http://www.cloaktalk.org/t/private-audit-cloakcoin-posa/243[TheDagger]
TheDagger
8h
2
Update:
Cloak team is relentlessly serious about developing the best anon service for the Crypto community, so much so we got ourselves a private audit and are making the results totally transparent as outlined in a previous update.
Please take time to read the audit and realise we aren't going anywhere until we deliver on everything in order to reach the goals we laid out in the first weeks of launch.
The free nature of these Crypto markets means that investors can decide to leave, stick with us, support us or do anything they wish (at any time) but despite the price or FUD accusations our goals remain constant. We strive to be the best.
The results of this audit are "quite a wake up call" and for us that means they are to be looked upon as being one more step towards the end goal for the Cloak team, another evolution in the right direction. We're growing, learning, developing and being mature enough to recognise our faults and build on them for a stronger CLOAK in the future!
Here are the evaluations of a non-fluff / non-pretentious private audit in which have spawned countless hours of discussion, solid propositions of plans and real world solutions to develop better technology in which we can obtain our destination of anon superiority. The development and audits of various plans evolved and adapted from PoSA is now well under way.
Thank you to those who stick by us through thick and thin. It's not easy when the stakes are so high and we're subject to such extreme price movements... Please believe us when we say the CLOAK team has never been so strong and is never giving up on delivery, no matter what it takes we are all passionate about Cloak and the possibilities of all our future projects... 100% trust less anon being the biggest challenge!
Audit Results
Especially because of the timing and the coin price this post is going to be misinterpreted, spawn
conspiracy theories, and largely do nothing to resolve the chaos of misinformation surrounding this coin.
These products are an unfortunate side effect of the truth, as misconstrued as it may be. The developers continue to hold all their coins, any notions that the developers have abandoned the coin or sold is easy to believe but the rich list can be used to confirm they have not.
Please read the post carefully and decide whether you would like to be involved in a coin that will be honest with you about the challenges every anonymous implementation is facing.
We promised you an audit of the PoSA v1 and Block Escrow protocols. To accomplish this we set out to find people with the experience required among the community. A little over a week ago we were successful. Our internal auditor runs a software development company creating enterprise software solutions, so we can give everything the inspection it deserves before subjecting ourselves to a media or academic audit.
A few days ago our auditor returned to us with some hard truths. We failed our audit on PoSA v1 and Block Escrow.
PoSA v1 is a fully anonymous system according to our audit, but it is not trustless.
It requires the active participation of nodes involved in the transaction. If that participation ceases due to malicious activity or even something benign like prolonged failed connectivity, the funds will be stuck in transit of the offline node until connectivity is regained and the node cooperates. The funds can’t be stolen, just stuck until the node cooperates. This is trust, like masternodes, and we don’t want it in our system. To avoid this very unlikely issue in PoSA wallets, it’s best to set posa=0 in your CloakCoin.conf file for the mean time and avoid sending PoSA transactions.
Block Escrow was proposed to be the solution to this problem, but it failed the same audit for different reasons. Block Escrow is trustless by relying on the consensus of the CloakCoin network to process transactions, but this is not anonymous since it leaves a discernable transaction trail within the public ledger.
Block Escrow has the opposite problem as PoSA, and adding it into PoSA isn’t going to change that. It’s just going to cause both problems to exist independently. Our auditor included some good suggestions in their audit regarding how to address these problems and we have proposed a new protocol implementing their suggestions with several new innovations.
We have already fully described this new protocol in a reproducible technical specification after round the clock efforts by the team. This new specification is being vigorously audited now by both the auditor and the entire development team; we expect the results within the next few days and will be publishing them.
If the results are a pass we will pursue implementing and marketing our new protocol, which we expect to take approximately a month – it’s a complete overhaul. We will also publicly release our full technical specification for public audit if we pass. We realize this opens us up to the possibility of competitors racing to implement, but it’s a race we’re ready for.
Releasing an auditable protocol would be the least we can do for this community that has stuck with us through the pumpers and the dumpers. If the results are a fail, we’ll return with another proposal or fix for audit within the week. We’ll do that until we get it right, and then we’re going to release the specifications for public audit. If the public audit comes up with issues then we will address those too. We’ll keep going and going, because we are determined to break boundaries in anonymous technologies. We’re not happy with the current “trust” filled solutions available on the market. We don’t think coinjoin is an answer. We’ve made similar mistakes as other developers by over protecting our anonymous solution to the point that it cannot be properly audited. Not anymore.
The market deserves the chance to act on this information, for good and bad. We promised an audit
and we intend to demonstrate that we will stick to our word. Some people will see the fact that errors have been made and delays have occurred as a reason to dump their Cloakcoin and they deserve that chance.
Others will see a development team adamant about pushing barriers and making a breakthrough in anonymous technologies, dealing with and disclosing issues that occur in the testing process with a brutal honesty.
Without doubt, accusations of scamcoin and developers dumping to profit off some insider information will be shouted at every chance. Worse, we’ve had people like bobsurplus whispering into the developer’s ears, encouraging them to commit fraud for profit, dump and kill off the coin to jump on a new coin to pump and dump the same way he did to CloakCoin.
The truth is no auditor or developer had a chance to use this information to dump any coin – people like bobsurplus killed the price with a pump and dump before the Block Escrow audit even began. This isn’t a get rich quick scheme and developers aren’t abandoning the coin. This is a software development organization. Mistakes get made. We have mechanisms with which to catch errors and save ourselves embarrassment before releasing half formed ideas to the public, and they failed on this occasion.
We know you're disappointed about the price, we are too. We're back where we were a month ago both in price and development schedule. A lot of people were scared that this is another case of developers leaving people with a scam. There is a lot of reason for that fear to exist, it's very rational. The alt-coin marketplace is full of bad actors, but we're going to use this disclosure and continued audits to prove that notion wrong. We think Cloak is a strong buy at current prices despite these audit results and we're holding. Our auditor is holding. If you saw the train depart without you once with envy in your eye, climb aboard. We're leaving the station.
TL;DR:
The audit that was promised on PoSA v1 was performed. It failed for not being immune to malicious nodes. We proposed a solution called Block Escrow, it failed the same audit for not being properly anonymous. We have a promising solution right now which has not yet failed the audit despite scrutiny, but after being burned from past mistakes we won’t be releasing technical diagrams of it until we have some consensus from auditors and developers – one week timeframe until release of such diagrams if we pass the audit on our new protocol.
Look for the audit results on our new protocol as well as a full technical description in the coming days. Expect continued news good or bad from the developers. We think Cloakcoin has a very exciting future of trustless anonymity among many other features.
We’re CloakStrong.
(edited to fix block of text and improve readability)
