Cryptoverse Reached Level 9000 in Trolling Facebook and Libra
Well, when the cryptoverse plays, it plays hard and directly to the point. This time, a supposedly Hong Kong-based developer targeted the governance structure of the Libra coin project, yesterday announced by Facebook and another 27 organizations.
In the recent update 83, “CRITICAL security vuln fixed”, as published on GitHub, a web-based hosting service that is most often used for code, it said that Libra has "an alarming vulnerability."
User ‘gazhayes’, who has "discovered" the vulnerability, explained that, “in the current implementation, trusted 'validator nodes' are core to the security model”, which essentially means that hard power is centralized around those few entities, but it is also these entities that the protocol itself depends on to validate the protocol.
Now comes the most interesting part: “This means the protocol is whatever they decide it is. These entities can change the rules whenever they want. This means they can freeze your coins, take your coins, issue new coins, or really whatever they want – the sky is the limit.”
As reported, Libra is governed by the the Libra Association which now has 28 founding members, such as Facebook, Visa, PayPal, Uber and others, who had to pay at least USD 10 million to join the Association and become a validator node.
"Validator nodes, represented in the [Libra Association Council], have the ultimate power. The council delegates many of its executive powers to the association's management but retains authority to override delegated decisions and keep key decisions to itself, with the most important ones requiring a greater than two-thirds supermajority," as it's explained on the Libra's website.
Libra letting 2/3 of validators vote to rebalance the reserve basket seems like an insane idea on second thought.— Su Zhu 🦁 (@zhusu) June 19, 2019
Soros Jr could short a currency in the basket, bribe validators to remove it, and print money. Would be admittedly a cypherpunk vision but not gonna amuse govts.
However, gazhayes has sent a pull request to address it, which contains a patch to the existing codebase that should resolve the issue. The solution is simple – “using a permissionless system where the hard power is decentralised across a very large number of participants in such a way that making changes to the protocol is impossible without near unanimous agreement by everyone involved.”
Meanwhile, another user of GitHub, pigd0g, added insult to injury claiming that "Funds have been seized by a third party due to violation of terms of service. I just posted something the validators don't agree with on social media."
This is objectively funny and lighthearted, and as we know, cryptoworld will always find a way to laugh no matter what. But jokes aside, this is an important question for Libra and Facebook in general.
While a recent survey showed that 18% of 1,000 survey adult Americans would be interested in investing in a Facebook created digital token, it doesn’t exactly take a survey to know that many people mistrust Facebook when it comes to security and privacy, particularly regarding the Cambridge Analytica incident when 87 million people’s personal data were taken and used for political ad targeting. Also, a lot of criticism has been pointed exactly at the lack of decentralization and anonymity of Libra and Calibra, with some pointing out that it's not blockchain at all.
Also, as reported, the project is facing additional problems with lawmakers.