Skip to content

docs: threat model for node#24465

Merged
spalladino merged 2 commits into
merge-train/spartan-v5from
spl/threat-model-doc
Jul 7, 2026
Merged

docs: threat model for node#24465
spalladino merged 2 commits into
merge-train/spartan-v5from
spl/threat-model-doc

Conversation

@spalladino

Copy link
Copy Markdown
Contributor

Adds a new THREAT_MODEL.md doc. This document describes the threat model of the Aztec L2 network: how transactions flow from users into the proven chain, what each participant can and cannot do, and the properties the implementation must uphold. It is intended as a guideline for the security of the node implementation (yarn-project) and its interaction with the L1 rollup contracts (l1-contracts).

In scope: transaction dissemination and the mempool, the p2p layer, block and checkpoint production, committee attestation, L1 checkpoint submission and sync, epoch proving, slashing, and the escape hatch.

Out of scope: client-side private execution and proving (PXE, wallets), hardening of a node's public RPC interface, the cryptographic soundness of the proving system itself (treated as an assumption below), and L1 governance internals.

Adds a new `THREAT_MODEL.md` doc. This document describes the threat model of the Aztec L2 network: how transactions flow from users into the proven
chain, what each participant can and cannot do, and the properties the implementation must uphold. It is intended as a
guideline for the security of the node implementation (`yarn-project`) and its interaction with the L1 rollup
contracts (`l1-contracts`).

**In scope**: transaction dissemination and the mempool, the p2p layer, block and checkpoint production, committee
attestation, L1 checkpoint submission and sync, epoch proving, slashing, and the escape hatch.

**Out of scope**: client-side private execution and proving (PXE, wallets), hardening of a node's public RPC interface,
the cryptographic soundness of the proving system itself (treated as an assumption below), and L1 governance internals.
@spalladino spalladino changed the title doc: threat model for node docs: threat model for node Jul 2, 2026
Comment thread yarn-project/THREAT_MODEL.md Outdated
| Malicious proposer | Censor txs; waste its own slot and the next one (pipelining); post an unattested/badly-attested checkpoint to L1; equivocate | Convince honest nodes of an invalid state transition; corrupt state beyond slot N+1; brick other nodes' sync | Re-execution before attestation/adoption; pipeline depth capped at 2; delayed attestation verification + permissionless invalidation; slashing (§5) |
| Committee minority (< quorum, not proposer) | Withhold their own attestations; equivocate (slashable) | Prevent a slot from being attested; get honest members slashed | Quorum only needs ⌊2n/3⌋+1 of n; equivocation slashing |
| Committee quorum (≥ ⌊2n/3⌋+1 malicious) | Post invalid-but-attested checkpoints that nodes follow blindly; withhold tx data; halt the pending chain until the epoch prune | Get invalid state proven or exited on L1 (A2); avoid slashing for data withholding / attested-invalid | Unprovable state → prune at proof-window expiry; archiver preemptive unwind; slashing incl. `DATA_WITHHOLDING` |
| Malicious prover | Nothing by proving (proofs are verified); grief by *not* proving | Prove an invalid transition (A2); steal fees/rewards via forged proof calldata | Proof verification; fees bound to attested headers (see §4.4); A4 for liveness |

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know we've talked about this a thousand times (maybe look for "training wheels" on Slack). Isn't there a mechanism today (but IIRC we don't want it in the future) where the committee/some part of the system would still not accept a new state if it differs from what the validators saw?

@spalladino spalladino Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The committee can be seen as "training wheels" for the proving system, since a state transition cannot be deemed valid in L1 unless it's both proven and attested to. I've added a mention of that now.

@spalladino spalladino merged commit 1737dfb into merge-train/spartan-v5 Jul 7, 2026
12 checks passed
@spalladino spalladino deleted the spl/threat-model-doc branch July 7, 2026 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants