7 Comments

Indeed, the Altair light client isn't accountable and so isn't secure enough for bridges.

>Therefore, this solution would require the light client to maintain a local view of the (very large) validator set

We spent rather a long time coming up with a good solution for avoiding that: https://eprint.iacr.org/2022/1205

and it works fine with a million BLS keys if Ethereum would be interested in adopting it.

Expand full comment

>The ALC is indistinguishable from a multisig, however the bridge was not able to choose its participants. Random multisigs are worse multisigs.

I agree that it is a multisig, but is random multisigs truly worse than a fixed set of validators (solution 2)? Would a user put more trust on 512 rotating, randomly selected validators or 20-ish fixed validators (as in bridges nowadays)?

I also agree that ALC is not derived from the consensus process, but at least the randomness is. But it's still a step up from the fixed 20-ish validators we have right now.

Expand full comment

This really comes off as "I run an optimistic bridge and don't like these new light client bridges competing in the space".

The Committee Set might not have proper incentives financially, but we are still talking about a scenario in which the **Ethereum** protocol itself acts maliciously. There are social problems preventing this kind of attack from happening, as well as coordination problems.

Expand full comment

As a counterpoint: a large majority of validators (and previously, a majority of miners) run software to propose custom blocks which maliciously extract value from DeFi users on Ethereum.

This proves that the "social problem" is not an effective deterrent, and the coordination problem is trivial to solve with a public fork of consensus software.

Expand full comment

This is apples to oranges: The majority of MEV is actually healthy and necessary for the ecosystem, whereas acting maliciously in the Sync Committee is now.

Expand full comment

MEV is a bug. Always will be.

Expand full comment

It's of course true that most MEV isn't malicious, but I think that's more of an "apples to oranges" comparison than the one I'm making...

The portion of MEV which is malicious isn't the right comparison. The analogous comparison is "what portion of validators are willing to capture malicious MEV, despite it being trivial to capture only healthy MEV". This is a measurable quantity: mevboost.org shows that overwhelming majority of validators are using "max profit" relays over "ethical" relays or even "non-censoring" relays.

Expand full comment