Playbook For Cosmos Validators: Node Architecture Choices

Safe delegation

Common attacks for a validator node:

  • Distributed denial of service (DDoS) attack:In Cosmos network, a validator node can be the target of DDoS attack. Its fixed IP address and RESTful API port connected with the Internet make it vunlerable. DDoS attack will halt the vote messages between validators and prevent blocks from being committed. It has prompted exchange Bitstamp to halt Bitcoin trading, a
  • Compromise of keys: The most valuable asset for a validator is the keys it uses to sign blocks. Even if the keys are secured, if they can be used from the validator (such as to sign blocks), then an attacker who has control of the validator can get anything they want signed by the keys. Even if keys are secured, any copies of them in backups or on other support systems could still be compromised and used to clone the validator to malicious ends.
  • Trusted Link: validator systems is better communicate with sentries and support systems. These trusted communication links could be exploited to gain access to the validator. In particular, these communication links will typically be how the validator system is accessed for ongoing administration; if an attacker has access to the system that is logging into the validator (such as the sysadmin desktop), they can at a minimum piggyback on that remote session.
  • Tendermint Network Vulnerability: validators and Sentries at a minimum need to run the Tendermint network services. Any vulnerabilities here could be exploited by an attacker (either directly; or via malicious transactions, consensus messages, or blocks) to gain access to those systems.

Risk Control Methods

  1. Firewall white listing. Tendermint’s port is closed by default, and opened only to a white list of static IP addresses of peers. This has the disadvantage that these nodes are still communicating on the public internet, and are no less vulnerable to DDoS attack than any other sentry. There is security by obscurity, since the public IP addresses should not be gossiped, but if an IP address is discovered it becomes vulnerable, and it is problematic to change since out of band co-ordination with peers will be required.
  2. VPN connectivity. VPN connectivity can be established between relay nodes. These can be network-network IPSec, which is supported by major cloud platforms and most firewalls, WireGuard from host-host, or any technology stack mutually supported by two relay node operators. This still uses public internet, but in this case gaiad does not need a public IP address, so discovery of IP addresses to target with DDoS is harder.
  3. VPC peering. For peers that are hosted within the same cloud platform and where the feature exists, VPC peering is established. This is possible within GCP and AWS respectively, I am not familiar with other platforms. The advantage over 1&2 is that there is no exposure to the public internet. The disadvantage is that both relay nodes need to be hosted on the same cloud platform.
  4. Private link. Private connectivity can be established between validator operators. SDNs like MegaPort could be used at reasonable cost. I think this is likely not something anyone wants to get involved with in testnets, but it becomes a reasonable option on mainnet.
  • Single Node Validtor Setup:
  • Pro: easy to implement
  • Con: not flexible setup
Single Node Setup

Single Layer Sentry Node Setup

  • Pro: Efficient to mitigate DDoS attack
  • Con: Once the attacker gain access to private network, they could attack validator node.
Simple Sentry Node Setup

Two Layer Sentry Node Setup

  • Pro: This is similar to the classical backend/frontend separation of services in a corporate environment.
  • Con:Inroduce failure of VPC, and increase of operation cost
Private Sentry Node Setup

Relay Network Setup

  • Pro: The validator will be less likely to be offline
  • Con: More duplicate data, Need more configurations
Relay Node Setup

Full Node Backup Method

  • Stop your Gaia Node
  • Make a snapshot of your node’s data folder, and compress the folder
  • Copy it to the correct folder like: $HOME/.gaiad/
  • Start the node
gaiad start --pruning=everything

About the author




Blockchain | Data Science | Cosmonaut

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Have you heard about ISM?

How to Prevent SQL Injections

Predictz — The Ultimate GEM

{UPDATE} Combat Elite Hack Free Resources Generator

You might simply say that your own personal

Andrew Bud of iProov: 5 Things You Need To Know To Optimize Your Company’s Approach to Data…

Manav Mital of Cyral: 5 Things You Need To Know To Optimize Your Company’s Approach to Data…

{UPDATE} Co tuong Online Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sophie Huang

Sophie Huang

Blockchain | Data Science | Cosmonaut

More from Medium

Citizen Cosmos; Archway, incentivized contracts & developers

Explanation Utility Types in TypeScript

Number of Distinct Substring in a string