I agree, and appreciate your sharing your experience.
The migration is gonna be maximum 
2 Likes
Thank you for bringing this back to the forefront of discussion. In full support of a more minimal Cosmos Hub by removing the LSM.
4 Likes
What’s interesting to me is the lack of discussion by maintainers.
It is quite surprising to me to hear the total silence. You’d think that this would be something that matters to them but that really doesn’t seem to be the case.
Some examples:
- You’d think that informal would care, or at least, react
- You’d think that ICF security team hand picked by Ethan Buchman and strongly endorsed by him, would care
…but it doesn’t seem so.
Then again, I certainly can’t say anyone cared about liveness, or about other security issues.
I do so want the hub to do well, but have a hard time seeing that happen when the community learns of stuff like this via Coindesk – or at all – instead of it just being handled.
Or even, the silence of the validators.
It’s… Interesting
3 Likes
Hey @jacobgadikian,
First we’d like to thank you for bringing concerns related the LSM to the attention of the community.
These are concerns that we shared at AADAO since the findings of Sam Kessler were made public. Which is why on the 2nd of October, in collaboration with Informal, we started working on getting the LSM audited.
The Informal team has quickly put together an audit scope which was shared with reputable auditing firms as an RFP.
Atom Accelerator is commissioning a team to audit the LSM, via an RFP grant. The audit will take place as soon as possible, and audit results will be shared with the community once they are available for public release.
We understand that pushing for the removal of the LSM at this point might seem like the right approach but it is our opinion that an abrupt shut down will currently cause more harm than good given how many applications heavily rely on the module presently.
Instead, we think that proceeding with the audit and applying any potential fixes will be more effective in the short term. After which, and based on the findings, the community could discuss plans on how to move forward with the LSM in a more constructive way.
2 Likes
I think that there are two potential solutions and neither involves allowing north Korean code on the hub
- remove
- refactor so there are zero lines of north Korean code on the cosmos hub
Nothing else is acceptable here.
There is no productive way to move forward with code written by the north Korean military.
All of it must be removed.
2 Likes
So now I have to check a cosmos rescue tool if somebody hasn’t flipped it on my behalf? Just stop adding nonsensical features that only reduce security and add more monitoring burden. You should be planning your trading months in advance. If you really need to liquid stake like right now, you probably shouldn’t be doing it. You are doing this under stress and haven’t thought through your decision.
4 Likes
Utilizing staked ATOM for liquid staking should not exist. Removing the LSM asap and reverting back to a more minimal Cosmos Hub, to maximize security, should be the priority.
2 Likes