Skip to main content

Validators

Overview

Validators run as part of the Multisig ISM or the Economic Security Module, fulfilling the security layer of the Hyperlane protocol. If using a different ISM, validators are not required. They are responsible for attesting to messages by signing a merkle root (also referred to as a checkpoint) when new dispatches happen in the Mailbox. Signatures must be made available for anyone (typically the Relayer) to fetch and submit alongside the message to the destination chain.

Unlike many other protocols, Hyperlane does not have an enshrined validator set. Anyone is free to run their own validator, as long as the receiver contract specifies a Multisig ISM that includes their validator.

Validator checkpoints are public. This ensures the transport layer is permissionless, since anyone can fetch the signatures and call Mailbox.process() to deliver the message. The Relayer merely provides a convenience service for message senders.

It's important that the Validator only signs finalized checkpoints to avoid compromising the safety of the protocol. Signing messages that get reorged out leads to slashing in the economic security module. The Validator agent connects to a single chain to check for new messages. If validating multiple chains, multiple instances of this agent must be run.

info

Want to run a validator? Follow the validators guide.

In more detail

The Validator agent uses two key types: one to for signing transactions on the blockchain it is validating, and another for signing checkpoints on the Ethereum-compatible ECDSA curve. Since checkpoints are public, when a Validator first starts operating it must announce its checkpoint location via an onchain announce transaction. This is the only transaction ever submitted by the Validator agent; the blockchain-specific key is otherwise not used at all. There is also the option of manually announcing a new Validator to avoid configuring the blockchain-specific key. Validators can be announced by anyone.

For messages using a Multisig ISM, validators read the current merkle root by calling MerkleTreeHook.latestCheckpoint().

/**
  * @notice Returns the latest checkpoint for validators to sign.
  * @return root Latest checkpointed root
  * @return index Latest checkpointed index
  */
function latestCheckpoint()
  external
  view
  returns (bytes32 root, uint256 index);

Hyperlane is developing the validator as a binary implemented in Rust that can be easily run by anyone. Operationally, validators need to run this binary and have access to an RPC provider or node for the chain that they are validating for. We hope that the majority of Hyperlane validators will come from each chain's existing node operator community.