The goal of this letter is to address concerns about EOS Block Producer compliance and standards and to invite those Block Producers who have not completed their contractual obligations.
First, a little background on contracts and EOS…
The promise of EOS is to provide an open technology framework for business to be conducted safely using blockchain. To provide certain guarantees, EOS has laws that are built into the code — for example: the EOS Constitution — which is an active set of laws applicable to all EOS token holders who use the EOS Mainnet.
EOS Ricardian Contracts (RC)
In addition to the Constitution, there are contracts that are tied to commands in the EOS system. These contracts are hard-coded into EOS, but they are written in plain text so that they are readable by normal humans.
Invented by Ian Grigg in 1996, this type of contract is known as a Ricardian Contract (RC). The Ricardian Contracts are special because they are signed by cryptographic signatures. Contracts are typically signed by parties putting a pen to paper, providing an ID, and having a notary who validates your ID co-sign the document. When a command is run in EOS, the cryptographic key of the account signs the relevant contract for that command — identification of the account and the signature of the account representative are validated by use of the key.
Most of the RCs (and the Constitution) are located in the contracts/eosio.system directory — these are contracts and laws that pertain to system actions in EOS.
Contracts Are Only As Powerful As Consequences
The contracts in EOS are legally binding and breaking a contract has consequences. If there were no consequences, then there would be no motivation to be accountable to the contracts — there must be skin in the game (risk of loss). Ian Grigg says “Skin in the game says that we need a method for Alice to hold Bob to account when he acts up.”
It has been over a month since the EOS Mainnet chain has been activated and it’s overdue that action be taken to get Block Producers in compliance with the contracts they signed. The BPs are the foundational members of the chain — and, as elected entities, they must be held accountable to the laws of the EOS Mainnet.
Block Producer Compliance to regproducer
Each Block Producer Candidate must register as a producer on the EOS chain in order to receive votes. The Ricardian Contract eosio.system-regproducer-rc.md is signed by running the regproducer command. This contract can be viewed here https://github.com/EOS-Mainnet/eos/blob/mainnet-1.1.4/contracts/eosio.system/eosio.system-regproducer-rc.md.
In order to be considered “compliant” with the contract, any Block Producer who has run regproducer and especially claimrewards to be paid for being a Block Producer is legally bound to the clauses outlined in the regproducer agreement.
It’s possible that BPs may not even be aware of the existence of any contract. Does that mean that they should not be responsible to those requirements? As Kevin Rose from EOS NY recently said, “Ignorance of law is not a defensible position after breaking the law.”
Block Producer Compliance Investigation
A community-run compliance investigation has been underway to identify paid Block Producers who are not currently compliant with their agreement. There are a few clauses of the regproducer agreement that can be measured technologically at this point — those clauses are:
Regproducer — Public Website
Each Block Producer Candidate must have a public website that is referenced when they run the regproducer command. That website should detail all of the disclosures here in this document. Almost all BPs have adopted the standard of using a bp.json file at the root of their domain to provide this information in a standard format.
I, {{producer}}, agree to maintain a website hosted at {{url}} which contains up-to-date information on all disclosures required by this contract.Regproducer — Ownership Disclosure
Block Producers must have a clearly defined ownership disclosure that specifically details all “beneficial owners who own more than 10% and all direct shareholders.”
I, {{producer}}, hereby agree to disclose and attest under penalty of perjury all ultimate beneficial owners of my company who own more than 10% and all direct shareholders.Regproducer — Public Nodes
All Block Producers must have public endpoints (the distinction between P2P or API endpoint is not specified in agreement, although it would seem that any good BP would provide both). In the investigation report below, we have identified many Block Producers who have neither.
<...>will provide a public endpoint allowing at least 100 peers to maintain synchronization with the blockchain and/or submit transactions to be included.Block Producers in Violation of Regproducer RC
As of 2018/08/05, the investigation team has made a list of non-compliant Block Producers and I am extending a request to give them until 2018/08/21 to resolve their compliance issues before further actions are taken.
I have created a gist of the report from a community audit of ownership disclosures and p2p/api nodes. A few notes about the report:
- This report was built using several online tools — including the EOS Nation Validation Tool and the AlohaEOS Validation Tool. In addition, BP websites were inspected to find details of ownership disclosures and/or links to their nodes. In some cases, BPs did not even have a public website that could be located.
- It’s possible that the audit was not able to locate either the disclosure or the nodes, but that they exist. If this is the case, then I would recommend each BP take action to get their bp.json files updated to make it easier to find their information.
- A “clearly defined” ownership disclosure is a subjective matter. In the report below, many BPs did not have any ownership disclosure. I recommend that each BP provide as much detail as possible to avoid any confusion about who the owners of the Block Producer. Once again, there is a standard (not a requirement) to list the ownership disclosure in the bp.json file. I recommend being very clear as to where that disclosure lives on the page of your website using an HTML anchor tag.
Any Block Producer on this list below with a “NO” in any column, will . have until 0:00 on 2018/08/21 to get compliant or face further actions. Please join this Telegram to discuss compliance issues.
Corruption and Bad Actors
Regarding corruption in existing systems, EOS lead developer Dan Larimer wrote that the big idea of EOS “is that we should remove all of the potentially corrupt people from the equation.”
Not all of these Block Producers can be assumed to be corrupt or bad actors in the system. Some of the ones who are not fully compliant have been major contributors to the EOS Mainnet. Others, who have been more silent, may not even know about the contractual obligation they signed since there is no requirement to read the code when you install EOS or run regproducer.
I took a step towards increasing the awareness of these contracts — I added a “Terms of Use” script to the eosio_build installation process. Now, when users install or upgrade EOS, they will consent to be held accountable to the contracts.
Conclusion
Whether previously understood or not, it’s time for EOS Block Producers to draw a line in the sand, to set a limit on tolerable disclosures and levels of service. The purpose of compliance and standards is to create a system that is secure, interoperable, usable, and reliable — not to make it more difficult for anyone to become a Block Producer.
On 2018/08/21 we will find out who wants to play ball and align with the Block Producers in honoring the laws of the EOS Mainnet and who wants to ignore the laws and take the risk of facing the consequences.
My intention is to “call BPs up” rather than “call BPs out” — the goal is not to embarrass anyone or set an example... Ideally every Block Producer fixes their compliance issues before the 8/21 and no further actions would need to be taken.
BPs — Please join this Telegram if you want to discuss compliance issues.
