You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we have the following design: docker { jvm { node <----> Asmble {untrusted WebAssembly code} } }. However, because real-time workers participate in Tendermint consensus and batch validators participate in verification signing, this has potential security issues.
In particular, if a malicious piece code breaks from Asmble VM, it might be able to double vote in Tendermint consensus or confirm an incorrect batch – which are punishable activities in the network.
I think that to improve security the following design should be adopted instead: dockerA { jvmA { node } } <----> dockerB { jvmB { Asmble {untrusted WebAssembly code} } }. This way we have more security layers, which should significantly decrease the probability of malicious code harming the miner.
The text was updated successfully, but these errors were encountered:
Currently, we have the following design:
docker { jvm { node <----> Asmble {untrusted WebAssembly code} } }
. However, because real-time workers participate in Tendermint consensus and batch validators participate in verification signing, this has potential security issues.In particular, if a malicious piece code breaks from Asmble VM, it might be able to double vote in Tendermint consensus or confirm an incorrect batch – which are punishable activities in the network.
I think that to improve security the following design should be adopted instead:
dockerA { jvmA { node } } <----> dockerB { jvmB { Asmble {untrusted WebAssembly code} } }
. This way we have more security layers, which should significantly decrease the probability of malicious code harming the miner.The text was updated successfully, but these errors were encountered: