A simple Seed Service is maintained that crawls for active node accounts and their IP addresses. This is then hosted on an endpoint and can be queried.
The active node IP addresses can be queried from this endpoint:
The security model is always by consensus - the truth is what everyone agrees it is. Any THORNode can attempt to spoof downstream clients and send a fake vault address, but a client can protect themselves against this by checking that at least 1/3rd of Nodes agree.
The process for this is:
Get the full list of active THORNode IPs
Retrieve the vault address off at least 1/3rd of them
Check for 100% correctness, if incorrect, repeat Step (2)
If correct, use one of the proofed THORNodes for the next session
Repeat Step (1) regularly
It is possible to host the Seed Service entirely in a web3 smart contract on a censorship-resistant blockchain and clients can use Web3 to query.