certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update assumptions.md

This commit is contained in:
Leo 2020-11-27 19:28:14 +01:00
parent 26942d7edb
commit c2c50b3326
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/assumptions.md
View File

@ -88,7 +88,8 @@ proposal and a DAO that offsets operational costs and rewards operators.
This should go without saying - in the context of a single node, we assume that an adversary cannot read or write host
memory, execute code, or otherwise compromise the running host operating system or platform while or after the node is
running. If a supermajority of nodes is compromised, an attacker can produce arbitrary VAAs. If a superminority of nodes
is compromised, the network may temporarily lose consensus (there's no way to intentionally void a guardian key).
is compromised, the network may temporarily lose consensus (there's no way to intentionally void a guardian key or
prevent it from being replaced by the supermajority).
Contrary to popular belief, hardware security modules do _not_ significantly change the risks associated with host
compromise when dealing with cryptocurrency keys. A compromised host could easily abuse the HSM as a signing oracle,