Make outputs Merkle root validator immutableΒ #414
Description
π Context
Currently, the application owner can change the consensus at any time.
This power may pose security concerns for users: they must trust the app owner.
For real applications, we advise the ownership to be renounced.
The Honeypot application, for example, has no owner.
So you may ask yourself: Why is there an application owner role?
The answer is simple: To solve a chicken-and-egg problem.
You see, there is a dependency cycle between Application and DaveConsensus.
One contract receives the address of the other as a constructor argument.
To solve this predicament, you deploy A, then B, and then you make A point to B.
This last part is performed on the application contract by its owner.
However, it doesn't have to be that way: #413 solves this issue.
With this, we don't need the consensus to be mutable.
It can indeed be immutable.
This allows us to simplify the application contract.
βοΈ Solution
Remove:
- the
IApplication.OutputsMerkleRootValidatorChangedevent - the
IApplication.migrateToOutputsMerkleRootValidatorfunction
Make:
- the
Application._outputsMerkleRootValidatorstate variable immutable