Critical analysis of Incognito

A developer by the name of Zack Hess sometimes does analysis of other projects though he can sometimes be overly harsh. He recently reviewed Incognito and I was curious if what he is describing is possible? If so, is it very likely?

1 Like

Zack’s analysis is a bit thin.

In order for the validators to not be incentivized to steal the funds, the validators need to be receiving enough fees so that the long-term expected profit of fees exceeds the short term profit of stealing the collateral from the custodians or stealing the wrapped bitcoin from the traders.

Validators do not have access to the “wrapped bitcoin” of traders. Traders control the private keys of their “wrapped bitcoin.” The function of a validator is to … validate … a transaction on the Incognito blockchain. In theory – a rather bold malicious validator could alter a received, unvalidated transaction, replacing the destination address with one they control. However that is not enough to hijack a trader’s “wrapped bitcoin” in transit. We’ll gloss over the myriad technical hurdles inherent in doing this. The “validated” transaction would ALSO need to be validated by 2/3 of the committee validators to be successful. Committee participation is by random selection per epoch. A malicious actor would need to control an overwhelming number of available validators to ensure at least 2/3 of selected validators are under their control thereby enabling an attack. This would be massively expensive, exceeding the market cap of the PRV supply and also massively fragile as there is no way to control or influence the random selection of validators. Furthermore “wrapped bitcoin” is only useful on the Incognito network – pBTC cannot be traded or utilized on any other network. Thus a malicious actor would need to further maintain control of the network to unshield all that “wrapped bitcoin” to make the effort profitable.

So the incognito developers can steal the the collateral from the custodians. In order for the developers to be incentivized not to steal this collateral, they need to receive enough fees so that the long term expected profit of fees exceeds the short term expected profit of stealing the collateral. The cost of these fees makes the system prohibitively expensive.

The collateral is held by a smart contract. The devs would (again) need to control 2/3 of the committee validators to first successfully validate a malicious liquidation event on the bond smart contract and then validate transactions redirecting the liquidated collateral to an address they control. Technically possible at the moment, but will become a decentralized impossibility once the fixed validators are released later this fall.

It is important to remember that the dev team has a financially vested interest in faithfully and honestly maintaining the network presently. They self-funded startup costs by purchasing $1MM of pre-mined PRV at a price of $0.20. With the current price of PRV at $3.31, that represent an unrealized gain of 16.5x today. Furthermore 80% of that is time-locked for 5 years, IIRC. It is this time-locked tranche of PRV that incentives the devs to remain honest (no rug pulls) while the network transitions to full decentralization – not “prohibitively expensive” “fees” as Zack writes.


Now that is the way to set them straight!!!..heck yea…thank you @Mike_Wagner good job… :sunglasses:


Amazing response, thank you very much!


Can you help to answer my question here;

It can’t be right, but maybe you have a bit more insight on what goes on

@Mike_Wagner I’m pretty sure the custody of funds is separate from the validation of transactions on the incognito blockchain. Currently all funds are held by the team (perhaps a more critical point). They were planning to move to custodians but now they are moving to a multisig with unnamed and unknown people/entities controlling it.

That being said, I think the team is worth trusting. Privacy is the first stated goal, which is being accomplished.


You mean like the fixed validator spots currently in use?

I’m not trying to FUD, I’m just pointing out that currently 22 of the 32 validator slots per shard are controlled by a single entity. This is more than the 2/3 needed, and until these slots are released this part of his argument, while improbable, should still be considered.


I know. I was refuting Zack’s analysis that suggested validators could “[steal] the collateral from the custodians”.

I mentioned it.

Thanks for your following Incognito, @JohnWayne.
First, you can see more detailed information about Bridge v3 and Bridge v4 through these below links:

Second, we want to give you some explanations about our protocols.

Bridge v3 protocol:

  • Its design is completely decentralized with the custodian pool approach. It means public tokens of users who want to shield to Incognito are held by some custodians (not a centralized wallet). And the custodians must send back these public tokens to users when users request unshield. If not, the custodians will be liquidated their collaterals automatically.
  • Currently, all logic of the bridge is handled by beacon validators. However, we haven’t released beacon validators to communities in order to make sure the network runs stably. We will try to release nodes when we have the slashing mechanisms.
  • Price oracle: Incognito feeds exchange rate for Bridge v3 to avoid attackers submit wrong rates now. We’ll improve the price oracle more secure and more decentralized later.

Bridge v4 protocol:

  • We use multisig wallet for fixed beacon validators. Although it’s less decentralized than v3. But it’s more decentralized and more secure than the current centralized bridge.

We always try to bring the best secure and decentralized protocols possible to users. Thanks all.