Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: Sanity check of future messages #17

Open
fed-franz opened this issue Aug 5, 2024 · 0 comments
Open

Proposal: Sanity check of future messages #17

fed-franz opened this issue Aug 5, 2024 · 0 comments

Comments

@fed-franz
Copy link
Collaborator

Summary

Currently, consensus messages from the future (i.e. with higher round/iteration number) are stored/relayed without any verification. This is due to the inability of foreseeing future committees (which can only be computed with the previous-block seed).

However, the provisioner set of the current and next epoch is bound to those provisioners that staked in the past epoch.
While some provisioners might get excluded from the set, due to unstaking or slashing, it is not possible to have new unforeseen provisioners.

This DIP proposes to introduce a sanity check (or pre-verification) of consensus messages by checking if their signatures are from provisioners in the current and next provisioner set, according to stake operations.

While this check will not be 100% secure (it would still consider as valid signature from provisioners that have unstaked or have been inactivated due to slashing), it is still enough to exclude all signatures from provisioners that are not possibly part of the current/next epoch set.

In addition, it proposes to punish, where possible, those provisioners sending messages that turn out to be spam/attacks.
This, however, has to take into account the existence of forks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant