the nLockTime indicated in the transaction, the bartender is able to broadcast the latest transaction and tells the bouncers to kick you out of the bar.
    • You wisely consider the state of your liver. So you re-sign the last transaction with a "final" nSequence of 0xFFFFFFFF i.e. the maximum possible value it can have. This allows the bartender to get his or her funds immediately (nLockTime is ignored if nSequence is 0xFFFFFFFF), so he or she tells the bouncers to let you out of the bar.
Now that of course is a payment channel. Individual payments (purchases of alcohol, so I guess buying coffee is not in scope for payment channels). Closing is done by creating a "final" transaction that is the sum of the individual payments. Sure there's no routing and channels are unidirectional and channels have a maximum lifetime but give Satoshi a break, he was also busy inventing Bitcoin at the time.
Now if you noticed I called this kind of payment channel "broken". This is because the mempool rules are not consensus rules, and cannot be validated (nothing about the mempool can be validated onchain: I sigh every time somebody proposes "let's make block size dependent on mempool size", mempool state cannot be validated by onchain data). Fullnodes can't see all of the transactions you signed, and then validate that the final one with the maximum nSequence is the one that actually is used onchain. So you can do the below:
  1. Become friends with Jihan Wu, because he owns >51% of the mining hashrate (he totally reorged Bitcoin to reverse the Binance hack right?).
  2. Slip Jihan Wu some of the more interesting drinks you're ordering as an incentive to cooperate with you. So say you end up ordering 100 drinks, you split it with Jihan Wu and give him 50 of the drinks.
  3. When the bar closes, Jihan Wu quickly calls his mining rig and tells them to mine the version of your transaction with nSequence 0. You know, that first one where you pay for only one drink.
  4. Because fullnodes cannot validate nSequence, they'll accept even the nSequence=0 version and confirm it, immutably adding you paying for a single alcoholic drink to the blockchain.
  5. The bartender, pissed at being cheated, takes out a shotgun from under the bar and shoots at you and Jihan Wu.
  6. Jihan Wu uses his mystical chi powers (actually the combined exhaust from all of his mining rigs) to slow down the shotgun pellets, making them hit you as softly as petals drifting in the wind.
  7. The bartender mutters some words, clothes ripping apart as he or she (hard to believe it could be a she but hey) turns into a bear, ready to maul you for cheating him or her of the payment for all the 100 drinks you ordered from him or her.
  8. Steely-eyed, you stand in front of the bartender-turned-bear, daring him to touch you. You've watched Revenant, you know Leonardo di Caprio could survive a bear mauling, and if some posh actor can survive that, you know you can too. You make a pose. "Drunken troll logic attack!"
  9. I think I got sidetracked here.
Lessons learned?

Spilman Channels

Incentive-compatible time-limited unidirectional channel; or, Satoshi's Vision, Fixed (if transaction malleability hadn't been a problem, that is).
Now, we know the bartender will turn into a bear and maul you if you try to cheat the payment channel, and now that we've revealed you're good friends with Jihan Wu, the bartender will no longer accept a payment channel scheme that lets one you cooperate with a miner to cheat the bartender.
Fortunately, Jeremy Spilman proposed a better way that would not let you cheat the bartender.
First, you and the bartender perform this ritual:
  1. You get some funds and create a transaction that pays to a 2-of-2 multisig between you and the bartender. You don't broadcast this yet: you just sign it and get its txid.
  2. You create another transaction that spends the above transaction. This transaction (the "backoff") has an nLockTime equal to the closing time of the bar, plus one block. You sign it and give this backoff transaction (but not the above transaction) to the bartender.
  3. The bartender signs the backoff and gives it back to you. It is now valid since it's spending a 2-of-2 of you and the bartender, and both of you have signed the backoff transaction.
  4. Now you broadcast the first transaction onchain. You and the bartender wait for it to be deeply confirmed, then you can start ordering.
The above is probably vaguely familiar to LN users. It's the funding process of payment channels! The first transaction, the one that pays to a 2-of-2 multisig, is the funding transaction that backs the payment channel funds.
So now you start ordering in this way:
  1. For your first drink, you create a transaction spending the funding transaction output and sending the price of the drink to the bartender, with the rest returning to you.
  2. You sign the transaction and pass it to the bartender, who serves your first drink.
  3. For your succeeding drinks, you recreate the same transaction, adding the price of the new drink to the sum that goes to the bartender and reducing the money returned to you. You sign the transaction and give it to the bartender, who serves you your next drink.
  4. At the end:
    • If the bar closing time is reached, the bartender signs the latest transaction, completing the needed 2-of-2 signatures and broadcasting this to the Bitcoin network. Since the backoff transaction is the closing time + 1, it can't get used at closing time.
    • If you decide you want to leave early because your liver is crying, you just tell the bartender to go ahead and close the channel (which the bartender can do at any time by just signing and broadcasting the latest transaction: the bartender won't do that because he or she is hoping you'll stay and drink more).
    • If you ended up just hanging around the bar and never ordering, then at closing time + 1 you broadcast the backoff transaction and get your funds back in full.
Now, even if you pass 50 drinks to Jihan Wu, you can't give him the first transaction (the one which pays for only one drink) and ask him to mine it: it's spending a 2-of-2 and the copy you have only contains your own signature. You need the bartender's signature to make it valid, but he or she sure as hell isn't going to cooperate in something that would lose him or her money, so a signature from the bartender validating old state where he or she gets paid less isn't going to happen.
So, problem solved, right? Right? Okay, let's try it. So you get your funds, put them in a funding tx, get the backoff tx, confirm the funding tx...
Once the funding transaction confirms deeply, the bartender laughs uproariously. He or she summons the bouncers, who surround you menacingly.
"I'm refusing service to you," the bartender says.
"Fine," you say. "I was leaving anyway;" You smirk. "I'll get back my money with the backoff transaction, and posting about your poor service on reddit so you get negative karma, so there!"
"Not so fast," the bartender says. His or her voice chills your bones. It looks like your exploitation of the Satoshi nSequence payment channel is still fresh in his or her mind. "Look at the txid of the funding transaction that got confirmed."
"What about it?" you ask nonchalantly, as you flip open your desktop computer and open a reputable blockchain explorer.
What you see shocks you.
"What the --- the txid is different! You--- you changed my signature?? But how? I put the only copy of my private key in a sealed envelope in a cast-iron box inside a safe buried in the Gobi desert protected by a clan of nomads who have dedicated their lives and their childrens' lives to keeping my private key safe in perpetuity!"
"Didn't you know?" the bartender asks. "The components of the signature are just very large numbers. The sign of one of the signature components can be changed, from positive to negative, or negative to positive, and the signature will remain valid. Anyone can do that, even if they don't know the private key. But because Bitcoin includes the signatures in the transaction when it's generating the txid, this little change also changes the txid." He or she chuckles. "They say they'll fix it by separating the signatures from the transaction body. They're saying that these kinds of signature malleability won't affect transaction ids anymore after they do this, but I bet I can get my good friend Jihan Wu to delay this 'SepSig' plan for a good while yet. Friendly guy, this Jihan Wu, it turns out all I had to do was slip him 51 drinks and he was willing to mine a tx with the signature signs flipped." His or her grin widens. "I'm afraid your backoff transaction won't work anymore, since it spends a txid that is not existent and will never be confirmed. So here's the deal. You pay me 99% of the funds in the funding transaction, in exchange for me signing the transaction that spends with the txid that you see onchain. Refuse, and you lose 100% of the funds and every other HODLer, including me, benefits from the reduction in coin supply. Accept, and you get to keep 1%. I lose nothing if you refuse, so I won't care if you do, but consider the difference of getting zilch vs. getting 1% of your funds." His or her eyes glow. "GENUFLECT RIGHT NOW."
Lesson learned?

CLTV-protected Spilman Channels

Using CLTV for the backoff branch.
This variation is simply Spilman channels, but with the backoff transaction replaced with a backoff branch in the SCRIPT you pay to. It only became possible after OP_CHECKLOCKTIMEVERIFY (CLTV) was enabled in 2015.
Now as we saw in the Spilman Channels discussion, transaction malleability means that any pre-signed offchain transaction can easily be invalidated by flipping the sign of the signature of the funding transaction while the funding transaction is not yet confirmed.
This can be avoided by simply putting any special requirements into an explicit branch of the Bitcoin SCRIPT. Now, the backoff branch is supposed to create a maximum lifetime for the payment channel, and prior to the introduction of OP_CHECKLOCKTIMEVERIFY this could only be done by having a pre-signed nLockTime transaction.
With CLTV, however, we can now make the branches explicit in the SCRIPT that the funding transaction pays to.
Instead of paying to a 2-of-2 in order to set up the funding transaction, you pay to a SCRIPT which is basically "2-of-2, OR this singlesig after a specified lock time".
With this, there is no backoff transaction that is pre-signed and which refers to a specific txid. Instead, you can create the backoff transaction later, using whatever txid the funding transaction ends up being confirmed under. Since the funding transaction is immutable once confirmed, it is no longer possible to change the txid afterwards.

