Moxie makes a really good point about authenticity of RPC responses Moxie Marlinspike >> Blog >> My first impressions of web3 and I encourage everyone who builds blockchains, tooling and apps to read it. I wonder if there is anything on your mind / roadmap where Tezos could do better?
The point is that we have sophisticated cryptography and consensus mechanisms at the P2P layer between nodes, but unauthenticated/unverified communication over RPCs and indexer APIs. Dapps, wallets and users have to blindly trust their public RPC providers. Whoever wants to censor or alter data can do so undetected.
I guess for full blocks and operations we can at least validate their hashes based on content after download (I haven’t tried yet, but will), but who tells us the block/op hash actually exists and wasn’t doctored? The node RPC doesn’t even let you query an operation by its hash. And what about responses from RPC context calls? AFAIK there’s nothing like a storage root hash per account and even if there was we would probably need some sort of a light client to follow/verify an account’s history. One simplistic solution would be to send each query to multiple providers and compare results. Moxie talks about this and I know Ethers.js does it this way. But is that enough?
Even worse in my mind are indexer APIs, especially because the underlying SQL databases can be easily altered. Don’t get me wrong, I’m building TzIndex myself for years and from day one I’ve been asking myself how to proof data correctness to clients in every API response. So far I haven’t found substantiated discussions about the topic. Maybe we can start one today.