<p>Transition to NPoS is expected to happen this week. Validator elections and rewards will be activated during this stage. <strong><strong>Is it reasonable to stake at the very beginning or better to wait for exchange listings and activation of token transfers?</strong></strong></p><p>There are more arguments for early staking, than against.</p><h1 id="time-is-rewards"><strong>Time is rewards</strong></h1><p>During NPoS, all nominators will earn staking rewards. <strong><strong>For those who haven't nominated yet, each day will result in a missed opportunity to receive additional interest</strong></strong> on their DOT holdings.</p><p>The period between NPoS and transfer activation is not defined. Some time will be taken to ensure that the network is stable enough before the next steps. After the enablement of decentralized governance, a technical committee and first councils should be elected. It will take at least 14 days. After that, someone will make a runtime upgrade proposal to remove sudo module, voting will take 28 days with an additional 30 days of enactment period before the upgrade.</p><p>If a proposal to enable transfers will be the next one it will also take 28 days to vote for and 30 more days of enactment period. To sum up, <strong><strong>more than 4 months and more than one third of annual DOT rewards can be lost just waiting for the right moment to stake</strong></strong>.</p><h1 id="lower-staked-dot"><strong>Lower staked DOT</strong></h1><p>In the early days of the network the number of staked DOT will start from a lower value and will increase gradually over time as new holders will join staking. Assuming a constant number of validators before network stabilization, the barrier for a node to enter the active set will be lower in the beginning.</p><p>The average annual percentage return for a nominator depends on his share in the validator's total stake. It means that <strong><strong>nominators who stake early obtain a bigger share in the validator pool receiving a higher portion of rewards</strong></strong>. With enabled compounding nominators will be able to retain or even increase their share.</p><p>If Joe has 15,000 DOT and the total stake of a validator is 30,000 DOT, Joe will receive one half of the rewards obtained by this validator node. If the total validator stake is 45,000 DOT Joe will receive only one third. In this example, commission rate is not taken into consideration for illustrative purposes.</p><p>After raising the number of validator slots in the set, the barrier will decrease as well as the average stake among active validators meaning that the nominator's staking returns might increase even more.</p><h1 id="you-shall-not-miss"><strong>You shall not miss</strong></h1><p>Polkadot investors have been waiting more than three years for a return on their initial investment. Some are worried that locking DOT in staking can interfere with a quick reaction when DOT become transferable and appear on exchanges.</p><p>Enablement of transfers will be approved by the community of DOT holders via governance. The proposal will be voted for 28 days and if it is accepted, there will be an enactment period of 30 days before the upgrade. <strong><strong>Tokens of participants who cast a Yay vote will be locked.</strong></strong></p><p>In Polkadot, it is possible to vote without locking DOT in the enactment period, in this case, the weight of a vote will be decreased by 90%. There will be enough time to initiate unbonding for those who wish to fix a portion of DOT holdings as soon as possible. It is much more attractive than refusing three months of additional interest.</p><p>In addition, we will notify nominators about the most important milestones and provide individual assistance in our<a href="https://t.me/P2Pstaking?ref=p2p.org"> Telegram chat</a>.</p><h1 id="staking-in-polkadot-is-simple"><strong>Staking in Polkadot is simple</strong></h1><p>If you lack educational information and can't find guides explaining the required steps, read the detailed guides we have prepared to simplify the process:</p><ol><li><a href="https://p2p.org/economy/create-account-in-polkadot-network/">Create a Polkadot account</a></li><li><a href="https://p2p.org/economy/claim-dot-with-polkadotjs">Claim DOT tokens</a></li><li><a href="https://p2p.org/economy/polkadot-nomination-guide/">Nominate validators</a></li></ol><h1 id="about-p2p-validator"><strong>About P2P Validator</strong></h1><p><a href="https://p2p.org/?utm_source=blog&utm_medium=economy&utm_campaign=reasons_to_stake">P2P Validator</a> is a world-leading non-custodial staking provider with the best industry practices and proven expertise. We provide comprehensive due-diligence of digital assets and offer only top-notch staking opportunities securing more than 3 billion of USD value. At the time of publishing, P2P Validator is trusted by over 10,000 delegators across 25+ networks.</p><hr><p><em><em>Do not hesitate to ask questions in our <a href="https://t.me/P2Pstaking?ref=p2p.org">Telegram chat</a> or contact Alexey via [email protected]. We are always ready to help and open for communication.</em></em></p><hr><p><strong><strong>Web:</strong></strong><a href="https://p2p.org/?utm_source=blog&utm_medium=economy&utm_campaign=reasons_to_stake"> https://p2p.org</a></p><p><strong><strong>Stake DOT with us:</strong></strong> <a href="https://p2p.org/polkadot?utm_source=blog&utm_medium=economy&utm_campaign=reasons_to_stake">https://p2p.org/polkadot</a></p><p><strong><strong>Twitter:</strong></strong><a href="https://twitter.com/p2pvalidator?ref=p2p.org"> @p2pvalidator</a></p><p><strong><strong>Telegram:</strong></strong> <a href="https://t.me/P2Pstaking?ref=p2p.org">https://t.me/P2Pstaking</a></p>

<h1 id="cosmos-game-of-zones-phase-3-a-deceptive-rootchain-that-will-trap-your-tokens"><strong>Cosmos' Game of Zones Phase 3: a Deceptive Rootchain that will trap your tokens</strong></h1><p><em><em>For Phase 3 we prepared a specific deceptive zone whose purpose is to trap your transfers and let the zone ‘root’ users to claim them on the counterparty chains.</em></em></p><h2 id="evil-rootchain"><strong>Evil Rootchain</strong></h2><p>For Phase 3 we prepared a specific deceptive zone whose purpose is to trap your transfers and let the zone ‘root’ users to claim them on the counterparty chains.</p><p>That zone does not expose a vulnerability in IBC, neither it is something unexpected by people who made ICS: it’s merely an illustration of IBC threat model and how it can be used to steal user funds.</p><p>We modified <code>createOutgoingPacket()</code> function to work like that:</p><ul><li>user who has at least some root denom tokens (i.e. 1000root on balance) can create any outgoing transfers they want, even if they don’t have the required funds;</li><li>user who has no root tokens cannot transfer any tokens back to a source chain.</li></ul><p>Here’s the <a href="https://gist.github.com/vshvsh/88964912dbd389332c53bc239fb59168?ref=p2p.org">gist</a> of how it’s done, and the <a href="https://github.com/p2p-org/gaia-rootchain?ref=p2p.org">full project</a>.</p><p>So if someone was to transfer, say, doubloons to our deceptive chain, they couldn’t take it back - but any root user can redeem fake tokens for real tokens on an origin chain.</p><p>That means that a regular user who sends funds to a deceptive chain can’t cash them out on an origin chain - they’ve basically lost they funds. But it’s not apparent, because internal transfers on the zone work fine, and until a user tries to redeem the transferred token they won’t see any problems.</p><p>Moreover, malicious root token holder can redeem those tokens instead of an original sender or transferred token holders, and that wouldn’t be apparent too without aggregate analysis of all transfers across all channels.</p><p>We deployed it on responsible-3 zone (heads up: responsible was an approved sockpuppet account of p2p all along; it didn’t compete in earlier phases where scarcity and/or account throughput were an issue).</p><h2 id="demonstration"><strong>Demonstration</strong></h2><p>An unsuspecting user makes a transfer of 100 very valuable ptp tokens to responsible-3:</p><pre><code>&gt;rly tx transfer p2p-org-3 responsible-3 100ptp true cosmos16zx4s8nculu94vhm07fd3qlg8g7grtj0xk49dg I[2020-06-03|18:21:59.489] ✔ [p2p-org-3]@{50776} - msg(0:transfer) hash(962733C0568867D6F4EA70417EB1E747FCC136396E3E020D5351DAD011ACBE6D) I[2020-06-03|18:22:09.218] ✔ [responsible-3]@{50793} - msg(0:update_client,1:ics04/opaque) hash(87D2802713DB702334AB843CAD488841E5A3E1A7C95DCB0DA0344E5039A77674) </code></pre><p>They now have transferred tokens in the wallet, but can they transfer them back?</p><pre><code>&gt;rly q bal responsible-3 100transfer/fmqnwnlqii/ptp </code></pre><pre><code>&gt;rly tx transfer responsible-3 p2p-org-3 100ptp false cosmos16zx4s8nculu94vhm07fd3qlg8g7grtj0xk49dg I[2020-06-03|18:56:09.666] ✘ [responsible-3]@{51200} - msg(0:transfer) err(sdk:4:failed to execute message; message index: 0: need to be root user to send ibc source=false transfers: unauthorized) Error: failed to send first transaction </code></pre><p>No, they can’t. Here comes a root user:</p><pre><code>&gt;rly q bal responsible-3 100000000000root,975000rsp </code></pre><p>They don’t have any <code>100transfer/fmqnwnlqii/ptp</code> tokens, but they can redeem 100ptp on p2p-org-3 anyway:</p><pre><code>&gt;rly tx transfer responsible-3 p2p-org-3 100ptp false cosmos1hazzkmrvxcrxvxv98daslkw0a7uax5djqgn20d I[2020-06-03|18:58:41.425] ✔ [responsible-3]@{51230} - msg(0:transfer) hash(24456218B05964F3B7B57EFD1F25E2CEEDA9BAAEBC957D0A6E315D801929E093) I[2020-06-03|18:58:49.540] ✔ [p2p-org-3]@{51217} - msg(0:update_client,1:ics04/opaque) hash(769158A9735DF93496F08F631E5D1AB04CCF081DFC132700E25C970D33DF74DB) </code></pre><pre><code>&gt;rly q bal p2p-org-3 100ptp </code></pre><h2 id="conclusion"><strong>Conclusion</strong></h2><p>The prolonged existence of actively malicious “rootchains” is not realistic - people wouldn’t use it for anything - but we expect people might deploy temporary ones for fishing or scamming purpose when IBC connections are permissionless and IBC-enabled wallets allow arbitrary chains to be added.</p><p>More than that, any sufficiently complicated IBC-enabled blockchain can become a “rootchain” due to vulnerability, especially if we’re talking about complex smart contract chains and dynamic IBC like on Agoric or CosmWASM chains. Both trapping the funds on receiving chain forever or dishonest redeeming on source chain can be a result of an exploit on undertested code.</p><p>We think that the community should build tools for total supply observability across chains and means to swiftly stop IBC transfers with malicious or vulnerable zones or applications via governance to prevent user fund loss.</p><hr><p><em><em>The best way to support our contribution is to <a href="https://p2p.org/cosmos?utm_source=blog&utm_medium=economy&utm_campaign=phase3_post">stake ATOM with P2P Validador</a>.</em></em></p><hr><p><a href="https://p2p.org/?utm_source=blog&utm_medium=economy&utm_campaign=phase3_post">P2P Validator</a> is a world-leading non-custodial staking provider securing more than $3 billion by over 10,000 delegators/nominators across 25+ high-class networks. We've been validating in Cosmos Hub since the first day of mainnet. P2P Validator provides comprehensive due-diligence and invested its own funds in ATOM in 2017 intending to support Cosmos network in the long term.</p><p><strong><strong>Web:</strong></strong><a href="https://p2p.org/?utm_source=blog&utm_medium=economy&utm_campaign=phase3_post"> https://p2p.org</a></p><p><strong><strong>Stake ATOM with us:</strong></strong> <a href="https://p2p.org/cosmos?utm_source=blog&utm_medium=economy&utm_campaign=phase3_post">p2p.org/cosmos</a></p><p><strong><strong>Twitter:</strong></strong><a href="https://twitter.com/p2pvalidator?ref=p2p.org"> @p2pvalidator</a></p><p><strong><strong>Telegram:</strong></strong> <a href="https://t.me/P2Pstaking?ref=p2p.org">https://t.me/P2Pstaking</a></p>