Catapult Security Considerations

Considering that Proof of Importance and Governance is not implemented yet into Catapult I would like to get the community’s thoughts on potential security issues.

Let’s say that we have a public network using Catapult in its current state. So long as we have hard coded the list of trusted nodes I don’t see clearly how a bad actor could introduce false transactions.

Also a network could provide a pre-built binary to run further removing code manipulations I would think (versus building source code)

Given a trusted list of API nodes, what type of security considerations should be taken into account with Catapult in its current state? (Without governance).

Catapult is safe wrt the consensus, i uses a simple Proof of Stake.
Not sure what other kind of security risks you see. The mentioned set of trusted nodes is also used in NIS and can be configured by users. That poses not thread per se. In a public network, the majority of users just needs to be reasonable (and that is the case cause they own a stake and don’t want to lose it) and then everything is ok.

This is very insightful and was along the same thinking I had. Thanks!