RandomX audits
This is the funding request for the audits for the RandomX Proof of Work algorithm that we've been working on for the past year or so. Our aim has been to develop a PoW that requires any implementation to include the major components of a CPU, and thus constrain all implementations to have CPU-like performance. The code for RandomX is available for testing on https://github.com/tevador/RandomX/
We solicited proposals from 4 different audit teams. One of these is already being paid for by Arweave.org. The community voted to fund the other 3, in this priority order. The vote occurred on https://www.reddit.com/r/Monero/comments/bozr0z/randomx_auditor_selection/
Like with the Bulletproofs audit, we are working with the Open Source Technology Improvement Fund (OSTIF), which has generously offered to manage the exchange of XMR to fiat to pay the reviewers.
REQUEST
- Kudelski 18,250 CHF ~ $18,094.04
- X41 42,000 Euro ~ $46,902.58
- QuarksLab $52,800.00
The total amount is around $118,000 (and may vary due to exchange rate fluctuations from USD to CHF and EUR). The request is for 1400 XMR, using an exhange estimate of 1 XMR = 85 USD. Since the funding is in fiat currency, this amount will be updated to reflect price fluctuations until funded.
The reviews will be funded in this order as soon as sufficient funds are available. This means that as soon as enough funds have been raised to pay for Kudelski we will engage them to begin their review. If/when sufficient funds are raised to pay for X41 we will start that; if/when sufficient additional funds are raised to cover QuarksLab we will start that. If we don't raise enough funds to cover all 3 reviews we will go with whatever we can cover. As with any other CCS proposal, any funds collected that aren't sufficient to meet a funding target will be reverted to the general development fund.
Reviews must be completed by end of June so that any identified problems can be fixed by July, and ready for a code freeze and subsequent October release.
Merge request reports
Activity
@xeagu The RandomX code has already been 100% volunteer developed. The RandomX developers, Monero developers and the community have already discussed, at great length, the desire to have competent 3rd party audits conducted before the code is merged into Monero proper. There is also precedent in this case (i.e. the Bulletproof audits), which the community funded. And by what merit do you regard the cost too great?
The fact that it is always the same small group of select individuals who rally together and claim to represent a Monero Community while selectively proposing, approving, and funding an equally small set of funding proposals has me deeply concerned that the Monero project has been successfully coopted by a unified single entity. This is all fine and dandy except that the "Monero Community" markets its product "Monero" as a decentralized currency.
This is the same small unified group that performed the "Bulletproofs Audit" and claims that the Bulletproof's Range Proof upgrade did not introduce a vulnerability that would enable such anonymous money printing.
Monero claims to be an "open source project" but it doesn't look like any work on the product gets done unless the "Monero Community" employees get paid.
Monero development and innovation never ceases to amaze me and all done with focus on core principals. As I see it RandomX's focus is decentralization and done so in a creative and unique way. The discussion of whether or not to proceed has already happened. We will only know it's effectiveness by trying.
I agree with trying and will put my moneroj were my mouth is.
Thank you** hyc for spawning this creation and your work done, thanks to tevador for his months of work to bring this to fruition and thanks to the expertise sexh1 has brought and his work done.
@xeagu None of us developing RandomX has been paid, it has been completely volunteer work. You're making shit up. The Monero community has been fully in the loop from the very beginning of this PoW development process. If you've got nothing sane to say then please go away until you do.
@xeagu I laid out the direction for a long-term PoW algorithm over a year ago https://www.reddit.com/r/Monero/comments/8bshrx/what_we_need_to_know_about_proof_of_work_pow/ note there are over 100 comments from the community there.
More recently we discussed the future of PoW algorithms here https://github.com/monero-project/meta/issues/316 over 800 comments from community members. We had a long meeting about it and yet another discussion here https://github.com/monero-project/meta/issues/321 with over 150 comments.
The status update on our work https://www.reddit.com/r/Monero/comments/bmybxn/randomx_status_update/ was again completely out in the open, and laid out the next steps we were pursuing.
The community voted on what audits to pursue. Again, completely out in the open. https://www.reddit.com/r/Monero/comments/bozr0z/randomx_auditor_selection/
For you to say only a small closed group is behind this work is utterly ludicrous. The work has been built and discussed completely out in the open for the past year. This shit you're spewing only reflects badly on you, and you alone.
@xeagu So you now just want to rant about the "Monero Community". The Monero developers and the RandomX developers are the requesters of this audit, not to fund themselves, but to fund competent 3rd parties.
This is the same small unified group that performed the "Bulletproofs Audit" and claims that the Bulletproof's Range Proof upgrade did not introduce a vulnerability that would enable such anonymous money printing.
This is just a rubbish, childish and an utterly ignorant thing to say. Small unified group that performed the audits? Ridiculous. Kedelski and Quarkslab are both highly competent 3rd party businesses and were both engaged via OSTIF. That you think either of them would hide some vulnerability is utterly ridiculous. Every contract they fulfill, they are putting their business reputation on the line.
Monero claims to be an "open source project" but it doesn't look like any work on the product gets done unless the "Monero Community" employees get paid.
You clearly don't understand what "open source" is then. Have hyc, tevador et al been paid to write RandomX? No. There are also dozens of developers (myself included) that have, and continue to do, work on Monero and Monero related projects without ever having being paid. You have a serious misunderstanding of who get's any of this proposals funding. Let me spell it out to you since you clearly don't understand: the funding is for the listed 3rd parties, not Monero developers or the Monero community. And Monero is open source! Here is a link to the open source code.
You are sullying this request and in doing so are only managing to alienate yourself from the very people that devote considerable time and effort to Monero - largely unpaid. This is malicious behavior and childish thinking. Funding 3rd party audits of proposed significant parts of codebase can only be seen as positive for the project. You're a complete imbecile if you can't grasp why.
RandomX is a mission critical piece of Monero being able to be ASIC resistant long term and relieve the technical burden of frequent hard forks on contributors. Major kudos to those who have donated to its development to this point of RandomX freely. Would donate to and given the previous Reddit threads on this I imagine a good number of the community would as well.
In case it wasn't apparent already, I would recommend folk just ignore Xeagu at this point and just focus on the CCS. He has been banned from various workgroups and the Church of Monero where he spent most of his Monero energy for his inability to work well with others, being intellectually dishonest, and generally ignoring advise to not engage in spam-like behavior given by members like Luigi. Engaging him any further in the comments just winds up with you wasting energy on feeding a troll.
@sgp The proposal is meant to be paid out incrementally, not all in one lump. I personally would only expect to see enough funding for the first 2 to be paid.
@hyc thanks, can you make it clearer in the description that the third audit is a stretch goal? I see the comment regarding them being paid in the order funds become available, but some further clarification that the expectation isn't necessarily that all three will be funded may be helpful. In any case, I support this proposal.
Edited by Justin Ehrenhoferadded 1 commit
- 146039be - Clarification of incremental funding structure