Blackhole Canister
A blackhole canister is an Internet Computer canister with no controllers — making it completely immutable.
What Is a Blackhole Canister?
Section titled “What Is a Blackhole Canister?”On the Internet Computer, every canister has one or more “controllers” — principals that can:
- Upgrade the canister code
- Change canister settings
- Delete the canister
- Manage cycles
A blackhole canister has zero controllers. Once deployed, the code cannot be changed by anyone — not even the original developers.
Why Blackhole?
Section titled “Why Blackhole?”Trustless Payments
Section titled “Trustless Payments”With a blackhole canister, users don’t need to trust Pybara:
- Code cannot be upgraded to steal funds
- Logic cannot be changed to favor certain parties
- Behavior is guaranteed by immutable code
Transparency
Section titled “Transparency”Anyone can verify the canister is a blackhole:
dfx canister info <canister-id> --network icIf Controllers: [] (empty), it’s a blackhole.
Pybara Blackhole Canisters
Section titled “Pybara Blackhole Canisters”Payment Verification Canister
Section titled “Payment Verification Canister”- Canister ID:
[to be deployed] - Purpose: Verify payments on-chain
- Status: Blackhole (immutable)
Trade-offs
Section titled “Trade-offs”- ✅ Maximum trust minimization
- ✅ Guaranteed behavior
- ✅ No upgrade risk
- ❌ Cannot fix bugs
- ❌ Cannot add features
- ❌ Cannot optimize
How Pybara Handles This
Section titled “How Pybara Handles This”- Extensive Testing — Thorough testing before blackhole deployment
- Formal Verification — Mathematical proofs of correctness
- Modular Design — Only critical logic is blackholed
- Versioning — New versions deployed as new canisters
Verify It Yourself
Section titled “Verify It Yourself”Check if a canister is a blackhole:
# Install dfxsh -ci "$(curl -fsSL https://internetcomputer.org/install.sh)"
# Check canister infodfx canister info <canister-id> --network icLook for Controllers: [] in the output.