@NewtonProtocol

After doing research on how the decentralized protocol can address the risk of live runtime updates, I came to the conclusion that the most critical vulnerability in decentralized smart contracts is the possibility for a third party to alter active rules via governance keys. Here is how Newton Protocol addresses this particular issue by design in a way that doesn't require rewriting the entirety of one's backend system.

One of the fundamental challenges associated with permissionless on-chain automation is the ability to update the rules of the game over time. If the governance contract or multi-sig account responsible for making these decisions acts in bad faith and modifies runtime constraints, it creates a ‘policy update vector’ for attack.

For instance, an attacker with access to such an account could increase the spending limit right before a transaction goes through or loosen up some of the compliance controls. The Newton protocol mitigates this attack vector by requiring state transitions to be signed with a cryptographic proof that ties them to a specific historical root state.

To understand why this approach is necessary, we must discuss the problem Newton aims to solve. Any system which requires an operator to update policies in real-time faces a serious scalability challenge due to the sheer number of possible state transitions. For instance, each time an operator wants to change something, the system must ensure that the validity of the new state is within the constraints of all prior states. This could prove incredibly taxing on the network if a proposal contains a series of complicated edge cases. This overhead can be avoided by Newton by utilizing a state root, where every change to policy is committed as a single atomic operation which is verified by the network with a Linear Temporal Logic check. The idea is that instead of asking the network whether new code is valid or not, you ask it to validate a particular set of changes as a logical extension of the current state root.

When a rule change or policy update proposal is broadcast to the network, validators begin a process of signature aggregation, which allows them to determine whether there is sufficient support for adopting the new rules. If the transition is valid, this means that the majority of validators approve of the change and it will be added to the blockchain as a new state root at the next available opportunity.

On the other hand, if the validator nodes are unable to successfully perform the transition due to insufficient signatures or mathematical inconsistencies with the existing state root, the update will be reverted. In effect, any changes to the system contract which do not pass rigorous cryptographic review are rejected outright, preventing bad-faith flash-governance attacks which seek to temporarily loosen restrictions and then lock them back in place.

By requiring each change to the system contract to include a signed transition from the current state root, Newton prevents attacks which seek to undermine the integrity of permissionless on-chain systems. In this model, developers do not have to build advanced safety measures directly into the core contract in order to ensure the reliability of governance proposals. Instead, they can focus on building efficient, deterministic smart contracts while more volatile constraints are managed separately in the form of policy updates.

#Newt $NEWT @NewtonProtocol