Open HarryR opened 6 years ago
The POA network has implemented something similar, however it's specific to tokens and transfer of value rather than general purpose automata. Either way, they have a validator set contract which has gone through a full audit which is worth reviewing.
See:
@rstormsf is the person behind some of bridge contract, thought it might be worth mentioning them here.
What I intend to do next is address all of the points in the bridge & relay contract audits, to ensure that all points are mitigated or avoided.
So, having a single Lithium node which condenses the block chain into the merkle tree is insecure because if the single node gets compromised then any leaf can be added into the tree and all security or dependability is... gone.
One solution to this is to use a validator set, where N of M signatures are required to upload a new merkle root. This avoids the 'nominated leader' problem, where any one person can fake the root if they're nominated leader, e.g. with Paxos.
It works as such, each validator:
It's possible that this could be written as a Tendermint ABCI application, but the whole history isn't necessary, and that may over-complicate things? But it would be interesting to see how it works for Cosmos integration.
The validator set contract would be something like:
Iterate through using
GetAddress
forGetCount
returns the address of each validator.Providing
Validate
runsecrecover
for themessage
parameter, if any signatures aren't by a validator, it returnsfalse
. If the number of signatures is below the required threshold, it returnsfalse
.Problems: