From the doc about Consensus on Canton, here is a quote: Canton based ledgers are resilient to malicious participants as long as there is at least a single honest participant.
My understanding is that as the result from this single honest participant will not be the same as the results from the malicious participants, no final commit will happen. Therefore the best result is that the state will remain the same as before. See if my understanding is correct.
Meanwhile, how can we know this happened? Can we see anything from the logs? And what shall we do after we know this happened?
The guarantee Canton aims to give is that the set of committed (sub-)transactions with at least one honest validator, is seen consistently by all honest participants. Furthermore, it’s designed so that participants can detect each others’ malicious behaviour. That’s all a bit of a mouth-full so let’s talk about what I think you probably mean by “malicious behaviour”:
A malicious node tries to commit an invalid transaction
A malicious validating node rejects a valid transaction
In the first case, if there is an honest participant involved, they’ll reject the transaction and it does not get committed. Since all honest participants are guaranteed to see the same result of a transaction (commit vs no commit), this gives “the set of committed (sub-)transactions with at least one honest validator, is seen consistently by all honest participants”.
In the second case, the submitter gets a rejection on false grounds, which they or other validators can detect. This gives “participants can detect each others’ malicious behaviour.”
Malicious behaviours of the above types can be observed in one of two places:
Thanks to Daml’s deterministic nature, all honest validators to a (sub) transaction should come to the same result whether that transaction is valid or not. So as long as there is at least one honest validator, the fact that something fishy is going on can be observed on both the mediator and the honest validators. I don’t know if and how such events are logged.
The detection of malicious behaviour has not yet been fully implemented in the version of Canton shipped with Daml 2.0 (documentation). So while the protocol is designed to support such detection, you cannot currently rely on it. Depending on the kind of maliciousness, the current implementation will either commit the bad transaction, reject the bad transaction (then you should get an appropriate completion, possibly along with some errors/warnings in the log), or simply crash.
There is little point in talking about the result of a malicious participant: As a malicious participant can do anything by definition, it can output arbitrary information that has nothing to do with what is committed. Therefore Canton’s guarantees apply only to participants that operate according to the Canton protocol.