Callisto Network Whitepaper

Sunday, July 15, 2018
Download document
Save for later
Add to list

Callisto Network Whitepaper Revision 1.3, 10 June 2018, Dexaran, ​Ethereum Commonwealth co-authors : Methw, Crika-Ivan; Callisto Team This document is intended to formally describe the features and concepts of the Callisto (CLO) cryptocurrency and thoroughly explain the technical details of the Callisto Protocol, Cold staking, Official Smart-contract Auditing Department of CLO & ETC.

Abstract A cryptocurrency (or crypto currency) is a digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets. Cryptocurrency mainly uses decentralized control with all transactions recorded in a database called Blockchain. The first decentralized cryptocurrency created was Bitcoin in 2009. Since then, the crypto world has grown exponentially in the last couple years. Massive adoption of blockchain technology cannot be evaded in the coming years as cryptocurrency is becoming increasingly easier to access and own. There are at least 1500 cryptocurrencies currently in the market. One of these is Ethereum. Ethereum implemented a decentralized platform that runs a smart contract, which is a decentralized application that runs on blockchain. Callisto Network is a project of Ethereum Commonwealth that’s been researched and designed, and has developed a reference implementation of a self-sustained, self-governed, self-funded blockchain ecosystem. It also improves the security of the ecosystem of crypto industry by improving smart-contract development methods and environment. Another goal of Callisto Network is the implementation of experimental protocols, which are a combination of core features implemented in smart-contracts and merged protocol-level configuration. An important point is the ability to implement key platform features using built-in mechanisms: ie smart-contracts. Callisto Network aims to define and standardize protocol for a reference implementation of built-in cold staking, governance system and a development funding mechanism based upon smart-contracts.

Callisto Network Overview Callisto Network is a decentralized open source crypto platform based on go-Ethereum source code with its own cryptocurrency ‘CLO’. The main goal of Callisto is to research and develop a reference implementation of a self-sustaining, self-governed, self-funded blockchain ecosystem and development environment. Callisto aims to establish a secure and contribution-friendly environment for further protocol development and improvements. It will rely on a built-in system of smart-contracts to achieve this goal. One of the main problems of Ethereum smart contracts is the lack of tools to make them secure. Smart-contract hacking results in millions of dollars of lost revenue for the whole ecosystem. Callisto Network is intended to solve this problem for CLO and ETC ecosystems with an "Official Smart-contract Auditing Department of CLO & ETC". This represents a completely free opportunity for a professional smart-contract developer to audit their smart-contract. Another problem of each progressive blockchain is the protocol update that needs Blockchain Hard-fork. Hard-forking is a stressful process for mining pools, exchanges and other network participants. Callisto Network seeks to mitigate hard-forking with establishing ​2 planned hard-forking dates​: ​11 November 2018 and 11 November 2019​ . Each protocol update should only be performed on one of these days. This approach allows each member of the network to know about upcoming updates and to prepare in advance. If the specific protocol update code is not ready to implement at the time of the planned hard-forking date, then it should be delayed until the next one.

Official Smart-contract Auditing Department A standard procedure of secure smart-contract development for the ETC & CLO ecosystem will be developed. This standard procedure will include auditing of smart-contracts. Usually, auditing is quite expensive and some developers neglect it before launching their smart contracts. Utilizing capabilities of the Callisto Network, we aim to establish a free-for-all system of smart-contract auditing. 1. A registration of audited smart-contracts will be created. Every smart-contract that successfully passes the security audit will receive an official audited status. Otherwise, the contract will remain non-audited by default. 2. Everyone will be allowed to submit auditing requests and this is completely free for smart-contract developers. 3. A full-time team of smart-contract auditors will be hired to review each request for a smart-contract. This takes time, but it is better to do this than to launch a smart-contract with a critical vulnerability that will result in millions of dollars with the potential to be lost or stolen. 4. Smart-contract auditors will be paid with CLO from the Callisto Network treasury funds. 5. ETC and CLO smart-contract auditing requests will be accepted for free. We aim to improve the security of ETC ecosystem. This is even more important since we plan to implement Callisto Network core features with built-in Callisto capabilities i.e. smart-contract systems.

Callisto Auditing Procedure This represents an abstract set of rules that can be implemented in solidity smart-contracts and serve to ensure a transparent process of smart-contract audits in a decentralized community. Abstract Smart-contract security is critical for most blockchain DApp development platforms. The main goal of this organization is to improve the security of the Ethereum Classic and Callisto ecosystem by providing free security audits for smart-contract developers. The smart-contract auditing organization is scalable, which means it allows to hire, manage and pay security audits of any smart-contracts written in any language depending on demand and community needs.

Structure There are two types of participants in the described organization: M ​ anagers and A ​ uditors​ . The main task of a manager is to control and verify the work of the auditors. The main task of an auditor is to review the code of smart-contracts and submit r​eports​. Auditors receive k​arma for reviewing contracts. They also receive penalties for making mistakes. These statistics reflect each auditors results and determines their reward. Both managers and auditors are paid from Callisto treasury. The audit process will be managed through GitHub so that it will be transparent and available to everyone. A smart-contract developer should open an issue to submit his/her smart-contract for auditors to review. At this point the manager will verify the security audit request details and mark the issue as approved​. The manager should not mark dummy requests; requests that aim to spam the security audit queue or any requests that do not meet coding standard requirements. These requests will not be processed, and once these are identified and removed, every auditor will start reviewing the code. An auditor with a contribution in the code review of a certain contract must create a p ​ rivate gist and send the gist URL to the corresponding issue manager via email​ . E-mail address of each manager or auditor is transparent and available in the smart-contract of this organization.

Rewards Security Manager will always get paid regardless of their activity, but they are controlled by Cold Stakers’ voting (or the security department owner manual control during the debugging stage). Average community members won’t know details and specifics of the security auditing process, thus Cold Stakers can’t verify or control the activity of security auditors. This is the purpose of the security audit organization Managers. We rely on the assumption that average community members can verify managers activity and determine whether a manager is malicious or not. If it is identified that the manager is not acting as they should, or is not working for a significant amount of time without any explanation, then they must be dismissed via the Cold Stakers voting (or security department owner manual control during the debugging stage) and another manager will be elected. Auditors are paid depending on their activity summary. An auditor is marked as ​active ​when he/she is submitting a report. After a certain amount of time, the status is removed. Top active auditors with the highest amount of "karma" are active ​ paid depending on budget. Smart contract systems can be different in complexities. The length of a bytecode of audited smart-contracts compiled with ​0.4.20+commit.3155dd80 compiler without optimization used as a measure of contract complexity and auditors karma coefficient calculations.

Flow of Auditing Registry

Flow of Auditing Registry

Flow of Auditing Registry

Step by step interaction with auditing registry ● A smart-contract developer will need to submit an a ​ udit request issue​. ● Auditing organization manager verifies the auditing request and will set an approved​label. ● Auditor selects the audit request. In most cases 3 code reviewers are sufficient. In the case where a smart-contract system is complex, it may require more code reviewers. ● Security Manager replaces a ​pproved label with an i​n-progress label. After that, the issue is still available for picking. Submitting the audit report for this issue will not affect the "active" status of an auditor. Thus, reviewing the contract code will still make sense for a beginner to increase "karma" and earning experience, but we can avoid a situation where the whole team is working on a single contract with other audit request’s remaining in pending. ● Auditor creates a private gist. Then he/she submits a Keccak-256 hash of the gist link to the contract by the ​submit_report​function. Example: The gist link is​​​. ​The hash of this gist that needs to be submitted to the contract is 026c43a23ba6a331739fe8d066b9bd1a6eac53982358aa3ff7cb5d0301712d2d​. ● Auditors deliver the private gist link (report) to the manager off-chain. An auditor must not publish the report gist link which is a pre-image of the gist hash that was submitted to the contract. ● Once the manager has received a link to the private gist, the auditors can start reviewing the code and reporting findings in their private gists. ● Once all auditors have finished, Manager’s must review and compare all their reports. ● If one of the auditors has not described and identified vulnerability but others have identified one, the Manager must assign them a penalty, thereby increasing the "errors" property of the report. ● Manager ​signs​reports. ● Manager r​eveals reports. Once reports are revealed the gist links are publicly accessible so that everyone can observe the work of managers and auditor’s. ● When the audit report is revealed the report author will receive karma bonuses, error penalties, and a​ctive​status.