Todd Micropayment Networks

The old hub-spoke model (that isn't how LN today actually works).
One of the more direct predecessors of the Lightning Network was the hub-spoke model discussed by Peter Todd. In this model, instead of payers directly having channels to payees, payers and payees connect to a central hub server. This allows any payer to pay any payee, using the same channel for every payee on the hub. Similarly, this allows any payee to receive from any payer, using the same channel.
Remember from the above Spilman example? When you open a channel to the bartender, you have to wait around for the funding tx to confirm. This will take an hour at best. Now consider that you have to make channels for everyone you want to pay to. That's not very scalable.
So the Todd hub-spoke model has a central "clearing house" that transport money from payers to payees. The "Moonbeam" project takes this model. Of course, this reveals to the hub who the payer and payee are, and thus the hub can potentially censor transactions. Generally, though, it was considered that a hub would more efficiently censor by just not maintaining a channel with the payer or payee that it wants to censor (since the money it owned in the channel would just be locked uselessly if the hub won't process payments to/from the censored user).
In any case, the ability of the central hub to monitor payments means that it can surveill the payer and payee, and then sell this private transactional data to third parties. This loss of privacy would be intolerable today.
Peter Todd also proposed that there might be multiple hubs that could transport funds to each other on behalf of their users, providing somewhat better privacy.
Another point of note is that at the time such networks were proposed, only unidirectional (Spilman) channels were available. Thus, while one could be a payer, or payee, you would have to use separate channels for your income versus for your spending. Worse, if you wanted to transfer money from your income channel to your spending channel, you had to close both and reshuffle the money between them, both onchain activities.

Poon-Dryja Lightning Network

Bidirectional two-participant channels.
The Poon-Dryja channel mechanism has two important properties:
Both the original Satoshi and the two Spilman variants are unidirectional: there is a payer and a payee, and if the payee wants to do a refund, or wants to pay for a different service or product the payer is providing, then they can't use the same unidirectional channel.
The Poon-Dryjam mechanism allows channels, however, to be bidirectional instead: you are not a payer or a payee on the channel, you can receive or send at any time as long as both you and the channel counterparty are online.
Further, unlike either of the Spilman variants, there is no time limit for the lifetime of a channel. Instead, you can keep the channel open for as long as you want.
Both properties, together, form a very powerful scaling property that I believe most people have not appreciated. With unidirectional channels, as mentioned before, if you both earn and spend over the same network of payment channels, you would have separate channels for earning and spending. You would then need to perform onchain operations to "reverse" the directions of your channels periodically. Secondly, since Spilman channels have a fixed lifetime, even if you never used either channel, you would have to periodically "refresh" it by closing it and reopening.
With bidirectional, indefinite-lifetime channels, you may instead open some channels when you first begin managing your own money, then close them only after your lawyers have executed your last will and testament on how the money in your channels get divided up to your heirs: that's just two onchain transactions in your entire lifetime. That is the potentially very powerful scaling property that bidirectional, indefinite-lifetime channels allow.
I won't discuss the transaction structure needed for Poon-Dryja bidirectional channels --- it's complicated and you can easily get explanations with cute graphics elsewhere.
There is a weakness of Poon-Dryja that people tend to gloss over (because it was fixed very well by RustyReddit):
Another thing I want to emphasize is that while the Lightning Network paper and many of the earlier presentations developed from the old Peter Todd hub-and-spoke model, the modern Lightning Network takes the logical conclusion of removing a strict separation between "hubs" and "spokes". Any node on the Lightning Network can very well work as a hub for any other node. Thus, while you might operate as "mostly a payer", "mostly a forwarding node", "mostly a payee", you still end up being at least partially a forwarding node ("hub") on the network, at least part of the time. This greatly reduces the problems of privacy inherent in having only a few hub nodes: forwarding nodes cannot get significantly useful data from the payments passing through them, because the distance between the payer and the payee can be so large that it would be likely that the ultimate payer and the ultimate payee could be anyone on the Lightning Network.
Lessons learned?

Future

After LN, there's also the Decker-Wattenhofer Duplex Micropayment Channels (DMC). This post is long enough as-is, LOL. But for now, it uses a novel "decrementing nSequence channel", using the new relative-timelock semantics of nSequence (not the broken one originally by Satoshi). It actually uses multiple such "decrementing nSequence" constructs, terminating in a pair of Spilman channels, one in both directions (thus "duplex"). Maybe I'll discuss it some other time.
The realization that channel constructions could actually hold more channel constructions inside them (the way the Decker-Wattenhofer puts a pair of Spilman channels inside a series of "decrementing nSequence channels") lead to the further thought behind Burchert-Decker-Wattenhofer channel factories. Basically, you could host multiple two-participant channel constructs inside a larger multiparticipant "channel" construct (i.e. host multiple channels inside a factory).
Further, we have the Decker-Russell-Osuntokun or "eltoo" construction. I'd argue that this is "nSequence done right". I'll write more about this later, because this post is long enough.
Lessons learned?
submitted by almkglor to Bitcoin [link] [comments]

Swedish official crypto broker VS local.bitcoin.com

So this morning I was showing my friend how to buy crypto, preferably BCH of course but also ETH. Since my favourite Norwegian broker is down (because legal reasons) I had to use old reliable https://bt.cx/ (they at least offer BTC and ETH, https://safello.com/ only offers BTC cripple coin). Registration took like 30 seconds, what a breeze, let's buy 50$ worth of ETH! Buuuuuut, when we clicked the BUY-button, "BAM!", we were required to attach photos of ID, photos of a recent bill, and a whole lot of other personal information. Super creepy, I'm surprised they dont need an anal probe to finish it off.
Soo, we decided to try out https://local.bitcoin.com/ . I've read a lot about it here but was a little weary that the whole process would turn my friend off. Turns out, registration took 1 minute, we found a seller (picked the first choice, guy had 40 trades), had a nice greeting ("good morning" etc) followed by the smoothest experience I've ever had buying crypto! (Paid with Swedish banking app Swish, no long code required like when buying officially). We were both suprised at the simplicity.
I can only say I'm very impressed with local.bitcoin.com and I'm probably never looking back to bt.cx or Safello.com. I'm also disappointed on them for not offering BCH. Bt.cx keeps spamming me with emails about next bull run and "gainz", they've totally stopped talking about BTC as something useful or being money. Very sad.
TWO problems with the Bitcoin.com wallet though: When adding an address to the address book, choosing the qr-code scan-function will start a sending process and then throw you out of the address registration. So the scan option is basically useless. This was very annoying for both of us.
Also, no sound notification when receiving money, both of us had the same problem (Samsung phones, and yes we've turned on sound notifications in settings). We tried sending money back and forth and we were both like "did you send yet?!", "oh yeah, it's in my tx history!".
If this is the wallet to introduce newbies, these simple problems need to be fixed.
EDIT: This is no critique of established exchanges as they have no choice but to follow the ever increasing regulations. LBC is a great way to get around this.
submitted by SwedishSalsa to btc [link] [comments]

Results of the Bitcoin Chain Analysis

Hello everyone,

It has been a little over 24 hours since we last spoke with one another. Thank you very much for being so helpful in providing wallet information. It helped in the verification of fund locations significantly.
A preliminary, 4,000-word report has been compiled and published here:
https://medium.com/@zeroresearchproof/quadrigacx-chain-analysis-report-pt-1-bitcoin-wallets-19d3a375d389

I say 'preliminary' because there is even more information (via demonstrations, examples, and spreasheets) that I would like to include within the piece. However, in the interest of QuadrigaCX investors gaining more information about this situation since it is so time sensitive, I decided to publish my analysis as well as a comprehensive sample of wallet addresses and TX IDs so that other users in the community can verify all information independently as well.

If you don't feel like reading the article, here are the main conclusions that were garnered:
  1. It appears that there are no identifiable cold wallet reserves for QuadrigaCX.
  2. It appears that QuadrigaCX was using deposits from their customers to pay other customers once they requested their withdrawals. This did not happen in every withdrawal case by any means, but it happened very frequently toward the end of 2018 (from November onward).
  3. It does not appear that QuadrigaCX has lost access to their Bitcoin holdings.
  4. It appears the number of bitcoins in QuadrigaCX's possession are substantially less than what was reported in Jennifer Robertson's (Gerry's wife) affidavit.
  5. At least some of the delays in delivering crypto withdrawals to customers were due to the fact that QuadrigaCX simply did not have the funds on hand at the time. In some cases, QuadrigaCX was forced to wait for enough customer deposits to be made on the exchange before processing crypto withdrawal requests by their customers.
  6. After completing the analysis, it is my opinion that QuadrigaCX has not been truthful with regards to their inability to access the funds needed to honor customer withdrawal requests (specifically for Bitcoin; $ETH analysis coming very soon). In fact, it is almost impossible to believe that this is the case in lieu of the empirical evidence provided by the blockchain and corroborated by volunteered information from former customers at QuadrigaCX (i.e., most interested parties in this subreddit).

Verifying the Authorship of the Research
I posted this on Medium because it is clean and concise. However, I had to create a new Medium to do so. Thus, this is the only piece on there (at the time of writing).
I will post this link from my Telegram (t.me/MerkleTrader) and Twitter (twitter.com/@proofofresearch) as well.
If there is an alternative link circulating or an individual that is not posting from this account, or the social media platforms provided above, they are an imposter and should be ignored. I'm not invalidating any other research sources, I'm just saying if there's another individual purporting to be the author of this specific study.

Closing Remarks
I'm open to any and all responses as well as questions. I need a nap before I can get to any responses though, this consumed the majority of the weekend for me with little sleep in between. Combing through these addresses was tedious, to say the least.
Also, if anyone feels so inclined, I'd be more than happy to accept a donation or 'thanks' at this Bitcoin address: 1BxwKqfKFQhq2pyvbbcxfagN2bTK3cBqBs
This is not compulsory by any means, of course, and I will continue to investigate this and do as much due diligence as possible even if I don't receive so much as 1 satoshi. So don't feel pressured or like you're being hustled for this work. Its my pleasure. I do have to pay bills and provide for my family though, so obtaining some sort of monetary return for the time and effort invested makes the research a more sustainable use of time.

Again, thank you everyone and I look forward to reading your comments and feedback on this. If I haven't hit the nail on the head, I hope I've at least moved the needle forward on what's going on and provided enough information and leads for the us collectively as a community to quickly extract the truth.

Thank you.

submitted by Randomshortdude to BitcoinCA [link] [comments]

Buy & Exchange Bitcoins BTC Instant  Skrill to Bitcoins Instantly 2019 Without Verifications Bitcoin Rookie - YouTube What I learned about Bitcoin Lightning 1031 Exchanges: Navigating the 1031 Exchange ID Period How to open an Uphold Exchange account, Locate Transaction Hash TXID

Bitcoin Stack Exchange is a question and answer site for Bitcoin crypto-currency enthusiasts. It only takes a minute to sign up. Sign up to join this community . Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Bitcoin . Home ; Questions ; Tags ; Users ; Jobs; Unanswered ; How do I calculate the txid of this raw transaction? Ask Question Asked 5 ... Buy, sell, exchange. Tidex has pioneered the concept of seamless trading of different cryptocurrency assets. Start trading. Earn 12% annually by holding USDT. Get your profit on TIDEX Staking page! Stake now. Zero fees for market makers. From June 5 to January 31, trade on Tidex with zero fees. Learn more. Top up your Tidex account with fiat You can deposit fiat US dollars! Also there is the ... If you are new to Bitcoin then you may wonder how to locate a transaction ID of your Bitcoin transaction. Finding the transaction hash ID is very simple and here we’ll show you how to locate this on various services such as: Core wallet, Electrum Wallet, Blockchain wallet, Coinbase, Exchange and Block Explorer. Core and Electrum wallet: TXID can be displayed right away in a cryptocurrency wallet when a particular transaction is carried out by a user. In addition, you can find TXID using the services mentioned above. To do this, you will need a sender's cryptocurrency wallet address. For example, on blockchain.com it should be entered in the search box. The service will then show all transactions sent from this particular ... Places to buy bitcoin in exchange for other currencies. Note: Exchanges provide highly varying degrees of safety, security, privacy, and control over your funds and information. Perform your own due diligence and choose a wallet where you will keep your bitcoin before selecting an exchange.

[index] [3795] [31599] [28509] [47966] [22264] [46782] [2700] [1259] [27448] [2872]

Buy & Exchange Bitcoins BTC Instant Skrill to Bitcoins Instantly 2019 Without Verifications

Exchange Skrill to bitcoins instantly Delivery to any bitcoin wallet without any verifications or passports. That’s it! In a few seconds, your Bitcoins & Ethereum will be sent to you. LoopX 100% Return in 1st month for NEW INVESTORS!! Paying out in BTC!!! - Duration: 4 minutes, 31 seconds. Locate the TXID or transaction hash on an Uphold exchange account. Watch us open a live Uphold account, plus we discuss wallets, exchanges, bitcoin halving coming up in 81 days, we identify the ... Watch our latest video, where David Moore from Equity Advantage and Bob Nelson with Pacwest Real Estate discuss the best way to navigate your 1031 exchange ID period! For example, if you want to exchange Bitcoin to Ethereum, type in the amount of BTC you would like to exchange in the “You send” section and choose “BTC” from the drop-down menu.

#