-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add special "signed message" slash-by-transaction (with bonus) for "validator hacking" #2081
Comments
Why self-bond only? Why not slash delegators as well? |
The purpose of this AFAICT is just so that if a validator gets hacked, you have an in-protocol way of getting some money, instead of burning it in a double-sign. Helping compromised validators, while a great thing, definitely feels #postlaunch to me. (We can have governance vote, to see if validators are even concerned with this) Also the premise of encouraging key rotation isn't necessarily good. A regular key rotation means you keep on putting yourself at risk in each subsequent entropy gathering period. There is a lot to consider here in how you gather the new entropy in a secure manner, and transmit it to your new system, if you fear that your previous setup was broken. I don't think we need to take a stance on trying to encourage key rotation (due to the systemic risk we are now encouraging), and it in fact would be better if this came through governance so that we had concrete evidence that the validator set / community actually wants this. |
Tagging postlaunch, since its something we can easily add later. Though I'm still not in favor of us deciding this idea, and would heavily prefer it coming from a governance proposal. |
++ |
An alternative to #1378 to encourage key rotation.
If you can sign a message with a Tendermint signing key still in use by a bonded validator, you get some fraction of that validator's self-bond.
cc @rigelrozanski @jaekwon
The text was updated successfully, but these errors were encountered: