Meeting notes for our workshop at the Lisbon Parachain Summit
Date: 1 Dec 2022
Vincent, Alistair (Snowfork)
Ricardo Ruis, Robert Habermeier, Robert Hambrock, Mattias Petter Johansson (Parity)
Syed Hosseini (W3F)
There were a few other attendees, I just didn't manage to get their names
The discussion in the workshop seems to validate our plan for cross-chain governance. Specifically, for fallback governance on Ethereum, a voting collective will be empowered to upgrade only the BEEFY light client contract.
Initiate a discussion on Polkadot forum to
Socialize this idea further in the community
Determine the membership of the collective
Discuss regulatory exposure
For the polkadot→ethereum path, move message batching to application layer. This simplifies our channel protocol, message dispatch logic, and fee calculations.
For example, batched XCM instructions could be handled by the XCM executor contract on Ethereum.
Ethereum PoS Light Client
Most discussions on this topic were related to BLS.
In our light client, aggregating public keys and verifying a single BLS signature takes roughly 1/4 of the block weight, which isn’t sustainable in the long-term, especially on BridgeHub.
Asynchronous backing may improve this by increasing blockspace.
A huge performance booster will be host functions for BLS-12-381 signature verification.
Should also investigate using a ZK-SNARKS circuit for signature verification in Substrate.
Apparently W3F already has a working prototype for this, which we can potentially adapt.
Parity to figure out the situation with host functions. Looks like there needs to be some kind of RFC process for the community to propose new host functions
In the longer-term, Snowfork should look at ZK-SNARKS for further improving efficiency of signature verification on Substrate.
Snowfork’s proposed circuit breaker on collateral withdrawals won’t actually increase security much, since you can’t really have a circuit breaker on cross-chain governance. And if cross-chain governance is exploited, then everything controlled by governance is exploitable too.
Simple limits on TVL may still work with XCMv3 model, will need to check (Owner: Vincent)
Our defense in depth strategy therefore needs to focus on implementation quality:
Unit and Integration Testing. Especially tests of an adversarial nature.