dymension icon indicating copy to clipboard operation
dymension copied to clipboard

Published 20 hours ago verified publisher icon dymensionxyz

Problem: Multiple RollApp using same chain-id prefix

Open VictorTrustyDev opened this issue 1 year ago • 2 comments

Context: A RollApp owner already deployed their RollApp, for example: escan_9999-2.

When they want to state-breaking upgrade chain (hard-fork, remake),... they might want to upgrade with chain-id changed, like escan_9999-3 but someone else already obtained this chain id value, this might causes confuse or potential fishing vulnerability.

Suggestion:

  • When chain escan_9999-2 is registered, the prefix escan_9999 (pre dash "-" symbol) is reserved and no one else can create any chain with id has prefix escan_9999. And require extra step to override/upgrade/update chain id like using genesis sequencer key to submit a message to Hub that authorize the new chain id with same prefix can be created.
  • After that, the previous chain id should be halted forever.
  • Example request update chain-id:
    • Case 1: Going through governance
    • Case 2: Force upgrade using cli

Implementation proposal:

  1. First phase:
    • Prevent register same chain-id prefix
    • Implement API to check if user's input chain-id, during roll app creation, using a registered prefix of chain id
    • Prevent user
    • Increase fee for chain registration (prevent spamming & taking all good/vanity chain-id)
    • (accepted consequence: can not update chain id before phase 2 released + must provide guideline to launch new roll app with different chain-id prefix)
  2. Second phase:
    • Implement update chain-id through gov or force update using sequencer or smt like that: from x_y-A to x_y-B, with condition B = A + 1, at specific height (mainly the same as normal software upgrade proposal).

Additional Notes

  • Add cli to check if chain-id is already registered.
  • By splitting into multiple-phase implementation, you have more time for finding good implementation as well as time for testing carefully.

VictorTrustyDev avatar Jul 31 '23 09:07 VictorTrustyDev

thx for the feedback, it's indeed an important feature. Moving it to dymension hub repo

mtsitrin avatar Jul 31 '23 11:07 mtsitrin

related to #294

mtsitrin avatar Sep 27 '23 12:09 mtsitrin

@VictorTrustyDev can be closed? solved by dydns?

mtsitrin avatar Aug 13 '24 08:08 mtsitrin

Hey @mtsitrin, this resolved by #294

VictorTrustyDev avatar Aug 13 '24 09:08 VictorTrustyDev