Since we are now close to voting time, here are some more concerns from me:
-
Afaik, reporting oracle code is still not open source. This seems like a pretty big issue. If there is still some waiting for a security audit or something like that it would be useful to know at least. Or just some more information about what the hold up is to have the code open source would be useful. It is quite problematic that code for this very important part of the network is still not publicly visible.
-
Since Oracles are centralized for now, it would definitely help to know more details about oracle setup, and access restrictions. This article doesn’t have much detail around access control: https://medium.com/celoorg/an-introduction-to-celo-oracles-fd1a534669bb. Important questions in my mind would be:
** Who/how many people have access to Azure account where HSM keys are stored?
** Who/how many people have direct access to oracle machines?
** Who has access to deploy new code/image to oracle machines?
** What does internal or external auditing of this system look like? Is there an audit trail for all potential actions that might cause changes in Oracle operation? -
There is still a concern on number and quality of exchanges that have picked up CELO, but this is less of a concern for now compared to the two above. Bittrex is a reasonable exchange but with medium to low volume overall. OkCoin is even less real volume, and also has history of fair bit of questionable events in its past. Its unfortunate that these are the only two options for now, it isn’t end of the world, but it will would definitely be concerning if this still remains the case 2-3 months from now.