certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update assumptions.md

This commit is contained in:
Leo 2020-11-27 19:26:09 +01:00
parent 36a025b088
commit d350731dda
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/assumptions.md
View File

@ -85,8 +85,10 @@ proposal and a DAO that offsets operational costs and rewards operators.
## Uncompromised hosts
This should go without saying - we assume that an adversary cannot read or write host memory, execute code, or otherwise
compromise the running host operating system or platform while or after the node is running.
This should go without saying - in the context of a single node, we assume that an adversary cannot read or write host
memory, execute code, or otherwise compromise the running host operating system or platform while or after the node is
running. If a supermajority of nodes is compromised, an attacker can produce arbitrary VAAs. If a superminority of nodes
is compromised, the network may no longer achieve consensus.
Contrary to popular belief, hardware security modules do _not_ significantly change the risks associated with host
compromise when dealing with cryptocurrency keys. A compromised host could easily abuse the HSM as a signing oracle,