serai/coordinator/tributary
Luke Parker 997dd611d5
Don't add blocks which aren't valid
Previously, Tendermint needed to be live more than it needed to be correct.
Under the original intention for it, correctness would fail if any coin
desynced, which would cause the node to fail entirely. By accepting a
supermajority's view of state, despite its own, a single coin's failure would
only lead to inability to participate with that single coin.

Now that Tendermint is solely for Tributary, nodes should halt a coin-specific
chain if their view of the chain differs. They are unable to meaningless
participate regardless.

This also means a supermajority of validators can no longer fake messages from
other validators, allowing the Tributary chain to use uniform weights with much
less impact. There is still enough impact they can't be used (ability to cause
a fork), yet they should allow uniform block production (as that's solely a DoS
concern).

While we prior could've simply additionally checked signatures, add_block's
lack of a failure case would've meant it had to panic. This would've been a DoS
possible a minority-weight *which affected the entire coordinator* and
therefore *the entire validator for all coins*.
2023-04-12 16:18:42 -04:00
..
src Don't add blocks which aren't valid 2023-04-12 16:18:42 -04:00
tendermint Remove the substrate feature from tendermint 2023-04-11 10:34:41 -04:00
Cargo.toml Bind the signature scheme for tendermint-machine 2023-04-12 16:06:14 -04:00
LICENSE Create a folder for tributary, the micro-blockchain 2023-04-11 10:18:31 -04:00
README.md Create a folder for tributary, the micro-blockchain 2023-04-11 10:18:31 -04:00

Tributary

A micro-blockchain to provide consensus and ordering to P2P communication.