You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are currently 125 validators on Cosmos (let's call this number N). As outlined in the finding #347, the number of validators participating in the Gravity bridge and signing different transactions between Cosmos and Ethereum has non-trivial performance and security consequences on the Gravity Bridge: the dependency of computational cost on the number of participating validators is quadratic (N*N).
Also, as outlined in the other findings, e.g. #351, #352, #353, #356, #357, the Orchestrator code is not yet as reliable as a stable production use would require, which will involve a lot of risk from the side of validators: they may be slashed for misbehavior caused by a malfunctioning Orchestrator.
This creates an incentive from both sides to make participation of validators in the Gravity Bridge voluntary:
while the total number of validators is 125, 20 validators is enough to provide 66% of the voting power. Assuming 30 validators are needed to give buffer in case of validator set changes, this will reduce the total number of transactions, the cost of executing them, as well as the severity of possible attacks at least by a factor of 4 (or 16 for quadratic dependencies).
for validators, participating in the Gravity bridge and running the Orchestrator involves a substantial risk of being slashed, specifically in case of Orchestrator errors, and no misbehavior from their side. They should have the possibility to assess the risks and opt in in case they agree with them.
Recommendation
Consider making validation on the Gravity Bridge voluntary. This should be beneficial both for the Gravity Bridge and for the validators.
The text was updated successfully, but these errors were encountered:
Surfaced from @informalsystems audit of Althea Gravity Bridge at commit 19a4cfe
severity: Informational
type: Restructuring proposal
difficulty: Intermediate
Involved artifacts
Description
There are currently 125 validators on Cosmos (let's call this number N). As outlined in the finding #347, the number of validators participating in the Gravity bridge and signing different transactions between Cosmos and Ethereum has non-trivial performance and security consequences on the Gravity Bridge: the dependency of computational cost on the number of participating validators is quadratic (N*N).
Also, as outlined in the other findings, e.g. #351, #352, #353, #356, #357, the Orchestrator code is not yet as reliable as a stable production use would require, which will involve a lot of risk from the side of validators: they may be slashed for misbehavior caused by a malfunctioning Orchestrator.
This creates an incentive from both sides to make participation of validators in the Gravity Bridge voluntary:
Recommendation
Consider making validation on the Gravity Bridge voluntary. This should be beneficial both for the Gravity Bridge and for the validators.
The text was updated successfully, but these errors were encountered: