.png)
.png)
Validators, developers, and token holders are arguing over who is to blame for the copy-paste blunder that resulted in the tokens being relocated to an address that no one can access.
The Juno blockchain, which is built on Cosmos, continues to serve as a case study for the ups and downs of on-chain governance.
Last week, a record-breaking community vote was meant to remove millions of dollars' worth of JUNO tokens from the wallet of a whale (big investor) suspected of gaming a community airdrop. Rather than sending the cash to an address controlled by the Juno community as anticipated, a programming error resulted in the monies being routed to the incorrect address on Wednesday.
The promise of blockchain-based governance is that the community's will is directly recorded on the blockchain. A single community vote should have been sufficient to transfer tokens from one specific blockchain address to another in a world where "code is law."
And yet, this week's failure of multiple human-controlled protections demonstrates how code-centric governance has yet to fulfill its lofty promise.
The whale and Juno
Juno Proposal 20, which was unanimously approved by the community last week, removed tokens from Takumi Asano, a Japanese investor accused of gaming the Juno airdrop in February to the tune of $120 million. It was the first significant instance to date of a blockchain community voting to adjust a single user's token balance in response to allegations of malevolent behavior.
According to the community vote, Asano operated an exchange business, which should have disqualified his wallets from participating in the Juno "stakedrop," which distributed JUNO coins to Cosmos Hub blockchain stakers.
Following a brief delay, last week's vote was scheduled to automatically execute code that transferred the "gamed" cash – now valued at roughly $36 million – from Asano's wallet to a "Unity" address owned by the Juno community.
Things did not go as to plan.
When the code was run on Wednesday, a programming error resulted in the transfer of three million revoked JUNO tokens to an erroneous blockchain address to which nobody has access - neither Asano nor the Juno community.
Proposal 20: A copy pasta
Andrea Di Michele, also known as "Dimi," a member of Juno's "Core-1" original programming team, told CoinDesk that the erroneous transfer occurred as a consequence of a copy-paste error.
“When I gave the [Proposal 20] developers the address of the [Unity] smart contract, I pasted the address of the smart contract and just underneath put the transaction hash. But I didn’t write ‘the transaction hash is this,’ I just put the transaction hash,” Dimi explained.
According to Dimi, engineers copied the transaction hash – which resembled the wallet address – rather than the actual wallet address. As a result, the confiscated cash landed up in an inaccessible crevasse of the Juno blockchain.
Who is to blame?
Theoretically, validators who deploy nodes to operate proof-of-stake blockchains such as Juno are responsible for doing due diligence on on-chain updates like as the one included in Proposal 20. It is this decentralized community of validators – not any particular developer – that is responsible for issuing blocks, safeguarding the network, and performing "decentralized" updates.
None of Juno's more than 120 validators appeared to discover the wrongly copied Unity URL.
Daniel Hwang, head of protocols at stakefish, one of Juno's validators, succinctly summarized his feelings in an email to CoinDesk: "We f**ked up big time."
Rather than being the responsibility of the programmers who put the incorrect address into the Proposal 20 code, Hwang stated that this week's events were "more the fault of the validators" who eventually ran that code.
“Devs can mess up … but at the end of the day there should be trust assumptions that cannot be relied on,” Hwang said. “Validators should have due diligenced for ourselves to actually check the code we’re executing and running.”
So what now for Juno?
The whale’s response? “LoL.”
Juno's core programming team and community are committed to transferring Asano's cash into the community-controlled Unity contract rather than accidentally "burning" them, as Asano has stated may occur. (Asano has stated to CoinDesk that he intends to sue Juno's validators if his monies are rejected rather being distributed to his alleged "investors.")
At the moment, the goal is to transfer the cash to the Unity address via a previously scheduled blockchain update. Rather than just improving the system, this patch will rebuild Juno's ledger to allocate the stranded cash to Unity.
Proposal 21, a strangely phrased governance proposal to approve the update, includes lines stating that the upgrade "[f]inishes the Unity proposal fund transfer" and "[r]edirects cash from a placeholder address to the Unity smart contract."
Proposal 21 appears to be on pace to pass, and it's difficult to envision validators, developers, and Asano not doing a triple check this time around.
Another stumbling block
While Juno has garnered much support from the Cosmos blockchain community, this is the latest setback for the project.
Following a community vote in March to invalidate Asano's tokens, a suspicious smart contract assault in April knocked the chain down for several days. Over the last two months, the JUNO token's price has fallen from around $40 to around $10, where it currently stands.
By fLEXI tEAM