You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, Sorry to bother you with questions about some weak subjectivity implementations. In the Golang implementation of the Tendermint light client, the light client not only includes Commit Verification, but also supports Attack Detection. I think the latter is a weak subjectivity implementation, otherwise there may be a risk of long-range attacks. In the Golang implementation, after Commit Verification, the light client will interact with the witnesses to execute execute a function called detectDivergence.
// see VerifyHeaderfunc (c*Client) verifySequential(
ctx context.Context,
trustedBlock*types.LightBlock,
newLightBlock*types.LightBlock,
now time.Time) error {
....
// Compare header with the witnesses to ensure it's not a fork.// More witnesses we have, more chance to notice one.//// CORRECTNESS ASSUMPTION: there's at least 1 correct full node// (primary or one of the witnesses).returnc.detectDivergence(ctx, trace, now)
}
In the comments of the fuction detectDivergence, it is described like this:
// The detector component of the light client detects and handles attacks on the light client.// detectDivergence is a second wall of defense for the light client.
I don't seem to find an Attack Detection related implementation in your code, which makes me worry about the possibility of attacks such as long-range attacks. However, for smart contracts, the witnesses seem to be difficult to achieve. Do you have any thoughts on these questions?
The text was updated successfully, but these errors were encountered:
Hi, Sorry to bother you with questions about some weak subjectivity implementations. In the Golang implementation of the Tendermint light client, the light client not only includes Commit Verification, but also supports Attack Detection. I think the latter is a weak subjectivity implementation, otherwise there may be a risk of long-range attacks. In the Golang implementation, after Commit Verification, the light client will interact with the witnesses to execute execute a function called
detectDivergence.In the comments of the fuction
detectDivergence, it is described like this:I don't seem to find an Attack Detection related implementation in your code, which makes me worry about the possibility of attacks such as long-range attacks. However, for smart contracts, the witnesses seem to be difficult to achieve. Do you have any thoughts on these questions?
The text was updated successfully, but these errors were encountered: