spent time this week going back through the DUST decay mechanic and the security reasoning behind it is more precise than i initially gave it credit for 😂
when night tokens are transferred to a new address, the dust balance associated with the originating address decays. it does not transfer with the night. it does not survive the movement intact. the balance drops, the new address starts accruing from a lower base, and the transition creates a gap in operational dust capacity.
that decay is not a penalty. it is a double spend prevention mechanism.
without decay an attacker could accumulate a large dust balance at one address, initiate a high-volume burst of transactions using that balance, simultaneously transfer the underlying night to a new address, and attempt to use the same economic capacity twice - once from the decayed address before the balance fully exhausts and once from the new address once it starts accruing.
the decay collapses that attack surface. the moment night moves, the dust capacity associated with the old position shrinks. there is no window where both addresses hold full operational capacity simultaneously.
what the design gets right
is that it solves the double spend problem at the resource layer rather than through additional on-chain validation overhead. the protocol does not need to track whether dust was already spent - the decay enforces scarcity by construction. the resource shrinks when it moves, so the total operational capacity in the system stays consistent with the total night held.
but here is what i kept working through.
the decay rate determines how tight the security window actually is. a slow decay creates a longer window where both the originating and destination address retain meaningful dust capacity - which is exactly the attack surface decay is supposed to close. a fast decay closes that window tightly but punishes legitimate users who move their night for operational reasons and find their dust capacity suddenly reduced.
the calibration problem is real.
the correct decay rate is one that closes the attack window without creating excessive friction for users who transfer NIGHT for entirely legitimate reasons - rebalancing across wallets, moving to cold storage, paying someone. those users are not attacking anything but they absorb the decay cost equally with the attacker it was designed to stop.
honestly dont know if the dust decay rate is calibrated correctly for the actual attack surface it targets or whether the security margin it provides comes at an operational cost that disproportionately lands on legitimate users who move night frequently.
decay that closes the double spend window cleanly or a security mechanism whose friction is felt most by the users it was never designed to punish?? 🤔
#night @MidnightNetwork $NIGHT
