Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

restake wallet verification #114

Open
Perseverance42 opened this issue Apr 14, 2022 · 2 comments
Open

restake wallet verification #114

Perseverance42 opened this issue Apr 14, 2022 · 2 comments

Comments

@Perseverance42
Copy link
Contributor

Please consider adding a way for validators to verify the validity of their entry.
This would give delegators the certainty that the restake wallets listed in this repository are authentic and controlled by the validator.

The current implementation of restake.app bot does need to query for generic delegation grants (ledger workaround), which do not have a delegation whitelist, potentially allowing the restake wallet to delegate to any validator.
A malicious entity could list restake wallets here and redirect delegators staking rewards to a malicious validator, potentially robbing delegators through commissions.

This scenario might be highly unlikely for mature chains with a high enough delegation floor for validators but chains with accessible active validatorset could face this problem.

My suggestion for a verification method would be to have the validator's initial delegator wallet broadcast a transaction that includes the restake wallet address in the memo and attach the transaction hash to the profile or PR.
@tombeynon
Copy link
Contributor

tombeynon commented Apr 16, 2022
edited
Loading

Great suggestion and I completely agree something is needed here for verification. I like the idea of a blockchain based solution but I also want to make it as easy as possible. Ultimately the issue lies in who is allowed to make updates to this repository - we could go with a simpler solution where each validator can specify an array of github usernames in profile.json or authors.json who can make changes. We would then implement a CI workflow to check the user against this array if it exists, and fail any PR which doesn't match.

The initial submission of this list will have potential for abuse, but after that only users who are already in the list would be authorised to change it (unless special circumstances dealt with manually), which at least gives us some author control.

What do you think about that? Potentially in addition to some form of second verification layer like you outlined.

@Perseverance42
Copy link
Contributor Author

Defining specific GitHub accounts for making changes to existing entries should be sufficient.

For the initial entry, I suggest using keybase as a form of validation. Many validators use keybase identity already as the identity field stored on-chain. Github accounts can be verified as well so it should be relatively seamless for validators who already have this setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tombeynon @Perseverance42