There is evidence about the consensus mechanism (Ouroboros) of Cardano being save in terms of preventing key blockchain attack vectors (51%, Double Spender, Bootstrap Problem, Sybil Attack).
So in theory all is good as long as >50% of Stake is managed by honest parties.
But what if parties want to be honest but get compromised without knowing?
Looking on Pooltool.io’s Platform Version diagram there are >50% using CNCLI for example.
I know this number is just about the tool which sends the tip. But I would assume that at least this number of Pools also uses other parts of CNCLI and installs auto-updates without any verification if what code is included in the update, …
My concrete question. Is there a risk of many nodes getting compromised without knowledge.
E.g. through a Auto-Update of CNCLI or some of the other Tools provided by Guild Operators.
Don’t take me wrong now. I’m very thankful for the availability of such tools.
So the key question is if there is a trustful process behind ToolOperators avoiding to include any harmful functionality in the scripts. I assume this is the case already (Pull Requests, Code Reviews, Involvement of IOHK?)
To eliminate remaining risks, just a few questions:
- Could there be some verfication mechanism of updates?
- Is it possible that a script modifies some key parts of the Cardano Node install? E.g. disable the verification if a block was createe by the node which was meant to create it?
- Is there some verification if the Node Install is not modified, like source signing, Hash checks or equivalent?
- Is there something which can be done on the server to reduce the risk. E.g. limit outbound traffic, use a different user for running CNCLI compared to the service user of course.
Just thinking of other remaining centrally managed parts of the network of course also the Topology updater seems to be a risk. Like always providing a list of un-honest servers. But I think this would not work out for the attacker based on the Bootstraping Approach in Ouroboros.
Whats your thoughs on that topic?