What stops me from shielding too much?

I’m playing with the app, with zero balances, just to get an idea how this whole thing works.

I notice that if I select “Shield my crypto”, and pick XMR, I’m given a deposit address… and neither a minimum nor a maximum amount to send (oh, and I’m pretty sure that if I made the slightest error, like say sending twice, then any XMR I sent would be irretrievably lost, because there’s no way to refund it). If I choose plain old boring BTC, I get a minimum deposit amount, but still no maximum.

I believe that BTC and XMR are both custodial bridges, and that those deposit addresses are associated with individual custodians. So what happens if I send more than a given custodian’s posted bond, and why can’t I see how much uncommitted bond the selected custodian has left?

There’s apparently on the order of 12,000 XMR in the network. If I sent say in another 10,000 in one transaction, I think there’d be just about zero chance that whatever custodian received it would actually have posted a large enough bond to cover it under the 200 percent rule. The whole “trustless” thing would be totally blown. In fact, based on the volumes I’m seeing, I have serious doubts that most of them could even cover 1000 XMR, and I wouldn’t be surprised if a lot of them couldn’t cover 100 XMR.

As far as I can see, though, nothing would stop me from doing that, or even warn me that I should not.

Am I missing something here?


Hey @SokPuppette, it’s a really good question, thank you for raising that.

As you mentioned that Portals require collateralization according to the design. Collateral is a guarantee that any amount of funds can be moved out of the network at any time.

The designs and implementation of the bridges are really good. Even some of the Polkadot based bridges use those designs for wrapping BTC on their network.

Portal was successfully launched on mainnet and open for contribution, but the majority of users found running Nodes or Providing liquidity away more profitable and prefer to store assets there. This brings us back to reality and motivates us for redesigning bridges. For example, Portal v4 is designed in a way to exclude the coollatorisation issues as you pointed out, and make Incognito far more flexible.

What is that mean

While the next generation of portal is being built, the mechanism remains custodial.

  1. Incognito Core Team remains the main custodian for BTC and XMR bridge
  2. Incognito treasury (funds collected from fixed slots) remains “insurance” until the moment the Portal fully runs by the community
  3. Min limits required to cover TX cost from temp address
  4. Max limits haven’t been set
  5. Development of Portal v4 is kickstarted and if it will go well, we will switch all bridges (except smart-contract based) to this portal.

In terms of shielding BTC or XMR, with the current implementation, we generate a temp address for privacy reasons. If you send coins beside the rules they will not be lost but stuck in temp address (it’s recoverable).

In April, once Privacy v2 is live, the step with a temporary address will be removed. So all TXs either land on your Incognito either on your BTC/XMR wallet.


I hope I bring a bit more clarity on what is going on with BTC, XMR bridges. From the core team perspective, we do not have ambitions to control the bridges over time and we aim to release all components as soon as it’s technically possible.

In terms of shielding BTC/XMR now
You can shield any amount, provide liquidity, swap coins any to any, and unshield freely any time. It’s still not the final system we aim to build, but it’s a working system.

If you have a suggestion for any aspect that can be improved, feel free to share in this forum on in DM.


Excellent question - and excellent answer!! Thank you for the detailed reply.

Thanks for your reply, but (yes, there are going to be some buts)…

While the next generation of portal is being built, the mechanism remains custodial.

Incognito Core Team remains the main custodian for BTC and XMR bridge

So, in other words, everything that all of your promotional materials say about how you guarantee people’s money is false, and you haven’t felt the need to update any of them.

I spent quite a bit of time on your Web site and reading your materials, way more than most people would. I found absolutely nothing about the critical facts you just wrote.

I don’t actually think you’re trying to commit fraud there. I think you’re just being sloppy. Regardless, it does not inspire confidence. You are maintaining a very complicated system with innumerable moving parts, and a bunch of gateways to other complicated systems, and you seem to be adding more as fast as you can. Yet not only are you not documenting what you’re really doing, but you’re actively distributing false documentation. That’s a sign of an organization that is in way over its head.

If you keep operating that way, you’re going to have a major loss event, probably sooner rather than later. Why would anybody want to be part of that?

In terms of shielding BTC or XMR, with the current implementation, we generate a temp address for privacy reasons. If you send coins beside the rules they will not be lost but stuck in temp address (it’s recoverable).

