Spacemesh smeshers must generate a PoST proof as part of their activation process once every two-week epoch. To prevent a certain kind of exploit, where an adversary with cheap processing power can replace some storage with much more computation, we've introduced a small amount of additional computation to the PoST proving process making this attack too expensive to carry out.
We had plans to offload this additional work and delegate it to other servers that can do it once for all smeshers they serve, but didn't think it was urgent.
After the launch of the Spacemesh mainnet we've talked to users and realized that the time this work would take on many users' actual setup would make it hard (sometimes impossible) to generate a proof in the limited time available for it.
As a temporary measure, until we can implement our long term solution, we're considerably reducing the amount of work required, so that no home smesher will be hurt by this.
As a consequence a powerful adversary could take advantage and slightly increase their power beyond their resource allocation. This would still require implementing some complex logic, putting in place specialized hardware and taking some statistical risk. This attack would also potentially be detectable.
To minimize the incentive to take advantage and the possible long term upside, we're committing to re-raise the difficulty within 10 epochs (5 months). We hope to finish implementing the delegation of this work much sooner and the difficulty increase back to safe levels will then be expedited. But regardless of the time to roll this out - the temporary reduction will end automatically after 5 months.
This temporary change is part of our unwavering commitment to make smeshing at home effortless and effective.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/spacemeshos/go-spacemesh from 1.0.2 to 1.0.3.
Release notes
Sourced from github.com/spacemeshos/go-spacemesh's releases.
Commits
e91d735
fix flaky test: TestSpacemeshApp_NodeService (#4728)68d196b
Bump post-rs to v0.4.1 - more logs during initialization (#4730)89c0f60
Lower the post k2pow in mainnet (#4727)ec9e4ca
Proving opts metrics (#4726)43986af
Fix misleading error (#4725)0a9b323
public metrics (#4723)3889e3a
p2p: set resource manager conn limits relative to high peers (#4707)c418ee5
post: update to latest version with inflight verification (#4716)618aae2
Verify self-generated POST proofs to catch errors early (#4721)c40a4ab
validate genesis before using (#4719)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)