Content
@
0 reply
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
How to avoid accidentally 𝐥𝐚𝐮𝐧𝐝𝐞𝐫𝐢𝐧𝐠 𝐦𝐨𝐧𝐞𝐲 Sounds silly, but surprisingly easy to do if you're not vigilant. One small tweak in a seemingly unrelated module and suddenly kim jong is salivating. To prevent this, we now ask two questions prior to shipping:
1 reply
0 recast
1 reaction
Lyron Co Ting Keh
@lyronctk
1. Do you have ANY nullifier sets attached to your merkle trees? 2. Are there ANY cases where multiple users share hiding commitments? If the answer to either is yes, then don't merge to main.
1 reply
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
This is one of those cases where the expressivity of a turing-complete machine is so scary. Even if what you're doing is far removed from the concept of anonymous money, any sufficiently motivated person can exploit tiny slip-ups.
1 reply
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
Slip-up [1] typically happens when you want to hide the consumption of state. Eg. You're building on-chain Minecraft and you want to let players anonymously steal plants from a garden. Too bad same mechanism is used in Tornado Cash w/ plant == money and garden == mixing pool.
1 reply
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
Slip-up [2] typically happens when you want to groups of users to own hidden state. Eg. You're building on-chain baking and you want users to bring proprietary ingredients. Too bad the same mechanism is used for Coin Join w/ ingredients == money and cake == mixed funds.
1 reply
0 recast
0 reaction
Lyron Co Ting Keh
@lyronctk
So yes, safe to say we've had many run-ins with these cases. Which is why these two questions are so important for us. We don't think "it was an accident" holds well in court lol.
1 reply
0 recast
0 reaction
