Question about the Grin++ audit

The other day @JustAResearcher asked questions on keybase that have come up from time to time (quote below, em mine). I tried to answer these extensively, and am now cross-posting these on the forum for visibility and posterity purposes. So that next time someone asks, there is a resource to refer them to.

keybase://chat/grincoin#general/9641

justaresearcher
01:23 - Yesterday
Question: with us not having an official GUI wallet why don’t we fund ironbelly and grin++. Especially grin++,as it’s one of the most used wallets and nodes in the ecosystem. Think David requested money for an audit but was rejected. Why is this?

keybase://chat/grincoin#general/9703

lehnberg
09:20 - Yesterday

You ask questions that mandate long answers. I’ve not run this past the core team, and I’m writing based on my own personal recollection of things. If anyone feels like I’m misrepresenting something, you can correct me below.

Regarding the Grin++ audit:

David reached out informally (to me in DMs) to ask about what the core team’s opinion on funding his audit was before submitting an actual funding request.

At that point, I made a first mistake by responding in private. Instead I should have encouraged David to make a public funding request like anybody else so that it could be discussed it in the open with the rest of the people (on Gitter at the time) during one of our regular meetings. So that individual core team members can express different opinions (instead of me giving a single collective answer), so that other people than only the core team could have had a say about it, and so that there would be some actual documentation for posterity reasons. So you and the other people who have wondered about this over time could read the meeting notes and get insight. I regret not doing so, in hindsight it feels so obvious. I try to avoid entertaining such questions in private nowadays.

But at the time, which was more than a year ago, I did, and we did. We felt we wanted to focus the funds we had (which I think was ~ $400k worth but might be wrong), on making improvements to the Rust codebase. It wasn’t clear how long those funds would last, how the price of BTC would move, or that we were to get a second coinbase donation. We didn’t feel at all like we had an abundance of funds. It still doesn’t feel like that to me for what it’s worth, but it’s certainly a better picture today than it was a year ago. The audit budget was sth shy of 10% of total funds, and it didn’t feel like it was the right use of the funds we had.

Some of the points we qualified that opinion with:

• We had just completed two major security audits of the Rust codebase (and paid a lot of money for one of those) and were only a few months post launch.

• when the C++ implementation was first announced, there was a lot of skepticism about the rationale for creating a different implementation in a language had the memory safety issues Rust tries to solve for, and that led Grin to be written in Rust in the first place. I don’t know if you can imagine how it feels when someone first takes a codebase in Rust and rewrites it in C++, and then asks the Rust maintainers to fund the security audit for it. It’s really hard not to be trolled by that, even if I’m sure David didn’t mean it this way!

• there was also the question of setting a precedent. At the time, the grin++ codebase was a few months old and had been written by one person singlehandedly. An impressive feat by any measure, but what happens the next time someone writes a Grin implementation in Go? Or python? Or Javascript? Are we supposed to fund audits for those as well? What are the criteria supposed to be?

This was some of the thinking we had. We were not unanimous or feeling all equally as strong about them. But ultimately we encouraged David to ask for funding from his community of users instead.

On the one hand, I’m glad this turned out really well for David; He received full funding and was able to do his audit, and it also led to his future work on the Litecoin mimblewimble extension blocks. In total, more funds were raised that was put to use for Grin related development. And reading the audit results, it also looks like it was really productive to have an audit as a lot of improvements were identified.

On the other hand, knowing the schism it created between the core devs and grin++, it feels like we (and by we I mean mostly me), could have handled that better from a strategic point of view, and that’s my second mistake. Rather than acting out of principle and the logic outlined above, I should have given more consideration to the value in supporting the wider ecosystem.

Hindsight is 20/20, knowing what I know now, I would have tried much harder to find a good faith compromise. One where David and Grin++ would have gotten some kind of support, without establishing bad precedents for the future.

Hope this answers the audit part of your question! Regarding funding wallets, please hold the line…

For the answer related to funding of wallets, please see Question about funding GUI wallets like Ironbelly or Grin++

I’ll tell you more, this Grin++ wallet will stop being updated without funding in a few years, and you won’t be able to support it, in fact, it’s a waste of money.

If a person wants funding, let him make an official grin wallet and not some kind of his own version of grin++

why are you so sure? I would like to know

It’s simple

1. Man designs wallet one
2. It will take a little time when he gets tired of doing it for free
3. Ask yourself a question will you yourself work for free?
   or study someone else’s code in another language so that it does not bend.
4. I’ve already seen this in zcash

All unofficial zcash wallets have been migrated to their own altcoins.
Therefore, I think that whoever does grin++ will eventually create his own altcoin and this wallet is only a temporary development for his own cryptocurrency.

Specific donations to wallets/features developments could fix this, I think.

@lehnberg Good that you documented your considerations from that time, which I think some of us consider some of the darker days for Grin. Lessons have been learned I hope.

I completelely understand the hesitation to fund C++ based wallet which is indeed infamous for its memory security issues, even though I was personally in support of funding the security audit for Grin++ simply because it was and still is the go to wallet imolementatiion for me.

As far as I understand, the core wallet API did not have what it takes to power Grin++ when David developped the software. This brings me to the question that came to mind. Does the core wallet now have what takes to be implemented as backend to a GUI wallet like Grin++? Maybe @david or @davidtavarez can best answer this question.
I do not think it is perse bad to have two node implementations, one in C++ and one in Rust.
I do however think that in the years to come some convergence (guilty of being an Ubuntu & Unity groupy) might be desirable. Maybe in the future both backends can power Grin++. I know David and the core are not on hugging terms and might never be but from an outsiders point of vieuw moving to convergence, e.g. improving the API to facillitate everything Grin++ as wel as keeping the Grin++ GUI open for any backend, will be good for Grin. Just my personal thoughts, feel free to shoot me or vent any residual resentments from the past dark days😛.,

Yes, both Ironbelly and Niffler are examples of GUI wallets that use mimblewimble/grin-wallet. Niffler recently announced a new version with slatepack support. Being able to connect grin-wallet to a GUI is not something new, it is something that has been supported since before the launch of mainnet.

No coin control, but there may be other features that also only exist on grin++

CoinControl and multi-wallet support come to mind, and many of the APIs are not performant enough for the current UI. There may be one or 2 more. But yes, for the most part, Grin++ could be slimmed down to something that uses the grin-wallet APIs. The APIs are much nicer than they once were.

If anyone is looking for a fun project, I encourage them to fork the Grin++ UI and make it work with grin-wallet.

Non-sense. I offer free hugs to everyone.

the possibility is open, actually the only thing that is needed is to write an API service in Typescript to consume the endpoints from grin-wallet; anyone is free to fork the UI repo: GitHub - GrinPlusPlus/GrinPlusPlusUI

And if not that, we could always use help addressing the issues David outlines:

If you can help, feel free to submit a PR and improve every wallet that uses the grin-wallet backend in one go.