search

exorde-labs / exorde-client

Exorde participation module (Testnet 2022-2023) - CLI
GNU General Public License v3.0
1.11k stars 84 forks source link

GitHub Source Code Updates #10

Closed Westermann closed 1 year ago

Westermann commented 1 year ago

I can see from the code that you essentially rely on GitHub for making updates to the node source code. There are plenty of instances of requests to GitHub for getting both the actual source code files as well as configuration settings (at runtime). Considering the protocol is designed to persist data onto IPFS (or other decentralized storage systems) it seems a bit counterintuitive that you would rely on a very centralized entity (GitHub) for persisting the actual node source code. Can you elaborate on the rationale behind this? Also, how are you mitigating the risk of a malicious actor injecting code into the node source code? As far as I can tell you are relying essentially on GitHub to prevent this from happening but that, to me, doesn't seem fully in line with the whole decentralised ideology of the project.

P.s.: I can see some signature checks are being done on the downloaded Launcher.py code, for example, but there is no secondary source to verify the correctness of the code. I would imagine something that lives on, for example, the Ethereum blockchain and allows you to verify the code signature.

P.s.: Even if GitHub is used as the source code repository, why make requests directly to its web service rather than manage source code updates through normal git procedures (e.g. by pulling a release branch or something similar)? That would make the ability to validate the code running in the node a lot more transparent and easy to understand. With the current mechanisms, any of the multiple different requests to update source code or download configuration files could be corrupted and essentially lead to an easy attack on the host node.

MathiasExorde commented 1 year ago

Hi, indeed it is the case, for now.

1) SKALE chain was (or is still, to a certain extent) unreliable, so reading an IPFS hash from the chain is not fully reliable. We used to go right for protocol+IPFS for code download, but we quickly ran into problems, without solutions, because RPC infrastructure + IPFS infrastructure was weak, and prevented remote updates and so on. 2) IPFS still requires hosters of content. Filecoin was experimental at the time, so IPFS pinning services were (and still are, for critical/high volume content) required -> centralized.

Therefore, Github is a very good tradeoff. The Exorde Protocol will become hybrid over time, and host all its codes on Filecoin/IPFS. Nothing prevents a release from being then voted/appointed by the protocol and stored on Filecoin.

But for now, due to frequent updates, and fast-paced development, GitHub is a lot more convenient as a source of truth/code. It will be much easier to host everything on Filecoin when the codebase gets more final, fixed, and stable, as well as the infrastructure (SKALE nodes, IPFS/Filecoin, Ethereum-based Exorde repository contracts).