I'm supporting this and also think the proposal that @theycallmedan has made repeatedly of allowing a penalised quick power down is well worth implementing if the security implications can be thought through properly.
You are viewing a single comment's thread from:
How would you feel if someone would gain access to your active-key, and could steal all your funds in a week or two, while the bad actor would only lose maybe 20% (or however much is getting burned) from the potential 100%? You might be active around here right now nearly every day, but this is a serious security issue we have to carefully consider.
You could implement whitelisted accounts that funds can be transferred to that users can set. And maybe also implement 2fa. I would love to see power down lowered to one week. It is much needed and many in favor of.
Whitelisted withdraw addresses, if the withdraw address is changed, the users funds are locked for x time. And I agree, 2fa would be awesome and also help a lot.
2FA and Hardware wallet would be awesome. If we can get Steem listed on exodus wallet we will be one step closer to getting trezor implemented. First we need changelly or shapeshift integration, I should do a proposal for that s it costs around 20K listing fee.
I've always said we need a hardware solution for Steem. Might help with everything we are talking about now in this post.
The bad actor doesn't lose 20%, they gain 80% lmao.
The thing is most other crypto doesn’t have long lockups like Steem, there are other ways to protect your funds like split your stake over multiple accounts, a 4 week vesting period is still more protection than most chains offer, but I think we shouldn’t force long lockups on users and become a nanny state, offer a lower lockup period, long enough to deter exchanges from voting, ie 4 weeks is a good deterrent still, and then allow power users to lockup longer dynamically should they wish. Diff incentives for diff lengths of staking becomes complex and leads to more bugs that can occur, steem should be as simple as possible, SMT’s can be more variable and complex.
Another reason to have a lower lockup is to allow SMT’s to be more flexible to cater for more use cases, since SMT’s can’t have a shorter vesting period than the main token, makes sense to reduce the period on the main token to allow more SMT vesting options.
If exchange voting is s risk there are other ways to deal with that, make it an onchain policy that exchanges can’t vote and use an oracle that has a list of known exchange accounts that are excluded from consensus voting.
Ah and i just realised you were responding to the quick power down burn, I am also no longer in favour of that due to security risk of hacker insta-stealing your funds via the insta withdrawl burn method.
Yes I’m in favour of a lowered minimum vesting period with a dynamic options for people who want to lockup longer for security, only reason I didn’t include in the proposal was due to the added complexity, this HF will already be complex due to SMTs.
The quick powerdown based on burn was at first glance a cool idea but after more thought it totally circumvents any lockup period security, you might as well not have a lockup period for safety then if a hacker can get into your account and initiate a burn to get all your funds out.
Surely there could be a simple opt in and people who feel confident in their own ability to secure their accounts can sign up for high speed power down. Obviously after a 13 week wait that would kick and and the account would be marked as available for quicker power downs.
Sure anything is possible but adds to complexity of the chain because now you have to store the opt-in state of each account.
What if you would have to use the Owner Key instead of Active in order to make an instant power down with a burn? This way you wouldn't have to be worried of losing all your funds in case of some getting their hands on your Active Key.