Blockchain is a really interesting space, there is no hiding. That’s the point right? So what do you do when you mess something up? Usually you make the traces go away behind your walled garden. Teams of IT professionals and customer service portals make right the wrongs, the person on the phone is happy, and the whole world is none the wiser.

When you mess up on Blockchain everyone gets the opportunity to see what went wrong. They can chose to point and laugh, or they can learn from someone else’s misfortune and make the whole system stronger.

Before I get philosophical about EOS, what actually went wrong?

What happened?

TRYBE provided a unique scheme where users could sign up on their site prior the TRYBE token being deployed. Once the token was deployed the public could Airgrab the token. TRYBE honoured tokens on their site, and provided a bonus for signing up pre-token and airgrabbing as well.

Because users could provide any name they wished they weren’t always valid.

  • Lesson learned: When possible for off-chain sites… determine a method of linking true EOS accounts to off-chain identities. If this isn’t possible for some reason, perhaps the user inconvenience is considered too high, exercise higher caution when validating EOS names.

The airdropping utility uses eosjs, the first and most commonly used javascript library for interacting with the EOS blockchain, which was provided by BlockONE. During initial testing 6 weeks ago on a prior airdrop a key configuration flag of broadcast: false was confirmed to prevent transactions from sending.

During testing of the names provided this flag was kept in broadcast: false however somehow, the transactions had apparently been broadcast after all.

  • Lesson learned: Don’t trust packages to not change or always work the same way when you upgrade them. Even if you are confident the code works, perform local tests to ensure it.

When the erroneous transfers of tokens was identified the process was halted and solutions were evaluated.

How was it resolved?

  1. Freeze transfers of the token to prevent invalid dropped quantities from moving and becoming unmanageable. This was done rapidly by adding an eosio_assert(false,"no transfers allowed") to the transfers action. The code was compiled and deployed.
  2. With tokens frozen extra care could be taken. Transfer was futher modified to allow only the airdropper to transfer tokens, and to add an airdropfix action that would allow the dropped funds to be returned without changing overall supply. This decision was considered acceptable because up until this point all tokens were advance gifts to close supporters. This would also expose the reversal transactions publicly instead of hiding them (which was an available option). Transparency was always considered the upmost importance in the response.
  3. A snapshot was taken of all participants before and after token values from the drop. Because the time from invalid drop to detection was short, and only affected approximately 120 of the nearly 10,000 accounts that would be dropped to, the risk of tokens gained through other means or having been transferred was acceptably low.
  4. The invalid tokens were retrieved using theairdropfix action.
  5. The correct airdrop distribution was applied granted nearly 10,000 accounts tokens.
  6. The original smart contract was deployed, removing the transfer freeze and airdropfix functionality.

The TRYBE team did an amazing job communicating with community throughout the process.

Team work and community held the chain together!

What does this teach us?

The simple fact of EOS is that unlike many of the blockchains before it contracts and values are mutable — this means that they can be changed. For those where the primary appeal is that a coin or token is irreversible and forever yours… or forever lost…then there are some ways to do that on EOS, but they won’t be universally adopted.

EOS creates a new space where the actions you take are forever recorded for all to see for as long as blocks are made, but it’s also a place where you can fix your mistakes when they don’t match you intentions.

Many DAPPS, industries, governments may be looking at EOSIO for this very reasons, accountability without inflexibility. The TRYBE token is a utility to fuel a place of knowledge sharing. The tokens had to respect the rules it had laid out to everyone who wants to trust and participate in that community even if it meant temporarily taking away to correct an error.

At the very core EOS requires some trust, which is rewarded with transparency.

What if I don’t want to trust?

This is where the power of DACs becomes important. Decentralizing control of mutable things will become the key to trusting mutability. When the entire community can take part in the decision making process to create something wonderful or fix something that went wrong they are more likely to trust those decisions.

While slower than a lone wolf with all the keys making decisions on the fly or with a small committee it provides a powerful safeguard and statement about the thing you are making together and the confidence in its reliability.

What do you think?

EOS is breaking new ground and events like these should be used to consider the evolution of the technology and the community. Humanity will ever make mistakes and it’s our obligation to learn from them and make things better.

  • Should a technology punish our mistakes and prevent us from fixing them? What does this achieve?
  • Is too much flexibility and freedom going to erode confidence and slow adoption? Or is the transparent flexibility the missing link to widespread use?
  • Is there a middle ground? What does it look like?

The community and technology need to find these answers so it can continue to evolve and become the world changing force we all want to see.


Your Remaining Votes (within 24hrs) : 10 of 10
108 votes, average: 4.79 out of 5108 votes, average: 4.79 out of 5108 votes, average: 4.79 out of 5108 votes, average: 4.79 out of 5108 votes, average: 4.79 out of 5 (108 votes, average: 4.79 out of 5)
You need to be a registered member to rate this.
(3592 total tokens earned)
Loading...

