Shield Server

A Complementary Security Measure

In addition to the signatures from the Threshold and Optimistic networks, dApps looking for stricter security measures can use the signature from a Shield Server.

A Shield Server refers to a server that is owned and run by the dApp. It prevents the feeding of manipulated data to the app by revalidating the data returned by the Threshold and Optimistic networks. As the Optimistic Network is not yet implemented, the description below is limited to the present implementation of Shield Server; that is, how it works beside the Threshold Network.

Shield Server & Threshold Network

Instead of sending a request directly to the Threshold Network, an app can send one to its own server or a server it trusts called the Shield Server. This server checks the validity of the request, and forwards it to the Threshold Network. Having received the signed data from the Threshold Network, it independently fetches the data and then compares the result with the signed data.

If the data obtained by the Shield Server and Threshold Network are the same, the Shield Server sends the gateway data to the dApp client along with two signatures: its own and the Threshold’s. But if the Shield Server’s obtained data differs from that of the Threshold Network's, the Shield Server does not verify the data; that is, it returns a “failed” response.

The following diagrams illustrates the procedure. Click on it to get a higher resolution.

Shield Server with a Local Source

If a Muon app runs its own local Ethereum, sidechains, and graph nodes, the diagram will change as follows:

The Shield Server was implemented on Muon Network in late 2022 and is now live. DApps that integrate with Muon can now use a Shield Server in addition to the Threshold Network.

To learn how to run a Shield Server, see here.

Last updated