You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/threat-model.md
+19-1Lines changed: 19 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -136,7 +136,7 @@ Notable threats to the system that could impact assets.
136
136
**Likelihood**: LOW - Reduced attack surface due to coupled RB/EB production model, though possible when there are multiple eligible producers (slot / height battles).
137
137
138
138
**Impact**:
139
-
-**Throughput**: Different SPOs create conflicting EBs, causing vote splits and potential certification failures. This leads to throughput reduction when EBs fail certification, though system recovers in subsequent stages
139
+
-**Throughput**: Different SPOs create conflicting EBs, causing vote splits and potential certification failures. This leads to throughput reduction when EBs fail certification, though system recovers in subsequent stages. This can occur both from deliberate mempool partitioning, but also naturally with "short forks" in the praos chain where nodes select different chains.
140
140
-**Resources**: SPO's network bandwidth and compute resources wasted on processing, propagating, and voting on conflicting EBs that cannot all be certified
@@ -630,6 +630,24 @@ Notable threats to the system that could impact assets.
630
630
631
631
**Cost**: MEDIUM - Testing infrastructure and compatibility analysis
632
632
633
+
### M11: No Conflicting Transactions
634
+
**Addressing threats**: T1, T12
635
+
636
+
**Decision**: MITIGATE
637
+
638
+
**Control type**: By design
639
+
640
+
**Implementation**:
641
+
- Protocol design inherently prevents conflicting transactions from reaching the chain
642
+
- No permanent storage of conflicting transactions unlike concurrent variants
643
+
- Ledger detects conflicts within an EB before voting
644
+
- Endorsed transactions are used to update the mempool view
645
+
- Data diffusion limits the number of conflicting transactions and does not amplify deliberately conflicting transaction propagation
646
+
647
+
**Validation**: Ensure mempool and data diffusion behavior; integration tests using conflicting transactions confirm bounded load on network and compute
0 commit comments