January 4, 2019, Development Update

New Year, New Features

On behalf of myself and the entire Divi Project team, we’d like to wish everyone a happy and prosperous new year.

All developers are now back in their respective offices, full-time and we’re hitting the ground running with new features and developments. Read on to find out what to expect in the short term.

PayPal Integration

The PayPal integration, which will allow users to pay for MOCCI (Masternode One-Click Cloud Installer) hosting with a credit/debit card or PayPal account is moving forward as planned. Error handling, the configuration for various tiers, and currently deployed masternode payments have all been implemented and will go into testing early next week.

Atomic Swaps / HTLCs

Atomic swap technology, also known as HTLC (Hashed Time Locked Contracts) are an essential part of Divi’s plan to add features making crypto easier to use.

To use Atomic Swaps, we’re adding Bitcoin Improvement Protocols to our blockchain. These are BIP65, BIP68, and BIP112.

For more information on how this affects users and the project at large, read our blog.

Mandatory upgrade required

The implementation of PayPal and Atomic Swaps will both require a mandatory upgrade.

PayPal & MOCCI
Users running Masternodes with MOCCI will see their nodes go down over the course of the next 45-60 days. Users who fail to upgrade their software risk missing out on masternode rewards. To reinstate the MOCCI node, install the automatic update and click to pay for the monthly subscription and restart your remote server. We roll out the mandatory update in waves of 10-20% of the user base as to not disrupt the overall network.

If you do not want to pay for the monthly hosting subscription through Divi, dismantle your node and either set it up manually or stake your DIVI.

Atomic Swaps
Users running Divi Desktop will automatically receive the latest core build, which will include Atomic Swap/HTLC functionality by default. It is still incredibly important that Desktop users upgrade their software to avoid hard-forking into a separate network and earning Divi that is incompatible with the main chain.

Users running the CLI build will need to upgrade manually, and we will distribute documentation to make the transition as smooth as possible.

Security Audit

LedgerOps have completed a third-party, quarterly security audit for the DIVI ecosystem. This analysis consisted of enterprise-level penetration testing as well as a source code audit.

API & Divi Blockchain penetration testing covered the following areas:

  • Evaluating session management and authentication mechanisms
  • Evaluating input sanitization for user-supplied inputs
  • Evaluating access controls for restricted resources
  • Evaluating application for misconfigurations that could enable disclosures § Evaluating protections against automated attack attempts
  • Evaluating currently implemented patch levels and service versions
  • Evaluating application for misconfigurations and oversights
  • Evaluating DIVX to DIVI Redemption Process
  • Ensuring communications are secure during transit between endpoints

Divi Desktop penetration testing covered the following areas:

  • Desktop wallet application (Cross-platform)
  • Desktop application source code review and audit
  • Evaluating session management and authentication mechanisms § Evaluating Insecure Data Storage
  • Evaluating Improper Platform Usage
  • Evaluating Insecure communication
  • Evaluating Client Code Quality and Code Tampering
  • Evaluating Reverse Engineering
  • Evaluating Extraneous Functionality
  • Evaluating Unintended Data Leakage
  • Evaluating Poor Authorization and Authentication
  • Evaluating Insufficient Cryptography
  • Evaluating Client-Side Injection
  • Ensuring communications are secure during transit between endpoints

Source Code audit covered the following areas:

  • Review DIVI blockchain source code for bugs and errors
  • Review DIVI master node deployment scripts for bugs and errors
  • Review DIVI node default configurations
  • Identify service misconfigurations of DIVI’s nodes

Results

We are pleased to report that:

  • 0 Critical bugs were discovered.
  • 1 High-risk finding was discovered and has already been resolved by our team before the posting of this blog.
  • 4 Moderate-risk findings, primarily surrounding memory leaks and race conditions were discovered and are being addressed now.
  • 3 Low-risk findings were discovered and are being addressed as necessary.
  • 4 Informational findings were discovered surrounding some practical design choices that are being reviewed by the team.

To remain fully transparent with our community, we will post the full report in the coming week, as soon as all the findings are fully resolved or deferred.

NOTE: It is important to note that none of the discoveries by LedgerOps impact user security or privacy.

Exchanges

SWFT integration is scheduled to be complete on January 8th. This cross-chain swap tool allows for quick and easy transfers between hundreds of digital assets. Because they hold a pool of $DIVI for liquidity, they can manage the swaps in real-time. They have also agreed to let us use their APIs for integration within the Divi Smart Wallet(s), which would allow users to swap their Divi for other coins right within the application!

Media & marketing

Upcoming events

  • Nick Saponaro will be attending the North American Bitcoin Conference in Miami on Jan 16-18. If you’re around, let us know so we can meet up!

  • Nick will be speaking at NAMM at the end of this month on a panel about blockchain in music.

  • Nick will also be speaking at Chainwise in February. This conference is great for newbies, so definitely grab your tickets ASAP.

  • Geoff McCabe will be speaking on an expert panel at TicoBlockchain Conference on Februrary 2nd.