Callisto file system Callisto File System solves a problem of independent and securely storing an archive of security audit reports. The main purpose of this file system is to provide an opportunity to upload, store and view security audit reports, independently from any third-party services. At the same time, the Callisto file system enables users to store custom files in a distributed storage maintained by elected Callisto IPFS-host-nodes. The system can be scaled depending on demand. Alternative solutions: Filecoin, Maidsafe, Siacoin, and Storj Filecoin is a decentralized storage network created by the team behind IPFS for the purpose of incentivising the storage of files on IPFS. This protocol creates a blockchain that utilizes the latest advancements in cryptographic proofs to generate trustless proof-of-storage and proof-of-replication. The protocol then incentivises individuals to run auditors that spot-check storage providers. Filecoin is the currency that storage providers are paid when someone wishes to store or fetch a file from the network. The underlying idea is that there are vast quantities of unused storage sitting on home computers and servers around the globe. Filecoin aims to enable the owners of this unused storage to monetize it, while eliminating any need for 3rd parties to trust the storage providers, or vice versa. The model adopted by Filecoin is similar to other decentralized storage solutions such as Maidsafe, Storj, and Siacoin. They all attempt to collect micropayments for both the storage and retrieval of data, and they all create their own dedicated currency. Furthermore, all of these products target home computer storage providers renting out space located behind slow internet connections. Lastly, they all require users to continually purchase cryptocurrency to pay for storage and bandwidth. This means the files may not be available for the general public to access for free via their browser. The cost of storage and bandwidth on these networks may be higher than that offered by cloud service providers such as Amazon S3. For example, at the time of this writing, Storj charges $0.05 per GB of download whereas Amazon charges $0.01 per GB downloaded. Storj charges $0.015 per GB per month whereas Amazon charges $0.0125 per GB per month for infrequently accessed storage (Glacier). It is not clear that the designs of Filecoin, Maidsafe, Siacoin or Storj scale up to many users and many accesses. As the number of users and files grows, the number of recurring payments will also grow. This will place increasing stress on their single-threaded blockchains as the base transaction load grows just to maintain the status quo. Users wanting to store files will need to set up their own server to make automatic crypto payments or they will have to log in every month to do it manually. The overhead of zero-knowledge proofs and spot checks consume bandwidth and CPU resources whose cost may be greater than the actual cost of the storage and bandwidth being managed.

Ethereum: SWARM Swarm is a distributed storage platform and content distribution service, a native base layer service of the ethereum web 3 stack. The primary objective of Swarm is to provide a sufficiently decentralized and redundant store of Ethereum's public record, in particular to store and distribute DApp code and data as well as block chain data. At the moment of writing, SWARM is still in development. SWARM suffers the problem of micropayments, which does not have an effective solution in systems with non-zero transaction fees. EOS.IO Storage EOS.IO Storage is a proposed decentralized file system designed to give everyone the ability to permanently store and host files accessible by any web browser. Unlike some other proposed alternatives, there would be no upfront fee or ongoing charge for storage or bandwidth on EOS.IO Storage aside from a completely refundable deposit. Users must hold tokens while they need storage and bandwidth and may sell tokens when storage and bandwidth is no longer required. A filesystem smart contract, @storage, is deployed to the EOS blockchain, this smart contract allows every user to define a directory structure where all files are links to an IPFS file. A user creates a link to an IPFS file by signing a transaction that is broadcast to the EOS blockchain. The transaction includes the path relative to the user’s “home directory”, the corresponding IPFS file name, and the size of the file. The user also specifies whether they want the file be stored and hosted by the EOS block producers. The user will then upload the file to one of the block producers via standardized APIs defined by the EOS.IO Storage software. Once the producer verifies the file has the size and the IPFS name indicated by the user, the producer will broadcast a transaction to the EOS blockchain indicating the file has been received. The other block producers will then replicate the file over an IPFS network. The EOS.IO file system was used as a basis for the development of Callisto file system.

