Hey Alex, thank you for your comments. Always great to have discussions with fellow builders in the space. Here are some quick replies:
Consensus model
What do we mean by “Cosmos-consensus Security Model” or “L1-PoS-blockchain security mode”
When we say L1-PoS-blockchain security model, we mean that the consensus algorithm is essentially acting like any other PoS blockchain. The closest in terms of consensus algorithm/mechanism is Cosmos-SDK/Tendermint chains such as Polygon PoS, BNB Chain or Sei Network. This is to stress that Celer uses a time-tested consensus engine and economic security engine, unlike some other multi-sig solutions or solutions with untested economic security models. We are not saying in any way that Celer’s shares the exact same PoS setup with any other blockchain.
Consensus failure != all money stolen
Unfortunately, you are not correct in stating that if the PoS consensus fails (2/3 stake colluding to behave maliciously), all liquidity in Celer’s Bridge can be withdrawn. This is precisely where the model of optimistic rollup-like security model shines. cBridge is built with this model from day 1 and even if the majority stake is acting maliciously, large fund withdrawing (in a cumulative sense) transactions can be canceled by any Celer validator plus a group of app guardians from security firms such as Peckshield and others. So what you described won’t happen. From a more practical point of view, Celer validators are highly reputable validators from the Cosmos community and incidentally share many with deBridge we believe.
Optimistic rollup security: application design pattern or protocol built-ins?
Implementing an optimistic rollup security model can be done in the application domain and in the protocol at the same time. They are not mutually exclusive. For Celer, every single validator can cancel messages that are maliciously passed by the consensus protocol if the message is sent through an OR model. This enhances the security from trust majority to trust-any validators.
In addition, application builders, governance bodies or security firms independent from application builders can run app guardians for specific applications even if they don’t trust any validators in Celer. For example, Certik, Trial of Bits and other security firms that are independent of both Celer and application builders can run app guardians for applications to offer “external security firms certified” services. The architecture is highly flexible with a high level of redundancy.