
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
@digix/etc-redemption
Advanced tools
This repository contains contracts and scripts for the deployment and execution of Digix's proposed ETC redemption mechanism.
Activation block is set to 3800000. DGDR on the ETC will be credited to DGD holders on this block shortly after it passes.
Recent Updates
Digix recently outlined a proposal to allow DGD holders to redeem ETC. Since this proposal, with feedback from the DGD holder community, it has evolved into a less complex redemption process (by removing the voting step). This repository has been produced to describe and provide all the tools needed perform this updated redemption process.
The proposed contracts and process details are presented to the community for discussion, questions and criticisms. The current codebase is subject to change pending code review.
This updated includes some changes to the previously announced proposal - please view the previous version for additional context.
The main change is that we've decided to skip the carbonvote step. After gauging sentiment from DGD holders (including 'whales' and the general DGD community), there was no resistance to the principal of returning ETC to DGD holders. Therefore we have determined it would be better to forego the voting process as it would yield additional development time and reach a non-controversial already-known outcome (the motion to refund ETC to DGD holders).
The redemption contract allows users to claim an ETC balance by redeeming tokens that are issued to them automatically on the ETC chain.
Each redemption token represents 1:1 equivalent of DGD balances. These redemption tokens are known as DGDR
, which is an EIP20 token.
To claim ETC, holders of DGDR
should call a method on the DGDR
contract to burn their holdings in return of an ETC value. At the point of burning, the balance of DGDR
drops to 0, and a fixed rate will be used to convert this balance into ETC.
For example, a user has 100 DGD, gets 100 DGDR
, and burns it for ~22.3 ETC.
The conversion rate to ETC used will be close to 100% of the original ETC pool, but with an additional fee deduced from the pool based on the gas used for testing, deployment and minting (which could amount to around a few USD cents per user).
See Redemption Token Contract section for more details.
A 'top-up' system will be used when passing funds to the redemption contract to reduce the effects of any unforeseen exploits. Batches of 100,000 ETC (?) will be added to the redemption contract as required (and topped up as the remaining balance reaches 10,000).
The ETC batches will be kept on separate keys and transferred to the redemption contract when the DGDR reserve balance reaches near the highest unclaimed DGDR balance.
As development focus shifted a carbonvote process to the redemption contract, some additional end-user requirements were identified to enable DGD holders to perform the redemption on the ETC chain with ease.
The new redemption process is split roughly into the following steps:
This stage is managed by DigixGlobal and will not require interaction from DGD holders
After the activation block is reached, users with a DGDR
balance will be able to proceed with redemptions; (optionally trading and then) burning their DGDR
tokens in return for ETC using one of the following ways:
For those who hold their DGD balances in a contract address that may does not exist on ETC chain, two options are provided:
After discussing how exchanges can optimally engage with the redemption process, we identified the following general pattern that should be adopted by exchanges to ensure an easy:
DGD holders perform a vote to determine action on unclaimed ETC
0x0
address)For full documentation on the methods please see the contract docs. The redemption contract is an extended EIP20 tradable token with the additional features:
msg.sender
if using the default function)A test suite with 100% method coverage has been added to this repository under ./test
, they can be run with truffle test
.
This repository contains a series of scripts to facilitate the backend process.
The the parameters can be configured in ./scripts/helpers/config.json
.
npm run | args | Description |
---|---|---|
step-1 | Get the Snapshot (run this with multiple clients & Etherscan) | |
step-2 | Confirm the Balance Reports are the same | |
step-3 | Publish report to IPFS | |
step-4 | Migrate the Contracts to ETC Chain | |
step-5 | <tx> | Mint the Tokens on ETC Chain (optional resume from tx#) |
step-6 | Confirm the balances on ETC Chain (do this before and after step 7) | |
step-4-test | Migrate Contracts to Kovan (for testing) | |
step-5-test | <tx> | Mint the Tokens on Kovan (optional resume from tx#) |
step-6-test | Confirm balances on Kovan | |
estimate-gas | Estimate total ETC requirements |
## Accounts
contract: 0x1312f9ec97a2377c8e2ba6f088afdfedfe59398c
deployer / minter / admin 1: 0x7ecdc55af01cd035279916c76cad9d9771faf45a
admin 2: 0x4F143b42D1D7a80b946600990450DDef44e6e5BA
top up 1: 0xA876e0Bb91a5277be74b340De60c7BE818DC37e8
top up 2: 0xEB11C580781B9339fD0668A3883f7fe1dB38B592
top up 3: 0x6dF098fEc80FC5Fec8D045c4eA8cc9429C90A357
top up 4: 0x50092395418bE5f4Ad1E720a0724F334758C3158
Please join the Digix slack channel #etc-redemption
FAQs
Digix Ethereum Classic Redemption
The npm package @digix/etc-redemption receives a total of 0 weekly downloads. As such, @digix/etc-redemption popularity was classified as not popular.
We found that @digix/etc-redemption demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.