I’m sorry, but I do not believe you. It is not possible for a Monero transaction like that to be “recoverable”.

By design, the Monero network prevents you from knowing where an incoming payment came from. Therefore you cannot reliably refund it to the original source. Anybody could claim to have sent any given payment and demand that you send it back. In many cases you might be able to do blockchain analysis to detect a false claim… but not in all cases. Somebody could legitimately own one of the mixins. And doing that analysis would require a bunch of skilled effort; for a small transaction like most of the ones you actually have, it wouldn’t be economically viable. And doing the refund to an address you could actually validate by chain analysis would require custom software.

That’s why every other system that exchanges Monero demands that the user provide a refund address. Your not demanding a refund address is another sign of sloppiness and/or cluelessness.

Everything I’m seeing here is telling me that you’re overwhelmed by what you’ve bitten off, and trying to “fake it until you make it”. That is not something you can do with money.

Good luck…


Your funds are recoverable the other way around. They will not be refunded to your Monero wallet but will end up in your Incognito wallet.

I agree on not liking it too much to see the team chase everything thrown at them just to become more “like other systems out there”, to become what people expect. Stay close to your initial idea, and start focusing on people being able to use pTokens instead of walking in and out to spend the original token.

That said, I have faith in the team to do the right thing. Despite money being involved, I am not worried.


Umm there’s an insurance fund? Since when? Documentation on this?

1 Like

Well with “recoverable” what i believe Andrey was referring to is that it can be processed to your incognito account. Since Incognito users temporary addresses for you to move your XMR to, if you send various XMR transactions to the same shield address, technically you are just sending 2 transactions to the same address. In this case, since we have both of the transactions in the same address. We can push both transactions to your incognito wallet. This is similar to all other currencys we support not only XMR. With that said, a Refund is something different. We are not sending back funds to the XMR address we received funds from.


Great! And why aren’t you worried? Do explain!

Like I said, I trust the team.

1 Like

@andrey…it is good to see you there and the answer you gave in reference to the BTC / XMR issue was clearly and logically explained…thank you once again… :sunglasses:

Cause as @Jamie just stated…helllooo…@RobynFitzooth…she trusts the team…I am sorry but it is to my disbelief just how much disbelief or lack of trust I have come to see a few members around the forum here express about the project or team members…and well it’s been my experience that members creating such issue and drama tend to either just wish to disrupt a project or wish to have more unwarranted influence over a project…To be honest for those of you who have had such reservation, cause for concern, or just plain doubt in the project…well then move along…check out one of many many other projects currently running in the crypto-verse and try your luck with them and stop creating the disruption and drama for Incognito cause really many of the moderators, dev team members, builders, and members have more important and worthwhile things they would rather be doing than dealing with those of you…and let’s not kid each other we know whom they are that persist and keep with the nonsense…nuff said :100::sunglasses:


Hey @SokPuppette once, in a while, we have such discussions and each time it helps us to make important improvements, so I do appreciate your input.

We definitely should do a better job with documentation and promotional/explanation materials, those things we aware of and work on improvements. Help us to prioritize up the most important. At the same time, all the tech info we publish on the forum doesn’t contain false info. Everything can be and should be verified.

Once again, if there is a way we can do things better we are always in listening mode.

@Matt6412 it’s not a dedicated product. Can you be more specific about the kind of information are you looking for?

@Tempestblack I have to agree that a drama is just a way to waste time. At the same time, reasonable concerns help to see the situation from a different point of view. For example, @SokPuppette gave us good reasons for “what stops him from shielding too much”. I think we need even more feedback in terms of what stops Incognito pDEX or Wallet from being world-class products.


Hiya @andrey it is good to hear from you and I hope all has been going well for you as to the raising of valid concerns at times like in the instance with @SokPuppette…indeed it was a valid concern they raised and once again thank you for having given them and the entire community a valid and clear answer…and yes many a moment or instance comes along when good discussion and feedback is so necessary and important that they take place here within the forums but indeed likewise @andrey I have also seen some topics just be beaten to death or rehashed like insane but some who like to just make drama and well it really takes energy away from the project…anyway…bottom line is that the project is doing great and thank you for your fine leadership along with the others… :sunglasses:

1 Like

Welcome to the community! Great name! Hah