-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: remove the proxy altogether for transfers and MTCS #100
Comments
I'd love for there to be one less major component to a Quartz app 🙂 @amiller, could you please help us understand if/why we'd really need the proxy in the first place? I also don't really understand the threat model that necessitated its introduction. |
Looks like we've agreed to remove the proxy during Discourse today. What does "done" look like for this issue? |
I think this is done when we no longer have a
A related improvement (optional, low prio future work) could be to move all
$ quartz deploy
# deploys smart contract
$ quartz start
# enclave runs
# enclave instantiates contract
# enclave performs handshake |
Blocked by #70 as we want the listen script to be updated to DCAP, and we want to put that in the enclave (i.e. remove the proxy) |
#174 waiting for review |
Closed by #174 |
Summary
The contract-proxy-enclave design where devs are expected to write all 3 of these components (and ensure they're consistent) is error-prone and leads to bad devX. I propose we get rid of the proxy entirely (atleast for early versions of quartz) and instead move that logic into the enclave itself, such that the enclave talks directly with the smart contract.
Problem statement
Our main reason for the proxy AFAICT is to minimize the attack surface by preventing the enclave from making network calls. So we introduce a proxy bin (running on the host) that the enclave talks to (over files/gRPC) and the proxy connects to a blockchain node on the internet and facilitates communication between the enclave and the smart contract.
Why should the enclave and the smart contract communicate?
Why is this complicated?
The proxy must be app context aware so it cannot be a generic/universal bin that just works for all apps because it must know which events to listen to and what on-chain data to query (and how to get proofs for them).
Proposal
(cc: @ebuchman, @amiller)
The text was updated successfully, but these errors were encountered: