Inadequate Requirements for Validator Activation Leading to Unfair Competition
Summary
The current requirement for becoming a validator only involves gathering an initial 10M credits, without the need for actually running a validator node. This creates an environment where validators with low or no IT costs can attract delegators by offering extremely low commissions, negatively impacting those validators who incur real operational costs.
Vulnerability Detail
Validators can activate by simply accumulating the required 10M credits without the necessity of running an actual validator node. This allows some entities to offer very low commission rates to attract delegators, without bearing the operational costs of maintaining a validator node. This unfairly disadvantages validators who invest in infrastructure and maintain their nodes, as they cannot compete with the artificially low commissions offered by others.
Impact
The system becomes skewed towards validators who do not bear the costs of running a node, potentially reducing the overall security and reliability of the network. Validators who invest in real infrastructure may be driven out, leaving the network vulnerable to centralization and operational failures.
Introduce requirements for validators to demonstrate that they are running an actual node as part of the activation process. This can be achieved by:
Node Verification: Implement a mechanism to verify that a validator is running a node. This could involve regular checks or requiring validators to provide proof of operation.
Operational Costs: Adjust the economic incentives to account for the real costs of running a validator node. This can include minimum commission rates or subsidies for operational expenses.
snowtigersoft
High
Inadequate Requirements for Validator Activation Leading to Unfair Competition
Summary
The current requirement for becoming a validator only involves gathering an initial 10M credits, without the need for actually running a validator node. This creates an environment where validators with low or no IT costs can attract delegators by offering extremely low commissions, negatively impacting those validators who incur real operational costs.
Vulnerability Detail
Validators can activate by simply accumulating the required 10M credits without the necessity of running an actual validator node. This allows some entities to offer very low commission rates to attract delegators, without bearing the operational costs of maintaining a validator node. This unfairly disadvantages validators who invest in infrastructure and maintain their nodes, as they cannot compete with the artificially low commissions offered by others.
Impact
The system becomes skewed towards validators who do not bear the costs of running a node, potentially reducing the overall security and reliability of the network. Validators who invest in real infrastructure may be driven out, leaving the network vulnerable to centralization and operational failures.
Code Snippet
https://github.com/sherlock-audit/2024-05-aleo/blob/main/snarkVM/synthesizer/program/src/resources/credits.aleo#L159
Tool used
Manual Review
Recommendation
Introduce requirements for validators to demonstrate that they are running an actual node as part of the activation process. This can be achieved by: