Yeah we’re very aware of it and are researching the problem and possible mitigations. We also still need to do a proper economic and security analysis to see whether the concerns are warranted or not.
Assuming the mitigations are warranted, we’ve got some ideas at https://snowfork.notion.site/Beacon-Sync-Protocol-Sync-Committee-Exploitation-ec32d47ac6d94a9b9578d0427c18ea84
These mitigations increase fraud-resistance at the cost of censorship-resistance. However any censorship can easily be nullified by Polkadot governance if necessary. That’s a compromise we may have to make.
There are also other game-theoretic attacks on the Altair light client, besides those which James highlighted. For example long-range attacks. This latter problem is our current focus, which Clara is working on currently:
https://snowfork.notion.site/Light-Client-Attacks-999a0afb33a247b9971cfa746513cb02
To be clear though, we don’t see any of these game-theoretic attacks as critical flaws that invalidate our trustless bridging architecture. However it does obviously mean that final deployment will be delayed until we have the appropriate mitigations in place.