The DUST cap mechanic prevents double-spend exploits. The constraint is more elegant than it first appears.
Most people think you need complex cryptography to prevent double-spending in a shielded system.
@MidnightNtwrk solves it with a single mechanical rule.
Every DUST address has a cap - a maximum DUST balance proportional to its associated NIGHT holdings. When you hit the cap, generation stops. When you spend DUST, generation resumes until the cap is reached again.
Here's why this matters for security: if a $NIGHT holder tries to accumulate DUST by rapidly redesignating generation across multiple addresses, the cap follows the NIGHT balance - not the address count. Total DUST in existence for any given NIGHT holding can never exceed the cap, regardless of how many addresses are involved. The redesignation attempt doesn't create more DUST. It just starts decay on the old address while the new one begins filling.
No additional cryptographic overhead. No complex state tracking. One constraint closes an entire attack vector.
The part I'm still thinking about: this elegance depends entirely on the cap being correctly calibrated to network demand. If the cap is set too low relative to actual transaction costs, legitimate users hit ceilings during normal usage. That calibration is a governance parameter - not a protocol constant.