Over the last few weeks I have been working to set up a stake pool. I’m the kind of person that likes to do everything manually, so I’ve spent quite a bit of time investigating how things work.
I’m at the stage where I feel ready to deploy my stake pool, but I’m a bit concerned with what I perceive as an over-reliance of topologyUpdater in the network of stake pools - at least that’s how it appears from what I’ve read in this forum and others.
OK, Cardano doesn’t currently have a P2P solution for automatically taking care of this, so we need to somehow negotiate with other pools to be included in their topology files and accepted into the network - which is obviously not ideal.
topologyUpdater is the most commonly recommended solution to this problem, but who controls it and what are its dependencies?
topologyUpdater relies on a web service provided by clio.one, which in my mind is a single point of failure and rather opaque.
My concern further deepened when I read the code for topologyUpdater and saw that every time it runs, by default, it automatically reaches out to the web and, if it so desires, downloads a new version of topologyUpdater itself and overwrites the original script. IMO this is a huge vulnerability waiting to happen, any attacker or malicious actors would only need access to 1 account that has publishing rights of that script to potentially attack a significant portion of the network, not to mention steal funds from the less savvy, or lazy pool operators who keep keys on their server.
Anyone else share this worry?
How are others navigating this issue rather than resorting to topologyUpdater?
I feel I should state, this post is not intended as an attack on clio.one or anyone else involved with these tools, just voicing my concerns as a potential stake pool operator.
Also, not a hater, have been a keen follower of the Cardano project since 2018, and looking forward to the impending smart contract era.
Thank you for reading.