emberian
commented
4 years ago Discussed this at the bootstrap meeting, we've decided that this is important to do for mainnet but otherwise not a high priority.
Open nholland94 opened 4 years ago
emberian
commented
4 years ago Discussed this at the bootstrap meeting, we've decided that this is important to do for mainnet but otherwise not a high priority.
The current control flow of the bootstrapping process involves synchronizing the snarked ledger before we verify the scan state associated with the block that points to the snarked ledger we download. We should actually verify the scan state before synchronizing the snarked ledger, otherwise and adversary can trick us into synchronizing to a snarked ledger for a completely invalid state. An adversary can provide us with a valid block with an invalid scan state, but they cannot provide us with a valid block with an invalid snarked ledger. Reordering control flow reduces the possibility for an adversary to make us download an invalid snarked ledger.