Skip to content

Instantly share code, notes, and snippets.

@mappum

mappum/auditingOverview.md Secret

Last active Mar 9, 2017
Embed
What would you like to do?

Cosmos Fundraiser Overview for Auditors

The Cosmos Fundraiser will most likely take place sometime in late March 2017, and will take donations from users in both BTC and ETH, in exchange for Cosmos ATOM tokens. The flow for donating BTC has been implemented, and is integrated in both a webpage and a CLI application.

Repos

The code for these components are organized into 4 repos:

Donation Flow Overview

The Cosmos Fundraiser is largely based on the Ether Sale. The process to receive Cosmos Atoms during the fundraiser is as follows:

  1. Wallet generation: A wallet is generated by picking a random 256-bit seed. The seed is used to derive a Cosmos private key (cosmospriv = SHA3(seed + 0x00)), a Bitcoin private key (btcpriv = SHA3(seed + 0x01), and an Ethereum private key (ethpriv = SHA3(seed + 0x02)). The user selects a password, then the application encrypts the seed with AES256-CBC, using a key derived with PBKDF2 using the SHA512 hash function and 10000 iterations.
  2. Intermediate transaction: The user sends Bitcoins to one of their newly-generated addresses as an intermediate step.
  3. Final transaction: Once the application detects the Bitcoin transaction (using the blockchain.info API), funds are sent from the intermediate address to the Cosmos exodus address. This address is spendable by the Cosmos developers. Additionally, a P2PKH output is created which pays out to the user's Cosmos address, in order to specify the account which should be credited with Atoms. (See below in the notes why this isn't OP_RETURN).
  4. Credited on Cosmos Hub blockchain: Later, once the Cosmos Hub is launched, the accounts specified in the exodus transactions will be credited with some amount of Atoms based on how much money was sent to the exodus address.

Notes

  • The final transaction uses a P2PKH output to specify the user's Cosmos address. This really should be OP_RETURN, but unfortunately the blockchain.info API rejects transactions with OP_RETURN outputs as non-standard. We could have used an alternative API service, however the others have stricter rate limiting or are not free.

Contact

Feel free to contact me (@mappum) on the Tendermint slack (http://forum.tendermint.com:3000/) or via matt@tendermint.com with any questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.