Security Model
Last updated
Last updated
TriggerX implements a comprehensive security model to ensure the integrity and reliability of cross-chain task execution within its decentralized keeper network. This model leverages the EigenLayer AVS (Actively Validated Services) security framework alongside a dedicated Secure Cross-Chain Keeper Execution Framework. Together, they establish a robust mechanism for managing authorized keepers (operators) across multiple blockchain networks, ensuring only registered entities can execute critical jobs.
The EigenLayer AVS security model enhances the decentralized automation protocol by enforcing stringent validation and consensus mechanisms across participating nodes. AVS ensures that registered keepers are monitored and penalized for malicious or negligent behavior, safeguarding task execution integrity. Key security measures include:
Slashing and Staking Mechanisms: Misbehaving or offline keepers face penalties to disincentivize malicious activities.
BLS Signatures: Aggregate signatures to validate task execution outcomes.
Reputation Tracking: Continuous evaluation of keeper performance to assess reliability and trustworthiness.
The Secure Cross-Chain Keeper Execution Framework establishes a robust system for managing authorized keepers across multiple blockchain networks. This architecture maintains security and consistency across the L1 and L2 ecosystem by verifying keeper registration and authorization before task execution.
L1 Components
AVSGovernance Contract: The central authority for keeper registration and management. It serves as the single source of truth for keeper authorization across the ecosystem.
AVSGovernanceLogic Contract (Hook): A specialized middleware contract that facilitates secure cross-chain communication, ensuring registration events are reliably transmitted from L1 to L2 contracts.
L2 Components (Base Sepolia)
ProxyHub Contract: The central coordination point on Base Sepolia that:
Maintains an authoritative mapping of keeper addresses to their registration status.
Verifies keeper credentials before job execution.
Broadcasts registration updates to all connected L2 networks.
Other L2 Networks
ProxySpoke Contracts: Deployed on multiple L2 networks (e.g., OP Sepolia), these contracts:
Maintain synchronized keeper registries.
Enable local verification of keeper credentials.
Ensure consistent security policies across the ecosystem.
1. Registration Process:
Step 1: Keepers initiate registration or unregistration through the AVSGovernance contract on L1.
Step 2: The AVSGovernanceLogic hook activates and transmits registration events to the ProxyHub contract via LayerZero.
Step 3: The ProxyHub broadcasts the updated keeper information to all connected ProxySpoke Contracts.
2. Job Execution Process:
Step 1: A keeper attempts to execute a task on an L2 network.
Step 2: The local ProxyHub or ProxySpoke contract verifies the keeper’s registration status.
Step 3: Authorized keepers proceed with job execution; unauthorized keepers are blocked.
Single Source of Truth: L1 governance contract serves as the authoritative registry.
Synchronized Verification: Consistent keeper registries across L1 and all L2 networks.
Cross-Chain Reliability: LayerZero ensures secure propagation of registration events.
Local Verification: Independent keeper verification on each L2 network.
Immediate Updates: Registration changes instantly propagate to all networks.
Enhanced Security: Only pre-authorized keepers can execute tasks, preventing unauthorized access.
Cross-Chain Consistency: Uniform security policies across L1 and L2 networks.
Scalability: New L2 networks can be seamlessly integrated.
Decentralized Verification: No single point of failure in the verification process.
Efficient Operations: Local verification reduces cross-chain communication overhead.
This security model establishes a multi-layered defense mechanism, integrating centralized governance with decentralized verification to secure cross-chain automation operations within the TriggerX framework.
