35 sats \ 7 replies \ @om 24 Apr \ on: "Federated" is nomenclature used by scammers to mislead the non-technical bitcoin
This is bullshit.
Simplified Example (users pwned by a bad wallet): nothing to do with federations, a bad L1 wallet could do the exact same thing. We have to assume that the wallets are open source and work as intended whether it's chain, LN or federations.
More Complex Example (peg-in by a trusted party): regular peg-ins should be signed by multiple federation members, in this example the bad wallet does something else instead and it is the problem of the bad wallet.
Yet More Complex Example (pwn by a trusted gateway): in Fedimint gateways are untrusted and this situation can't occur, if a bad wallet uses a trusted gateway instead that is the problem of the bad wallet. In Liquid there are no gateways distinct from the federation itself.
"Counter": the entirety of that section is based on the assumption that the previous examples hit the target, which they don't.
bullshit
Triggered!
Bad wallet
Sure, bad wallet can happen with anything... but auditing the wallet client code isn't also an audit of the external API server it uses. There's little point in auditing a wallet using a trusted API from the jump.
Peg-In Gateway
The wallet can be innocent in this scenario because it has no way of knowing the gateway is honest, barring full signature verification of the quorum (n gateways), which afaik no client is going out and confirming signing keys with m/n members.
Doing so would defeatthe purpose of the gateway in providing compatible addresses/invoices.
There's simply no getting around trusting the a single API server, which is necessarily run by a single party.
Gateway Out
Shitquid's entire business model is literally a trusted swap service ffs.
reply
Doing so would defeatthe purpose of the gateway in providing compatible addresses/invoices. There's simply no getting around trusting the a single API server, which is necessarily run by a single party.
This is not how any of this works. Swaps between Liquid/Fedi and LN/L1 are atomic and untrusted basically using the same submarine mechanism that Boltz uses to swap between LN and L1. Not trusting gateways is the whole point of Fedimint.
Shitquid's entire business model is literally a trusted swap service ffs.
There's 11-of-15-trusted and then there's 1-trusted. Very different beasts.
reply
point of Fedimint
The point of Fedimint is to obfuscate trust point, it's still a client-server relationship.
Server being singular.
No one argues that these shitcoins are trusted, my point is that you're trusting 1 party, not many.
Are you really claiming that Liquid/Shitmints are Trustless? 🍿
11-of-15-trusted
You can't prove how many key holders there are, it's a trusted attestation
reply
Are you really claiming that Liquid/Shitmints are Trustless?
Not trustless, but m-of-n trusted under assumptions that the wallets work as intended. Fedimint gateways are trustless only under assumption that you trust the federation itself.
You can't prove how many key holders there are, it's a trusted attestation
Indeed I have not independently verified that the 15 functionaries of Liquid are not the same person. For example, maybe the photos on https://liquid.net of the Nym guy are AI-generated and Nym is actually run by Blockstream. However, the m-of-n trust model is by definition broken if more than n-m parties are evil, and such a case does include the possibility that n-m+1 parties are actually one and the same. Users that worry about this possibility should either use fedimints run by their friends or investigate the Liquid federation more thoroughly than I did.
reply
I think we're in agreement then that the purpose of a federation can only be to obfuscate the trusted party.
reply