From 76ba4ef1cbf92ec2481974ac36abefff2f65fb70 Mon Sep 17 00:00:00 2001
From: "Chelsea H. Komlo" <me@chelseakomlo.com>
Date: Wed, 17 Mar 2021 14:31:55 -0400
Subject: [PATCH] add additional documentation for aggregator threat model

---
 src/frost.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/frost.rs b/src/frost.rs
index 566b0bf..35a7b34 100644
--- a/src/frost.rs
+++ b/src/frost.rs
@@ -594,7 +594,11 @@ pub fn sign(
 /// the signing participants before publishing the final signature. The
 /// coordinator can be one of the participants or a semi-trusted third party
 /// (who is trusted to not perform denial of service attacks, but does not learn
-/// any secret information).
+/// any secret information). Note that because the coordinator is trusted to
+/// report misbehaving parties in order to avoid publishing an invalid
+/// signature, if the coordinator themselves is a signer and misbehaves, they
+/// can avoid that step. However, at worst, this results in a denial of
+/// service attack due to publishing an invalid signature.
 pub fn aggregate(
     signing_package: &SigningPackage,
     signing_shares: &[SignatureShare],