Ensuring the security of the TON blockchain is crucial for its smooth operation. A key player in this process is the validator, responsible for verifying transactions and creating new blocks. However, the traditional approach of using a hot wallet for validation poses security risks, as it is vulnerable to hacking. To address this, we present the Single Nominator smart contract, a secure and simplified solution for validators.
The Single Nominator Advantage
The Single Nominator smart contract is a streamlined alternative to the Nominator Pool smart contract, supporting only one nominator. This reduction in complexity significantly lowers the attack surface, enhancing security. It is designed for TON validators with sufficient stake to validate independently, offering a more secure option compared to using a hot wallet or an unmaintained restricted wallet.
Official Code Hash for Verification:
pCrmnqx2/+DkUtPU8T04ehTkbAGlqtul/B2JPmxx9bo=
Verify this hash on TON Verifier before sending funds to a live contract.
Architecture Overview
The Single Nominator smart contract mirrors the architecture of the Nominator Pool contract, with a clear separation of roles:
- Owner: A cold wallet holding the staking funds, acting as the single nominator.
- Validator: A wallet on the validator node, capable of signing blocks but unable to access the staking funds.
The workflow involves the owner depositing funds into the Single Nominator contract, which are then used by the validator to enter election cycles. The contract ensures that only the owner can withdraw the funds, providing a secure validation process.
Mitigating Attack Vectors
The Single Nominator contract addresses several potential attack vectors:
- Hot Wallet Security: The validator’s hot wallet is protected from theft, as it cannot access the staking funds.
- Validator Compromise: In case of a compromised validator wallet, the owner can change the validator address, preventing further unauthorized interactions.
- Gas Drainage Attacks: The contract separates the principal staking funds from the gas fees, preventing attackers from draining the principal.
- Emergency Safeguards: The owner can send raw messages or change the contract code in emergency situations to recover stakes or address unforeseen issues.
Comparison of Existing Alternatives
For validators with enough stake, the Single Nominator contract offers a secure and simplified alternative compared to other setups like hot wallets, restricted wallets, or the Nominator Pool. It provides a streamlined solution with fewer attack vectors and enhanced security features.
| Setup | Security | Complexity | Use Case |
|---|---|---|---|
| Hot Wallet | Low | Low | Insecure, vulnerable to theft |
| Restricted Wallet | Medium | Medium | Unmaintained, prone to attack vectors |
| Nominator Pool | High | High | Suitable for multiple nominators |
| Single Nominator | Highest | Low | Ideal for single validators with full stake |
Getting Started with Single Nominator
To use the Single Nominator contract, you can deploy it using the provided open-source client. The contract integrates seamlessly with MyTonCtrl, allowing for easy management of validation cycles.
For detailed deployment instructions and owner-only operations, please refer to the GitHub repository.
Security Audits
The Single Nominator contract has undergone a thorough security audit by Certik, ensuring its robustness and reliability. The audit report is available in the repository: Certik Audit.
Conclusion
The Single Nominator smart contract offers a secure and efficient solution for TON validators seeking to reduce their attack surface and simplify their validation process. With its streamlined architecture and robust security features, it stands as the preferred choice for validators with sufficient stake.
For support or further information, join the discussion on Telegram.