In case of a Top N chain, we restrict the possible values of
top_Nfrom(0, 100]to[50, 100]. By havingtop_N >= 50we can guarantee that we cannot have a successful attack, assuming that at most1/3of provider validators can be malicious. This is because, a Top N chain withN >= 50%would have at least1/3honest validators, which is sufficient to stop attacks.
Can you walk through this logic from the ADR?
If, somehow, the top 1/3 of the Hub’s set is malicious, a Top N chain with N >= 50% would have that entire 33.3% of malicious validators and 17.7% honest. I’m not saying this is likely, just want to make sure I follow the logic in this paragraph.
N > (VetoThreshold = 33.4%) is a great catch; I think that’s it’s important to avoid a situation where the top N of the Hub gets forced to run a chain.
Because the
Tallymethod deletes the votes after reading them, we cannot check the votes of the validators after the votes have been tallied. To circumvent this, we introduce a hook forAfterProposalVoteand keep track of all the votes cast by a validator. If a validator casts more than one vote, we only consider the latest vote. Finally, we only consider a validator has opted in if it casts a 100%Yesvote in case of a weighted vote.
We investigated ways to fetch validator votes for finished proposals a few weeks ago on the testnet – maybe useful?