Responses

  1. peter S

    Difficult choice:
    – having a grace period to allow reversion of a mistake
    – or making each transaction irreversible which is the orignal promise in blockchains
    In my view EOS adds a transparent option which is useful, but I realize this debate ain’t over…

    (7)
  2. BitcoinQuest

    I think it is good to have the opportunity to reverse transactions though it is indeed an issue since it is against some of the basic principles of blockchains. On the other hand, a reversed transaction is also visible within the chain and can be tracked.

    Thank you for solving this issue and sending all your community members a great bunch of tokens! Continue great work and sleep well!

    (3)
  3. Marco Siccardi

    I was shocked first when I realized what’s going on.

    Given the fact that you used official tools to fix the erroneous transactions, personally, I am fine with how it went. The team was transparent all the time as much as the chain itself.

    Experiencing this made me even more curious of EOS from a developer’s point of view.

    Great job!

    (2)
  4. Gokul

    Thanks for that brief of that happened. This was insightful. Were you able to identify what change had led to this behaviour in eosjs??

    We need to have a simple way of syncing accounts with non chain websites. In Steem blockchain this issues is addressed by https://steemconnect.com/ I hope something similar comes up for EOS as well.

    (2)
  5. Conceptskip

    Hi guys, must have been a hard day for you! Whereas i appreciate your transparency, and your commitment to fix this issue, i feel the possibility of such a command is highly problematic, and despite you undoubtedly good intentions you have created a precedent which now can be repeated by significantly less good actors.
    Do you see a possibility to use multisig for these kind of transactions? Or did you consider involving ecaf?

    (2)
    1. TRUTH(@i-am)

      I agree,,, the “immutability” is a mute point compared with TRANSPARENCY and the ability to make the Transparent align with TRUTH (aka intention). Blockchain, in my view, is for AUTOMATION of jobs that require TRUSTed Intermediaries…. these become smart contracts,,,,,, IF they are TRUE,, they are immutable (never messed with),,, if they are in ERROR,,, they are corrected to TRUTH. Best of all worlds.

      (0)
  6. Tyler

    I think this incident is a perfect early example of the purpose of EOS. It has obviously been thoroughly tested, but not in a way where thousands of active people were effected in a live setting. It helped build trust in the blockchain and the trybe team, for me at least. And, I’m sure that it’ll be used in arguments across the web for and in support of the mass adoption of EOS, for months or even years to come; depending on the longevity of the community.
    Sadly, as great as this was; it was also a daunting showcase of possibilities. Possibilities I won’t get into detail about here, but just try to imagine malicious intent and devious business tactics tied to a charming and powerful “talking head.” Now couple that mental image with the knowledge that the masses are easily swayed to keep up with the most current information; impishly forgetting the most recent past no matter how harshly it affected them.

    (2)
  7. Pingback: EOS startup utilizes backdoor to access user wallets, retrieve airdropped tokens - readly.info

  8. Pingback: EOS startup utilizes backdoor to access user wallets, retrieve airdropped tokens – USA News Hub

  9. Pingback: EOS startup utilizes backdoor to access user wallets, retrieve airdropped tokens - Techheadlines

  10. Pingback: EOS startup makes use of backdoor to entry person wallets, retrieve tokens – Zaal Club

  11. Pingback: DApp de EOS reembolsa tokens enviados por error a sus usuarios | CriptoNoticias - Bitcoin, Blockchain, criptomonedas

  12. Pingback: EOS startup utilizes backdoor to access user wallets, retrieve airdropped tokens – seattle startup jobs

  13. Pingback: Crypto News Flash: Bitcoin (BTC), Ethereum (ETH), VeChain (VET), EOS, BitConnect - Blockchain News Feed

  14. Pingback: Botched Trybe airdrop highlights a big difference between EOS and Ethereum blockchains - CryptoFollow

  15. Pingback: EOS has backdoors that others can use to access coins in your accounts : CryptoCurrency

  16. SouthernCrossroads

    Thanks for the great post. The write up really put my mind at ease about the future of EOS. It was really interesting to actually see the snippets of code to explain what really happened. I have to admit I’m even happier with Trybe than ever. It is really important to keep the community apprised of what really happened. Thank again for the great article and getting out in front of this problem. In the long run I think it will do more to strengthen the EOS community and Trybe due to the flexibility of EOS contracts in a real world use than a Air Drop scandal.

    (0)
  17. Pingback: FUD Spreading on EOS Hacks | Featuring Ducatur | Coin Crypto News

  18. Pingback: Addressing EOS Token Smart Contracts and a Proposal for Core Development Funding on EOS – Kryptofactor – Supported By Eclipse24.io