Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add special "signed message" slash-by-transaction (with bonus) for "validator hacking" #2081

Closed
cwgoes opened this issue Aug 17, 2018 · 4 comments

Comments

@cwgoes
Copy link
Contributor

cwgoes commented Aug 17, 2018

An alternative to #1378 to encourage key rotation.

If you can sign a message with a Tendermint signing key still in use by a bonded validator, you get some fraction of that validator's self-bond.

cc @rigelrozanski @jaekwon

@gamarin2
Copy link
Contributor

Why self-bond only? Why not slash delegators as well?

@ValarDragon
Copy link
Contributor

ValarDragon commented Aug 20, 2018

The purpose of this AFAICT is just so that if a validator gets hacked, you have an in-protocol way of getting some money, instead of burning it in a double-sign. Helping compromised validators, while a great thing, definitely feels #postlaunch to me. (We can have governance vote, to see if validators are even concerned with this)

Also the premise of encouraging key rotation isn't necessarily good. A regular key rotation means you keep on putting yourself at risk in each subsequent entropy gathering period. There is a lot to consider here in how you gather the new entropy in a secure manner, and transmit it to your new system, if you fear that your previous setup was broken. I don't think we need to take a stance on trying to encourage key rotation (due to the systemic risk we are now encouraging), and it in fact would be better if this came through governance so that we had concrete evidence that the validator set / community actually wants this.

@ValarDragon
Copy link
Contributor

Tagging postlaunch, since its something we can easily add later. Though I'm still not in favor of us deciding this idea, and would heavily prefer it coming from a governance proposal.

@alexanderbez
Copy link
Contributor

++

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants