I don’t think there’s a way to guarantee that the minimal mandated list is at least included without actually proving that the blocks executed actually came from a relay within that list. @George can you please let me know if this is correct or not?
I don’t see a direct way to check usage of relays from the list. In the monitoring, we are planning to check payloads in blocks against what the relays offered for that slot. If the tx roots matches, we can very likely say that a relay from the list was used to produce the block. (it can also be another source, but we assume it’s acceptable, since the same payload was also produced by the relay which we decided to trust)
(c) somehow confirm that in the case that a block came from from a relay not in the “minimum list” there were no blocks proposed by relays in the minimum list with block reward > processed block. If we could do this then I think it could work.
We are planning to analyze the block value and check if the payload with the maximum value has been used. To make sure that any NO does not give preference to certain relays from the list. So it shouldn’t be too hard to add a check that an unknown source with a higher value was used and consider it acceptable.
In case we use a whitelist and count that NOs use only relays from it, we can also monitor missed blocks and make a guess which of relays could have been used by the validator to propose a block. This can help identify malicious relays or detect configuration or availability errors with some relays. If NOs will use additional relays it might make it a bit more difficult to analyze such situations, but looks like it’s not a big issue.