Open nambrot opened 7 months ago
Another benefit is removing the need to set up S3, which is non-trivial.
What I'd add to this design:
validatorUrl
added, I don't see why the need for the other fieldsattest_to_message
body, to be intentional about which deployments are being signed for. This makes DDoS-ing much less of a concern
Currently, whenever a new chain is being added, a dedicated validator instance has to be spun up to support the new chain, which puts a lower-bound on friction and latency to get a Hyperlane deployment. This ticket describes a new kind of validator and ISM architecture which allows the validator operator to automatically support arbitrary chains (via commitments to the RPC URL in the signature), and outsources the specification of the trust assumption in the form of the RPC URL to the ISM deployer.
Benefits
Considerations
Spec
RPC-Validator
The rpc-validator would expose a simple HTTP-based API with a single method:
POST /attest_to_message
with the following body:The rpc-validator makes a request to the given rpc url, ensures that the message was indeed dispatched on the mailbox, and then provides an attestation to the message while also committing to the RPC URL in question.
RPC-Validator-ISM
This will have to be a new ISM type.
The rpc-validator-ISM is configured with five configuration values:
address rpcValidatorAddress
string validatorUrl
address originMailboxAddress
uint32 originDomain
string rpcUrl
On
verify
, the ISM will take the passed in signature, and verify if the signatures commits to the configured values + messageId.Relayer changes
The relayer will need to persist the origin TX hash of an indexed message (to bring down the RPC load on the validator). When building metadata for the message and encountering the rpc-validator-ISM, will will construct the HTTP call and make it against the configured
validatorUrl
and then construct the metadata with the response body.Future Work
You can think of RPC-validators as pre-confirmations for TLS attestations from RPC providers. Like other pre-confirmation ISMs, they can be economically secured as long as there is a way to verify TLS signatures on-chain at some point. (Link to some projects)