(Feature) Notifications on new ballots

[igorbarinov]

Problem:

validators don't get notifications on new ballots. It may problems in governance where a malicious group of three or more validators will create series of proposals to remove other validators from consensus.

Possible solutions:

Server side or client/cloud side. I propose to implement the feature on client side first, with a combination of UI changes and hooks on deployment side.

• web push notifications. https://developers.google.com/web/fundamentals/push-notifications/ https://www.netlify.com/blog/2017/10/31/service-workers-explained/ Flow:
  • all validators subscribe to notifications on the webpage
  • a validator creates a ballot
  • all subscribed validators receive a chrome notification
• email notifications. For deployment, we use Netlify and can reuse Form handling feature which sends filled forms to email. https://www.netlify.com/docs/form-handling/ We should have separate form handlers for Core and Sokol networks.

Risks:

• A malicious validator can deploy dapp code locally and prevent from Mitigation: server-side ethereum event listener, subscribed to governance dapps

• A malicious validator can prevent form submission. This risk we will mitigate in future server side version of notification service which will subscribe to events Mitigation: server-side ethereum event listener, subscribed to governance dapps

With server-side deployment, we have new types of risks:

• a compromised server
• malicious devops

[igorbarinov]

Existing work

• Rust (very early stage) https://github.com/poanetwork/poa-governance-notifications
• JS https://github.com/johnnynuuma/poa-simple-notification-service

[vbaranov]

I prefer server-side Ethereum events listener to prevent any malicious actions that can be done by validator in local client code. We could have both

• server-side publisher/subscriber for email notifications. It seems JS implementation is well-documented, unlike Rust.
• server-side (another instance) publisher/subscriber for web push notifications.

Two server instances to mitigate these risks:

With server-side deployment, we have new types of risks:

a compromised server malicious devops

I could take to work web push notifications server/client part.