Compliance
Mirage is not designed for absolute financial privacy, as the team believes that completely unrestricted financial privacy would eventually attract illicit funds, which hurt good-intentioned users. This is why Mirage comes with compliance features to ensure responsible use of the protocol.
Mirage maintains an encrypted audit log of all borrowing and repayment actions ever happened on the platform, each assigned with a unique audit log ID. By default, only the owner can see their own part of the log. Audit logs can be accessed by calling these functions (when the inspector has sufficient access):
| Function | Remark |
|---|---|
getAuditLog() | Gets a global audit log owner by audit log ID |
getUserAuditLog() | Gets the global audit log ID of a user audit log item |
getUserAuditLogLength() | Gets the number of audit log items of a token under a specific user |
getAuditLog() already contains the full audit log. User-specific
functions are used for iterating user audit logs.
Under certain circumstances, audit log access can be extended to beyond its owner. This happens when:
- a user voluntarily discloses their audit log to a third party; or
- the compliance committee forces a reveal.
Voluntary disclosure
Any user can voluntarily disclose their own audit log to a third party. Authorized third parties can both access global audit log items that belong to the user, and iterate through the user's own audit log.
To make an authorization, call the grantAuditApproval() function. An authorization can be revoked by calling revokeAuditApproval().
Compliance committee
To combat illicit funds, a decentralized compliance committee of reputable individuals/organizations will be formed to respond to audit log reveal requests.
The Mirage team currently plays the role of the compliance committee until the community is mature enough to take over.
It's worth noting that the compliance committee is only capable of revealing audit logs transparently. The committee does not have a backdoor to secretly decrypt user audit logs. Instead, the committee can only decide to proceed with a reveal, after which the relevant data will be publicly accessible by everyone.
There are 2 types of reveal that can be done by the committee:
-
Revealing a single audit log entry
The committee calls
revealAuditLog()to reveal the owner of a single audit log entry. This is useful when a certain borrowing/repayment transaction is highly suspicious and requires investigation. If necessary, the committee can proceed to revealing the owner's complete history. -
Revealing the complete history of a user
The committee calls
revealUserAuditLogs()to make the entire audit log of a user publicly accessible.
The committee should exercise its power with great caution to ensure that Mirage remains a great venue for legitimate financial privacy.