Open igorbarinov opened 6 years ago
Existing work
I prefer server-side Ethereum events listener to prevent any malicious actions that can be done by validator in local client code. We could have both
Two server instances to mitigate these risks:
With server-side deployment, we have new types of risks:
a compromised server malicious devops
I could take to work web push notifications server/client part.
Problem:
validators don't get notifications on new ballots. It may problems in governance where a malicious group of three or more validators will create series of proposals to remove other validators from consensus.
Possible solutions:
Server side or client/cloud side. I propose to implement the feature on client side first, with a combination of UI changes and hooks on deployment side.
Form handling
feature which sends filled forms to email. https://www.netlify.com/docs/form-handling/ We should have separate form handlers forCore
andSokol
networks.Risks:
A malicious validator can deploy dapp code locally and prevent from Mitigation: server-side ethereum event listener, subscribed to governance dapps
A malicious validator can prevent form submission. This risk we will mitigate in future
server side
version of notification service which will subscribe to events Mitigation: server-side ethereum event listener, subscribed to governance dappsWith server-side deployment, we have new types of risks: