The list of risk discussed in this document are,
Too expensive servers for witnesses/SONS
Witness node not reachable
Witnesses get DDOS'd
Bad actor infiltrate witness/SONs
The network run the servers which can become expensive for the user based on the demands, usage and availability. In this case, to maintain the users the following plans and ideas can be useful. Also, the point of contact to understand the issue is listed in this section.
Increase liquidity to bring value to the token.
Run a node with less demand, Find a way for it.
To avoid compilation, provide the binaries of witness_node and cli_wallet.
Create best practices to build cost effective nodes
Have Periodic sync-up with other witnesses to learn about the ways remain economical.
Static-linking of libbitcoin
Publish minimum requirements to witnesses to maintain the standard spec across the platform.
Provide the Personal Package Archives (PPA) on ubuntu.
Increase witness / SON pay
In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.
Point of Contact: DOCS Team
Point of Contact: Dev Team (For Static Link / PPA)
Distributed Denial-of-service (DDOS)
In some cases, the witnesses themselves will be DDOS'd and will be denied access to use the application. This is critical and the following plans, ideas will help in sorting the issue to provide some solution.
Witnesses should have a backup or DDOS protection.
Maintain backup node which can monitor and do automatic failover.
Create a basic witnesses node that can take over automatically at once the public witnesses fail.
Create witness backup in different location.
Any temporary Fallback strategy for witness outage??
Any Recommendation to witnesses about some reliable DDOS protection service ??
Outline proper procedure to be taken during the event of DDOS attack.
Allocate individual resources to communicate periodically with witnesses about the protective measures and procedure to prevent DDOS attack.
Can vote out a witnesses who is been attacked, until they are able to get back on track
If attack is persistent, have some IAC (Infrastructure as code) to redeploy the witnesses elsewhere.
In case, if any witnesses missing blocks in a row, then Notification should pop-up.
Automated system messages in witness chat.
In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.
The Witness / party that notices the issue.
The witness recovery - Liasson
The witness node can be unreachable at times due to several reasons. In order to overcome this situation the following ideas and plans can be helpful.
Create a witness chat room with group call functionality.
The witnesses should keep note of cell numbers of other witnesses as much as possible.
At least, one group where all the witness/ SONs should reside.
Create a separate portion for Witnesses in Scenes
A Dashboard to track the status of witnesses and chains.
Can we create a witness buddy system
Cross-post calls for action - Rocket chat, Telegram, Scenes, etc.,
Get familiar with common hubs used by witnesses
In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.
Firstly, the Witnesses themselves have to communicate about the problem with the team. So that, the issue will be know to the team and solution can be provided at the earliest.
Bad actors can be a threat to any organization. As they infiltrate and gather confidential information about the company. Those action must be considered as critical and proper action must be taken to avoid the risk. The following points can help the user to have some idea about how to overcome this problem.
Follow a robust on-boarding and vetting procedure, while accepting a witnesses/SONs.
Witnesses should be able to keep their anonymity.
Implement proof of pulse consensus.
Ensure setup of witnesses is simple to lower barrier to entry.
Encourage active voting and participation.
Publish witness stats in central location periodically.
Use a White hat to identify the vulnerabilities in any account with user's consent. (White hat -Ethical security hacker)
Deeper monitoring of chain activity.
Push notification for any large transaction (Whale alert)
Establish a "Forensic Team" that can recognize any malicious activities of a witness.
In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.
There are two members who can inspect the issue,
Log-Diving analyst
Forensics Team
The voters can inform about the invaders, if any.