Callisto file system implementation EOS.IO file system relies on EOS block producers which should maintain the storage. Since there are no block producers in Callisto, it was decided to allocate part of the Treasury budget for the payment to IPFS-host-nodes which will maintain storage at Callisto. IPFS-host-nodes will be elected and paid through Treasury proposals. The number of IPFS-host-nodes, amount of payment and minimum amount of storage will be determined by voting of Cold Stakers. Callisto file system relies on ​CallistoFS.sol core smart-contract (​source code​ ). A user can create a link to the IPFS file name by invoking the u ​ pload() function of the smart-contract and providing a refundable deposit in CLO. Then the user should upload the file to one of IPFS-host-nodes. Once the ​FileUpload event have been emitted, each host-node should verify the file and replicate it if the payment condition is met. A file is guaranteed to be stored until the deposit for the file is at the contract. A user can withdraw the deposit at any time. After the deposit has been withdrawn, file storage is no longer guaranteed. Each elected IPFS-host-node will receive monthly salary for maintaining the storage. If one of the nodes does not work correctly, fails to provide a file or maintains a bad connection, then another node can be elected to replace it. IPFS-host-nodes can receive different salaries depending on the quality, volume of their storage and statistics of processed requests. For each node, an individual Treasury Proposal must be created and the decision for electing/removing a node is separately made by Cold Stakers. The amount of storage available per CLO is determined using the Bancor algorithm that maintains a Constant Reserve Ratio (CRR) of 10. A CRR means that the storage will never be completely consumed, as the price (locked CLO per megabyte) will rise as free capacity shrinks. Price = Balance / (Supply * CRR) Where: ● Balance ​is the total amount of storage consumed ● Supply ​is the total amount of storage the host-nodes physically have ● CCR ​is the constant (10 in EOS and CLO)

Initial launch stage At the first launch of the Callisto network, there will be no treasury smart-contract deployed. The purpose of this is to establish an official auditing team and depend on audited contracts for further upgrades. The Callisto development team will receive the full amount of the treasury fee at this stage of progress. 20% of the initial treasury funding is allocated to the Callisto team to finalize the defined goal and establish a final version of a Callisto Network treasury contract. 10% of the initial payment for the treasury will be held by the Callisto Network team and deposited into the cold-staking contract after the Callisto Hardfork No. 1 (that enables cold staking protocol). The total treasury fee at this stage is 30% which includes: ● Development funding: 20% ● First Stake allocation: 10% The Callisto development team adheres to a policy of complete financial transparency. Funding distribution will be as follows during the initial launch period: Yohan Graterol: ​ 0x4667d0c30E6f58ef935ddAb560d41E030E4d2AeB Dexaran: 0x01000b5fe61411c466b70631d7ff070187179bbf ​ Carlos Sampol: ​ 0x37006d230C9b0dA7A00011Efb1Acc3388fbD3c6A Callisto treasury: ​ 0x74682fc32007af0b6118f259cbe7bccc21641600 The rest of the Callisto treasury funding will be allocated to the Official Department of Smart-contract auditing for ETC & CLO. - Yohan Graterol, CTO and Co-founder, rewards per month: 500,000 CLO - Dexaran, CEO and Co-founder of Callisto, rewards per month: 500,000 CLO - Carlos Sampol, React developer, rewards per month: 150,000 CLO

Planned hard forks. Cold staking stage The planned Callisto hardfork No. 1 (11 November 2018) enables the cold staking protocol. 10% of the total volume of CLO emissions for the entire time of the initial stage of launch will be deposited into the staking contract. This allows early cold stakers to receive an initial reward as if they were staking during the initial stage. The First Stake offers the highest reward for the earliest stakers. The amount of staking reward will decrease with time to the normal staking reward amount of 20% of treasury pool. Total treasury fee at this stage is 30% which includes: ● Development funding: 10% ● Cold staking allocation: 20% Final stage The planned Callisto hardfork No. 2 (11 November 2019 - this may be delayed) enables a governance system. Cold stakers will be allowed to participate in proposal submitting and proposal voting. A development proposal that has been approved by cold stakers voting will receive funding. The Callisto team and the Official Smart-contract Auditing Department will operate through proposal submitting at this stage. Total treasury fee at this stage is 30% which includes: ● Treasury allocation: 10% ● Cold staking allocation: 20%

Callisto development The Callisto project is open source and open for contributions. There will be a Callisto development team at the early stages of the project. The Callisto development team is responsible for the implementation of the core features of the Callisto ecosystem, that will enable it to be a completely decentralized and self-sustaining network. Further development will become completely decentralized once a Callisto treasury smart-contract is deployed. Further development goals and roadmap milestones would be defined through the Callisto treasury smart-contract. The development and implementation of these milestones will be funded through the Callisto treasury smart-contract as well. Every participant of the Callisto network that holds CLO can become a cold-staker. A Cold-staker is an account that has locked its funds in the Callisto treasury smart-contract for 1 month or longer. Each cold-staker account can participate in the decision-making process by submitting a development proposal to the Callisto treasury smart-contract or voting FOR or AGAINST already existing proposals. Cold stakers will be compensated for being CLO holders and participating in the Callisto development governance with a portion of the CLO treasury. The total amount of CLO allocated for each cold-staker depends on the total amount of cold stakers that are currently on the Callisto network. Cold-staking does not require an account owner to run a full node. It is relying on a treasury smart-contract. Each participant of the Callisto network is allowed to become a cold-staker at any time if they deposit their stake to the Callisto treasury smart-contract. The full stake + staking reward can be withdrawn from the treasury contract at any time after a month has passed from the stake deposit. An account that has withdrawn its funds from the treasury smart-contract will no longer be a cold-staker.

Callisto treasury smart-contract The Callisto treasury smart-contract is a program written in the solidity programming language and deployed within the Callisto network. The treasury smart-contract implements a governance system for the Callisto network. It serves to submit proposals, vote proposals and fund approved development proposals. Every participant of the Callisto network is capable of submitting a development proposal. Only cold-stakers are capable of voting FOR or AGAINST proposals. The treasury balance is a 10% fee from each Callisto block. Callisto cold staking protocol Technical details: ● ROI: ​Dynamic. Depends on the amount of CLO that is engaged in cold at the moment of reward claiming​. staking​​ ● Minimal amount: ​ No minimal threshold. ● Minimal delay between claims:​ 172,800 blocks ● Staking time: ​1-12 months ● Reward claiming: ​ Manual. A user have to execute a transaction to claim the reward. Cold staking is a core feature of Callisto protocol that is intended to incentivize coin owners for holding CLO coins for a significant period of time, thus increasing the "store of value" property of Callisto. The cold staking protocol will be implemented in solidity smart-contracts. Cold Staking 3.0 reference implementation source code could be found ​here​. The Cold Staking contract constantly receives a percentage of mining rewards and distributes this amount of CLO between cold stakers in proportion to their stake. Due to smart-contract limitations, on-chain real time computations are impossible. As a result, the reward for each staker is calculated in the moment of reward claiming. The following set of rules determines the workflow of Cold Staking Contract: 1. The contract allows any address to become a Cold Stacker by depositing CLO. 2. After an address owner has deposited CLO into the Staking Contract the funds are locked for a certain period of time (approximately 1 month). 3. The Cold Staker can not access their funds during the locking period. After the locking period has expired, the Cold Staker can withdraw the staking reward AND stake at any time. 4. The longer a staker is “staking”, the higher the reward is. For example a staker who left their coins for “staking” for 2 months will receive approximately

2x more reward than if they left their coins for 1 month. NOTE: the minimal period of time that is required for claiming the first staking reward is 1 month. 5. After the period of locking has passed, a Cold Staker has two options: (1) claim the reward and continue staking, thus lock their funds for 1 month again, or (2) claim the reward and withdraw stake. 6. The more active stakers are currently “staking” the less the reward of each staker is and visa versa. 7. If a staker is inactive for a certain period of time (approximately 1 year) then they are considered to be inactive and are disposed from the staking contract. Inactive stake is paid back to the stakers address. Staking reward is not paid for inactive stakers. 8. A staker MUST NOT deposit funds into the Staking Contract during the locking period. Depositing funds will cause the reinitialization of stakers entry and renewal of the locking period. 9. Each staker can independently claim their reward at any time after the locking period. The staking reward depends on the amount of CLO that are currently in the Cold Staking Contract. As a result, the reward of each staker depend on other stakers claims. We rely on the assumption that with a sufficiently high distribution of claims over time, Cold Stakers have a high probability of receiving a reward close to the expected value. 10. There is no minimum staking threshold. However, depositing into the Staking Contract and claiming the reward requires transaction fees to be paid. Staking with a very small deposit may not cover your transaction fees. 11. A Cold Staker can only stake with their deposit address. There is no possibility to point rewards into someone else’s address or grant someone a permission to claim the reward on your behalf. 12. A Cold Staker does not need to run a node to stake. They only need to invoke the staking contract twice: make a deposit and claim the reward. The ClassicEtherWallet is sufficient for this procedure. The following formula determines the staking reward calculation: Where: ● staking pool is the balance of staking contract at the moment of reward claiming. ● current block​is the transaction block number. ● init block​is the number of block on which the Staker made his deposit. ● round interval​is a duration of locking period (in blocks, default = 172,800) ● staker weight​is stakers deposit. ● network weight​is a total sum of active staking balances.

Technical details ● POW Algo: Dagger Hashimoto (Ethash) ● Block interval: ~15sec ● Block reward: 600 CLO (30% treasury fee) ● 100% compatible with Ethereum Virtual Machine ● The maximum supply: 6,500,000,000 CLO. ● Block reward reduction: 32% each 5,000,000 blocks Callisto implements an Ethereum Virtual Machine, which allows it to run Ethereum-compatible smart-contracts written in solidity or viper programming languages. Callisto emission and maximum supply is increased compared to ETC. 72% of total Ethereum (and ETC) supply was distributed during the crowdsale. This would have a negative effect if we sent such a huge amount of coins to cold staking. As a result, it is necessary to increase the neutral CLO emission to compensate a huge amount of pre-distributed stake. Goals The primary goal of Callisto Network is to enhance the security of the entire crypto industry and smart-contract development platforms. Another goal of Callisto Network is to boost the growth and adoption of Ethereum Classic as a community, and as a platform. Therefore, we have the following important goals: ● Improve the security level of crypto industry and smart-contract development platforms with an official auditing team and secure contracts registry. ● Research, define and develop reference implementation of cold staking protocol, built-in governance system, and self-funding mechanism. ● Research experimental possibilities of scaling and cross-chain interaction. Roadmap December 2017 ● Launch the test network with the current Golang Ethereum client -Byzantium compatible- (done). ● Create a public infrastructure for developers (completed). ● Update Classic Ether Wallet with Callisto network support (completed).

Q1 2018 ● Update ClassicMask with Callisto Network ● Snapshot of Ethereum Classic for CLO airdrop 1:1 ● Launch Testnet 2.0 ● Research the POS and DPOS protocol implementation possibility. Q2 2018 ● Launch CLO Mainnet (Est. 15 April 2018) ● DexNS support for the Callisto protocol ● Marketing team creation ● Launch mainnet block explorer and testnet explorer. Q3 2018 . ● Formation of the Security Department of Callisto (Solidity) Q4 2018 ● Planned Hardfork No. 1: Cold staking implementation ● eWASM implementation research ● Formation of the Security Department of Callisto (EOS) Q1 2019 ● Decentralized File Storage research and reference implementation ● Interchain operability research Q3 2019 ● Security DAO Codex release ● Cold Staker's Codex release Q4 2019 ● Planned Hardfork No. 2: On-chain governance system