Update assumptions.md

This commit is contained in:
Leo 2020-11-27 19:27:11 +01:00
parent d350731dda
commit 26942d7edb
1 changed files with 1 additions and 1 deletions

View File

@ -88,7 +88,7 @@ proposal and a DAO that offsets operational costs and rewards operators.
This should go without saying - in the context of a single node, we assume that an adversary cannot read or write host
memory, execute code, or otherwise compromise the running host operating system or platform while or after the node is
running. If a supermajority of nodes is compromised, an attacker can produce arbitrary VAAs. If a superminority of nodes
is compromised, the network may no longer achieve consensus.
is compromised, the network may temporarily lose consensus (there's no way to intentionally void a guardian key).
Contrary to popular belief, hardware security modules do _not_ significantly change the risks associated with host
compromise when dealing with cryptocurrency keys. A compromised host could easily abuse the HSM as a signing oracle,