You are viewing a single comment's thread from:
RE: Blockchain Update: Platform Independent State Files
Just throwing these files around without accountability is dangerous as it leaves open the potential of everyone being too cheap or lazy to do their own verification
I think perhaps the threat model here is overblown. Releasing them with simple CS hashes is fine, IMO.
We've already had (and possibly still have), I believe a majority or close to it of top witnesses (and certainly at least the 1/3 required break BFT) run by a single person because of outsourcing (witness as a service). Still others rely on a packaged software (and chain data?) distribution from this same person without doing any real validation of the contents of it beyond checksum to guard against download failure. It is hard to overstate the hazards that come from people taking the easy path when given the choice.
I would not at all rule out that a majority of witnesses could (mostly with good intentions) grab an erroneous or malicious state file, copy from each other (checksums check out!) and start running consensus on top of it without ever verifying it. At that point, the erroneous or malicious state mutation either becomes consensus or will need to be rolled back, both being very damaging to the credibility of the chain. This only needs to happen once, ever, to have potentially catastrophic consequences. A example of a situation where I could particularly see this happening is under pressure to recover quickly from a chain halt.