- We add a filter to the getMeritStake method to avoid an exception at
getWeightedMeritAmount which would set merits to 0 in case the issuance
height blind would be larger than the vote height. I saw that error log
but could not reproduce it afterwards. It basically protects that we do
not add the issuance of the current cycle to the merit used in the
blind vote of that cycle.
- We add 1 block in the getCurrentlyAvailableMerit method to get the
same merit value if the blind vote was included in the next block.
We want to avoid that all nodes publish at the same time all proposals,
so we add a random delay from 100 ms - 5 sec.
A more sophisticated protection would be probably good but that delay
should help to avoid network spikes and is simple enough to not add
risks that the publishing would fail.
Set proposals which have been not included in the blind vote but which
have been later published and are part if the cycles proposals to
A malicious voter could manipulate the software to withhold publishing
of his proposal and be the only voter on it. At the last block in the
blind vote phase he could publish the proposal but others cannot vote
anymore as they likely have already voted. In the vote result the
other voters would have treated it like ignored and if the voter had
enough BSQ to pass the quorum he could get accepted his proposal.
With this change we set all proposals which are not part in the blind
vote data but found in the cycle's ballot list as rejected.
We don't want to burn BSQ in cases like that the tx was published too
late, which is a valid case if the tx does not make it in the next block.
We set such txs as IRREGULAR and allow spending of the BSQ, but there
function in the governance is invalidated.
We also add a check if the sum of all UTXO is the same as the sum of the
genesis + sum of issuance txs - burned fees.
We limit the possible max. issuance (including reimbursements) to the
valued defined in the ISSUANCE_LIMIT param.
In case we exceed that limit the whole cycle becomes invalid.
The main reason for that feature is limitation of max.
damage in case that an attacker manages to create unjustified issuance.
For valid cases we consider such a case as social consensus problem as
the majority of voters should be aware of that limit before they
accept such a high issuance. If known in advance that an extraordinary
high issuance is expected the DAO parameter can be changed.