Platform prioritizes deterministic evaluation, validator integrity, and minimal trust assumptions. Security controls are enforced at the network, consensus, and runtime layers.
- Stake-weighted validator set: validators must meet minimum stake requirements.
- Signed P2P messages: every submission, evaluation, and vote is signed with the validator hotkey.
- PBFT-style consensus: final state is accepted only with >= 2f + 1 approvals.
- WASM sandbox: challenge execution is isolated with strict runtime policies.
- Auditability: state changes and challenge updates are anchored to chain epochs.
- Byzantine validators: mitigated by quorum thresholds and stake weighting.
- Sybil attempts: minimum stake requirements and metagraph verification.
- Challenge tampering: challenge metadata is signed and consensus-approved.
- Resource exhaustion: WASM runtime enforces CPU, memory, and I/O caps.
flowchart TB
subgraph Network
P2P[libp2p Mesh]
DHT[DHT]
P2P --> DHT
end
subgraph Validator
Signed[Signed Messages]
Consensus[PBFT Consensus]
Runtime[WASM Runtime]
Audit[Audit Logs]
end
P2P --> Signed
Signed --> Consensus
Consensus --> Runtime
Runtime --> Audit
flowchart LR
Validator[Validator Node] --> Runtime[WASM Runtime]
Runtime --> Policy[Runtime Policy + Limits]
Runtime --> HostFns[Whitelisted Host Functions]
Runtime --> Audit[Audit Logs]
Policy --> Runtime
HostFns --> Runtime
Runtime -->|Deterministic outputs| Validator
| Layer | Control | Outcome |
|---|---|---|
| Identity | Bittensor hotkey signatures | Non-repudiation & replay protection |
| Network | libp2p gossipsub + DHT | Decentralized data propagation |
| Consensus | PBFT-style approvals | Deterministic state finalization |
| Runtime | WASM sandbox + resource caps | Deterministic isolation |
| Operations | Key management + monitoring | Reduced operational risk |
Docker-backed evaluation is restricted to test environments and guarded by an explicit security policy. Production validators run the WASM runtime only.
flowchart LR
Tester[Test Harness] --> Broker[Secure Container Broker]
Broker --> Policy[Security Policy]
Policy --> Runtime[Container Runtime]
Runtime --> Logs[Audit Logs]
Policy --> Broker
- Key management: secrets via env vars or secret managers.
- Network controls: firewall rules limit ingress to required ports.
- Monitoring: health checks and log monitoring detect consensus drift.