pull down to refresh
100 sats \ 5 replies \ @justin_shocknet OP 24 Apr 2024 \ parent \ on: "Federated" is nomenclature used by scammers to mislead the non-technical bitcoin
Triggered!
Sure, bad wallet can happen with anything... but auditing the wallet client code isn't also an audit of the external API server it uses. There's little point in auditing a wallet using a trusted API from the jump.
The wallet can be innocent in this scenario because it has no way of knowing the gateway is honest, barring full signature verification of the quorum (n gateways), which afaik no client is going out and confirming signing keys with m/n members.
Doing so would defeatthe purpose of the gateway in providing compatible addresses/invoices.
There's simply no getting around trusting the a single API server, which is necessarily run by a single party.
Shitquid's entire business model is literally a trusted swap service ffs.
Doing so would defeatthe purpose of the gateway in providing compatible addresses/invoices. There's simply no getting around trusting the a single API server, which is necessarily run by a single party.
This is not how any of this works. Swaps between Liquid/Fedi and LN/L1 are atomic and untrusted basically using the same submarine mechanism that Boltz uses to swap between LN and L1. Not trusting gateways is the whole point of Fedimint.
Shitquid's entire business model is literally a trusted swap service ffs.
There's 11-of-15-trusted and then there's 1-trusted. Very different beasts.
reply
point of Fedimint
The point of Fedimint is to obfuscate trust point, it's still a client-server relationship.
Server being singular.
No one argues that these shitcoins are trusted, my point is that you're trusting 1 party, not many.
Are you really claiming that Liquid/Shitmints are Trustless? 🍿
11-of-15-trusted
You can't prove how many key holders there are, it's a trusted attestation
reply
Are you really claiming that Liquid/Shitmints are Trustless?
Not trustless, but m-of-n trusted under assumptions that the wallets work as intended. Fedimint gateways are trustless only under assumption that you trust the federation itself.
You can't prove how many key holders there are, it's a trusted attestation
Indeed I have not independently verified that the 15 functionaries of Liquid are not the same person. For example, maybe the photos on https://liquid.net of the Nym guy are AI-generated and Nym is actually run by Blockstream. However, the m-of-n trust model is by definition broken if more than n-m parties are evil, and such a case does include the possibility that n-m+1 parties are actually one and the same. Users that worry about this possibility should either use fedimints run by their friends or investigate the Liquid federation more thoroughly than I did.
reply
I think we're in agreement then that the purpose of a federation can only be to obfuscate the trusted party.
reply
I did not say that. I consider m-of-n model to be a significant improvement, but of course the user has to verify that those n do in fact exist.
reply