ccvTimeoutTimestamp should be included in consumer addition proposal
#388
Labels
type: bug
Issues that need priority attention -- something isn't working
Comments
shaspitz
added
the
type: bug
|
As we discussed today, this should probably just go in the regular consumer param section and defaults. The genesis.json for a new consumer needs to be checked carefully. |
Repository owner
moved this from Todo
to Done
in Replicated Security
Oct 18, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
This PR #376 enables the provider and the consumers to have different CCV timeout periods. This could have negative implications on security, if a consumer chain is able to make this timeout parameter dangerously small. Note that a consumer could have changed this hardcoded parameter before #376
We should better expose this parameter to provider validators when a consumer chain is being spawned, and perhaps include the parameter in the consumer addition proposal. We should also not allow this parameter to be changed through consumer governance.
Closing criteria
Fix the issues described above
The text was updated successfully, but these errors were encountered: