Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Question: How does a non-validating notary knows if a participant is allowed to spend a state?
See original GitHub issueSince non-validating notaries in Corda are not performing input/output state validation of a transaction, how does a notary service know that a transaction initiator is allowed to spend specific input states?
For instance, in this simple cash example:
State0{} -issueCashTX-> State1{owner:issuer, amount: 1000 USD}
-transferTX-> State2{owner:issuer, amount: 500}
State3{owner:CompanyA, amount: 500}
Smart Contract Rules validate that transfer transactions are only valid, if input state is owned by the transaction initiator and sum of output amounts is equal to sum of input amounts.
[Q]: How the non-validating notary knows that spending State1 is ok, since it has no idea about the validation rules?
Issue Analytics
- State:
- Created 5 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@gendal @anthonykr3 thank you very much for investing your time to write an answer! I appreciate it very much. The information that it is planed to be able to raise the disupte and revert the confirmation was the missing chunk of information for me. I can see that it can work in permissioned setups where identities are known, since sanctions can be enforced (“Identity at Stake”).
Hi there. We offer both options for a reason. There are no absolutes in this business, only tradeoffs 😃 A validating notary protects you against the attack you describe but it needs to see the transaction, as you say. In situations where malicious submitters are not in your threat model (a far more common scenario than you might imagine for the problems we’re solving with Corda!) then you can gain additional privacy by not asking the notary to validate. But you risk the situation you describe. However, in such cases, there is an extra line of defence that permissioned systems like Corda possess: all parties on the network are identified… so the nonvalidating notary knows WHICH party submitted the malicious transaction. So when the attack is discovered (by somebody trying to notarise the valid transaction), the notary can provide the identity of the attacker and their cunning scheme is revealed and falls apart…! (Also reducing the incentive/attractiveness of trying in the first place. Now: this model works because of the assumptions underpinning Corda and the threat model we face. In a fully public, pseudonymous, adversarial environment such as the public ethereum blockchain, it would be a less-effective strategy. It’s why I write so much about how what we’re doing and what the public Ethereum community are doing are so different (complementary, not competitive, in fact). It’s when you try to apply Ethereum to enterprise scenarios away from the public chain that I think there are problems -and it’s what I write about a lot.