Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Game theoretically sound bridging #76

Closed
2 tasks
seunlanlege opened this issue Jul 25, 2022 · 1 comment
Closed
2 tasks

Game theoretically sound bridging #76

seunlanlege opened this issue Jul 25, 2022 · 1 comment
Assignees
@seunlanlege

Comments

@seunlanlege
Copy link
Contributor

seunlanlege commented Jul 25, 2022
edited
Loading

Currently writing a more detailed article about securing cryptographically sound bridges with game theory.

But the gist of this issue is that currently our bridge is vulnerable to eclipse attacks (todo: references) where the validators for a blockchain might collude and sign a single malicious header which they don't gossip in the p2p swarm, but instead update the light client running on our chain.

This attack is absolutely devastating and is capable of destroying the peg of an existing bridged asset, where the validators essentially sign a forged header which in turn contains a forged ibc commitment trie that makes a huge transfer of existing bridged assets in the forged header.

In order to mitigate this attack we need a new game theory protocol:

First a challenge window for newly updated headers in our light client, could be 5-10 mins. This will give enough time for a new participant of the bridge system (colloquially called fishermen, todo: references) to challenge the header by presenting another header that would have been valid at the same height. Allowing us to leverage IBC semantics and freeze the light client immediately.

Secondly all bridged chains will need to have an equivocation protocol:

An equivocation protocol is a property of Proof of stake systems where staked validators can be slashed if they are found to have signed 2 headers that would've been valid at the same height. The reason we need this equivocation protocol is so that fishermen, in parallel to freezing the light client on our chain, can claim the rewards for securing our bridge by reporting this misbehavior to the counterparty chain, where the malicious validators will be slashed and their stake ideally is split between the network and the fishermen. Without an equivocation protocol, there's no way to incentivize fishermen and disincentivize eclipse attack attempts.

Action Items:
@seunlanlege seunlanlege self-assigned this Jul 25, 2022
@Wizdave97 Wizdave97 mentioned this issue Jul 25, 2022
Closed
2 tasks
@seunlanlege seunlanlege changed the title Introduce header challenge window Game theoretically sound bridging Jul 26, 2022
@seunlanlege seunlanlege mentioned this issue Oct 27, 2022
Closed
2 tasks
@seunlanlege
Copy link
Contributor Author

OK seems like we might not need the challenge window as ibc natively has the idea of a connection_delay in between header updates and packet relays.

informalsystems/hermes#640

@seunlanlege seunlanlege transferred this issue from ComposableFi/composable Oct 27, 2022
@seunlanlege seunlanlege pinned this issue Nov 7, 2022
@blasrodri blasrodri unpinned this issue Nov 14, 2022
@seunlanlege seunlanlege pinned this issue Nov 17, 2022
@JafarAz JafarAz unpinned this issue Sep 18, 2023
vmarkushin added a commit that referenced this issue May 15, 2024
@vmarkushin
Merge pull request #76 from ComposableFi/compress-call-data
2751524 
utils: compress-calldata
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seunlanlege seunlanlege

Labels
None yet
Projects
Bridging team board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seunlanlege @josietyleung