You are viewing a single comment's thread from:

RE: Blockchain Update: Platform Independent State Files

in #steem5 years ago (edited)

Platform independent state files should be signed by whomever is claiming they are a valid record of the blockchain state, and/or potentially signed by consensus witnesses, possibly with the valid state checksum committed to the chain itself (which process would then constitute signing by consensus witnesses to the extent the recorded commitment is validated).

Just throwing these files around without accountability is dangerous as it leaves open the potential of everyone being too cheap or lazy to do their own verification, just copying the file and leaving the hard work to "someone else", with a malicious or accidentally incorrect state file spreading widely through mere replication. Comparing checksums doesn't help with that.

Sort:  

Just throwing these files around without accountability is dangerous as it leaves open the potential of everyone being too cheap or lazy to do their own verification

I think perhaps the threat model here is overblown. Releasing them with simple CS hashes is fine, IMO.

We've already had (and possibly still have), I believe a majority or close to it of top witnesses (and certainly at least the 1/3 required break BFT) run by a single person because of outsourcing (witness as a service). Still others rely on a packaged software (and chain data?) distribution from this same person without doing any real validation of the contents of it beyond checksum to guard against download failure. It is hard to overstate the hazards that come from people taking the easy path when given the choice.

I would not at all rule out that a majority of witnesses could (mostly with good intentions) grab an erroneous or malicious state file, copy from each other (checksums check out!) and start running consensus on top of it without ever verifying it. At that point, the erroneous or malicious state mutation either becomes consensus or will need to be rolled back, both being very damaging to the credibility of the chain. This only needs to happen once, ever, to have potentially catastrophic consequences. A example of a situation where I could particularly see this happening is under pressure to recover quickly from a chain halt.

Please help verify how #realsteem works. I sent 1 Steem to Booster.
Feel free to help verify how #realsteem works.
https://steemit.com/steemleader/@mysearchisover/steemleader-abuse-stats-140790-23-638

This is very nice