Symbiont{s} | Steem DAO | Wallet Final Development Update and Summary

symbionts (68)in #witness-category • 5 days ago (edited)

^{https://ecosynthesizer.com}

Thriving Through a Symbiotic Equilibrium
Steem DAO | Wallet Final Development summary & Update

Greetings!

We are pleased to share the final development update for our wallet proposal, originally submitted one year ago. This post includes information about the financial aspects, as well as the latest additions we have made to the wallet. If you would like to review the previous update, please refer to the following:

Current state

The Finance & overall progress

We initially requested 48,960 SBD; however, support was withdrawn from our proposal at various stages, resulting in a final disbursement of 37,512.253 SBD, approximately 23.4% below the originally requested amount. This shortfall, combined with the significant decline in SBD's value throughout the proposal period, created considerable financial pressure on our team. Together, these two factors not only reduced our effective budget but also made day-to-day execution far more demanding than initially anticipated. As a result, we made the deliberate decision to exclude certain features we were not confident in delivering to the required standard, scaling down some UI changes in order to concentrate our efforts on core features and ensure everything we shipped was properly developed and tested. Nevertheless, our team remained fully committed throughout, delivered a substantial body of work, and continuously incorporated community feedback. At the end of the day, this project exists for the community, and we are proud of what we accomplished under these difficult circumstances.

To ensure transparency, anyone is welcome to review the attached sheet, which details the exact block numbers and SBD disbursement amounts throughout the proposal period (proposal_pay_symbionts).

That being said, and despite everything, we are not entirely satisfied with the current state of the project, as we firmly believe the pending features are genuinely needed by the community. There is a prospect that we may revisit and complete them in the near future pro bono, though we cannot make any formal commitments at this time given our other ongoing projects. What we can say is that unfinished work does not sit well with us, and the desire to see this through remains very much on our minds.

Change Recovery Account

On the Steem blockchain, a recovery account is a designated authority that holds the exclusive ability to initiate the ownership recovery process for a user account in the event of unauthorized access or key compromise. Each Steem account is associated with exactly one recovery account at any given time. By default, when a new account is created, the recovery account is assigned to the account that performed the creation operation. For users who register through steemit.com, the default recovery account is @steem, which is operated by Steemit Inc.

The recovery account plays a critical role in the blockchain-level recovery protocol. If an account's owner authority is changed without the user's consent, the recovery account may initiate an account recovery transaction. This is only possible if the request is submitted within the defined 30-day window and the account owner can provide a previously valid owner key from the past 30 days.

Users are encouraged to change their recovery account to either a trusted third party or a separate account they personally control. This provides an additional layer of protection by ensuring that account recovery capabilities remain in secure and trustworthy hands.

It is important to note that a recovery account does not have access to the account's private keys, funds, or posting capabilities. Its role is limited to initiating the recovery process under conditions defined by the Steem protocol.

Authority Management

Account authority management defines who can act on behalf of an account on the Steem blockchain and at what level of permission. The system is structured around three primary authority tiers, each with a clearly scoped set of capabilities.

The owner authority is the highest level and has complete control over the account, including the ability to modify all other authorities and keys. Because of its critical role, it should be stored offline and only used in exceptional cases such as account recovery or key rotation.

The active authority is intended for financial and governance operations, including transferring funds, interacting with the internal market, and voting for witnesses. It represents operational control of the account and must be secured carefully while still remaining accessible for legitimate use.

The posting authority is the lowest level and is limited to social interactions such as publishing content, voting, and following other accounts. This level is designed for frequent use and can be safely delegated to applications without exposing sensitive financial or ownership permissions.

Each authority level supports flexible configuration through weighted keys and accounts. Individual keys or accounts can be assigned a weight, and a threshold can be defined so that a specific combination of signatures is required to authorize an action. This enables multisignature setups, improving security and allowing shared control, which is especially useful for organizational accounts or scenarios where no single party should have full unilateral access

Update Proxy

A proxy allows an account on the Steem blockchain to delegate its governance influence to another trusted account. When a proxy is configured, all witness votes and proposal votes are exercised by the proxy account, meaning the delegating account’s stake is applied according to the proxy’s decisions without transferring any funds or ownership. This effectively shifts governance control while leaving asset custody unchanged.

This mechanism is particularly useful for accounts that are not actively involved in governance but still want their stake to contribute through a trusted representative. It is also widely used by exchanges, custodial services, and other operational accounts that prefer to remain neutral while ensuring their voting power is not left idle.

Setting a proxy overrides any witness or proposal votes previously submitted by the account, as governance control is fully delegated to the proxy. If the proxy is later removed, direct control is restored; however, previous voting preferences are not retained, requiring the account to manually resubmit its witness and proposal votes.

Decline Voting Rights

Declining voting rights is a permanent and irreversible operation on the Steem blockchain that removes an account’s ability to vote on content, participate in curation, and engage in governance activities such as witness or proposal voting. Once this operation is finalized, it cannot be reversed under any circumstances, permanently eliminating the account’s influence over rewards distribution and consensus.

This feature was originally proposed by Dan Larimer in Steem Improvement Proposal #324 on GitHub and was implemented as part of Hardfork 14. Its primary objective was to allow large stakeholders to make a verifiable and enforceable commitment that their stake would not be used to influence governance or content allocation. More broadly, it provides a mechanism for any account that wishes to avoid the political, legal, or reputational implications associated with holding significant voting power.

The operation includes a thirty-day delay before taking effect. This delay serves as a critical safeguard, providing a recovery window in case the action was triggered by a compromised account and ensuring that voting rights are not permanently removed without an opportunity for intervention.

This option can typically be used by infrastructure operators, custodial services, exchanges, or neutral entities that aim to clearly separate themselves from governance participation. Given its permanent nature, it should be approached with careful consideration, as the decision cannot be reversed once executed.

In addition, and similar to the account recovery request attack vector, we have decided to introduce an alert for declined voting rights, allowing users to quickly detect and cancel such actions.

Create / Update Witness

Registering as a witness on the Steem blockchain requires supplying a signing key, which is the public key used by the node to sign produced blocks, along with a set of chain parameters that represent the witness’s vote on core network configuration.

These parameters include the account creation fee, which sets the minimum STEEM required to create a new account; the maximum block size, which defines the upper bound of data allowed per block and directly affects network throughput; and the SBD interest rate, which determines the annual yield paid to holders of SBD, expressed in basis points.

These values are not applied per witness individually. Instead, the protocol calculates the median value across all active witnesses for each parameter and applies that result as the live network configuration. This design ensures that no single witness can unilaterally control network rules, while still allowing collective influence through distributed voting. As a result, witness parameter choices directly shape consensus-level behavior, making them a core part of governance responsibility.

Beyond parameter voting, witnesses are also responsible for maintaining reliable infrastructure capable of producing blocks consistently. This includes running a properly configured node with sufficient CPU, RAM, disk performance, and network bandwidth, as well as implementing redundancy, monitoring, and failover mechanisms to minimize downtime. Poor infrastructure or misconfiguration can lead to missed blocks, which directly impacts network performance and reliability.

Witnesses are therefore expected to keep both their parameter votes and their infrastructure aligned with current network conditions, balancing performance, stability, and economic incentives. Existing witnesses can update their signing key at any time for security rotation and can also adjust their parameter votes whenever infrastructure changes or policy decisions require updates.

Generate Brain Keys

A brain key is a long, human readable passphrase composed of random words that acts as a root secret from which cryptographic keys are deterministically derived on the Steem blockchain. Witnesses can use a brain key sequence to generate a secure signing key for their node, providing a recoverable and portable alternative to storing raw private keys directly, while still maintaining strong cryptographic security when generated properly.

The witness signing key is a dedicated cryptographic key used exclusively for signing blocks produced by the node. Its scope is intentionally restricted and it cannot be used to transfer funds, modify account authorities, or perform any financial operations. This strict separation enforces a clear security boundary within the account model, ensuring that operational keys used in infrastructure do not overlap with keys that control ownership or funds. As a result, even if a signing key is compromised, it does not grant access to account balances or higher level authority keys, preserving the integrity and security of the account.

It is critical that a signing key is used by only one active witness node at a time. Reusing the same signing key across multiple nodes or witnesses concurrently can lead to double signing, where two different blocks are produced for the same slot. This is considered a serious protocol violation and can damage network trust, potentially leading to penalties such as loss of reputation or removal from witness rankings. Proper key management and ensuring a single authoritative node per signing key are essential to avoid this scenario.

Publish Witness Price Feed

Witnesses on the Steem blockchain are responsible for publishing a price feed that represents the current market value of STEEM and SBD. These feeds are submitted at regular intervals and form a core part of the network’s economic infrastructure.

For each update cycle, the network collects price feeds from the 21 active witnesses and calculates the median value. This median is used to reduce the influence of outliers and ensure that no single witness can distort the reference price. The resulting values are then stored in a rolling feed history window of approximately 3.5 days, creating a continuously updated dataset of recent market conditions.

Rather than relying on only the latest submitted value, the protocol derives its official reference price from the median of this entire history window. This design produces a more stable and manipulation-resistant price signal by smoothing short-term volatility and filtering irregular spikes or outdated feeds.

Disable Witness

On the Steem blockchain, enabling or disabling a witness node is done by updating the witness configuration, specifically the signing. When a witness is enabled, it signals that the node is online, correctly configured, and ready to participate in block production. Enabled witnesses are included in the active scheduling set and are expected to produce blocks reliably according to the network’s rotation.

To disable a witness, the operator typically updates the witness configuration by removing or replacing the signing key with a null or “kill” key. This effectively prevents the node from signing blocks and removes the witness from the active production schedule. Disabling is commonly performed during maintenance, infrastructure changes, or when stepping away from consensus participation.

To re-enable a witness, a valid signing key must be set again, and the node must be fully synchronized, stable, and ready to produce blocks. This ensures the witness can safely rejoin the schedule without causing missed blocks or inconsistencies.

Maintaining correct enabled status is critical for network reliability. A witness should only remain enabled when the underlying infrastructure is stable and properly monitored, including sufficient hardware resources, network connectivity, and failover mechanisms. Leaving a witness enabled without adequate infrastructure can lead to missed blocks, which negatively impacts chain performance and overall network stability.