Comment on page
Off Chain Agents
The Synapse Interchain System has 3 different kinds of off-chain agents.
Right now, the easiest way to deploy the agents is with our helm charts available on artifact hub. Work is being done on a one-click devnet in the meantime that uses docker-compose instead of helm.
Making Changes
Because of the careful incentives around speed & security implicit in the system, it's likely client diversity will emerge very quickly. To enable this, the codebase exports as much functionality as possible through godoc (including our e2e go-based contract testing suite in ethergo & custom github actions to minimize the probability of issues.
Devcontainers are built daily to enable one click runs from github codespaces for any developer interested in contributing to or hacking on the synapse interchain network standard.
Similarly to contract security, a number of automated & manual systems are used to minimize risks of root of trust compromise when running any of the off-chain agents.
These include:
- All containers are built using either distroless or scratch containers in order to minimize the risk of supply chain attacks on docker images.
- All binaries are built using a custom goreleaser image to avoid supply chain attacks in builder images
We've also taken extraordinary steps to ensure users have a secure deployment environment for offchain agents. This has included the creation of 3 different terraform providers aimed at using workload identity authorization for private key management:
- Terraform-kubreproxy-provider: Allows the configuration of kubernetes clusters through terraform while utilziing an iap bastion host (something previously impossible)
- Terraform-helmproxy-provider: Allows the configuration of deployment of helm charts while utilziing an iap bastion host (something previously impossible)
One other root of trust in any interchain system is the place data is being received from the origin chain. To this end, we built OmniRPC, a way to specify a threshold of different RPC providers that need to return the same data about a query before it's trusted.
Operational Security
In order to enable operators of off-chain agents to operate as seamlessly as possible, extensive work has been done around the introduction of distributed tracing through otel + jaeger to quickly identify & remediate any issues that might result in slashing of offchain agents. This includes a custom pyroscope + Jaeger image for especially hard to find issues + dockerized tracing.
Additionally, all modules export metrics via Prometheus + Grafana to make setting up alerts as easy as possible.
Last modified 2mo ago