Ensure that unbonding-delegations/redelegations for removed validators are still slashable #1673
Comments
|
Yup - if a validator is removed we still need to slash for those unbonding/redelgation |
rigelrozanski
changed the title
|
Should this be in current iteration? I think it's state-machine breaking no? |
It is - a bug, not a new feature, but we could delay if we want to avoid any state-machine breaking changes. |
|
Ok, removed from current iteration. Let's try to keep this iteration to non-breaking fixes so we can push them out to gaia-7000. We'll pick up the breaking ones for the next iteration |
rigelrozanski
added
the
T: API Breaking
|
@cwgoes / @rigelrozanski can I work on this independently of the staking refactor? I imagine a good chunk of work will be in the slashing module. |
|
I think that sounds like a good idea if you think you have a solid grasp on the problem. This is certainly something which needs to be fixed |
I think most of the work is just in the |
|
This is rather annoying. At minimum, we have to keep a map from consensus address to operator address around so we can lookup the unbonding delegations / redelegations by the operator address. I wonder if instead we can instead remove zero-power validators in the unbonding-handling queue whenever the last unbonding delegation or redelegation to that validator has been completed (at which point the validator won't be slashable since the unbonding period will have passed). |
This appears to me like a good workaround, if it's easy we can do it for game-of-stakes, if not then later? |
I like the concept, introduces some new stuff:
Edit: I think there is an alternative simple solution which eliminates bullet 2 (and maybe bullet 3?):
|
|
I think solution 2 above will work, with the slight modification that validators are only permanently deleted at counter-zero if they're already unbonded - if they're not, we know that they'll hit the end of the unbonding queue and be deleted then. |
|
totally 🤙 |
jackzampolin
added
prelaunch-2.0
and removed
T: API Breaking
cwgoes
added
game-of-stakes
T: API Breaking
|
I don't understand why you need to check that the unbonding/redelegations counter is 0 when the validator hits the end of the unbonding queue. I think you just need to check that the DelegatorShares is 0. Once the validator has finished unbonding queue, they're now in the unbonded state and are not going to get slashed anymore. So, what's the point of keeping the validator in the state? It's not necessary for the You should be able to delete the validator once the last delegator has started unbonding, not once the last delegator has finished unbonding. |
At present, we need to keep the validator in the state so that we can look it up if a delegator (who has started unbonding) needs to be slashed, because (at minimum) we need to lookup the operator address by the consensus address. |
But when you redelegate or unbond - shares are removed from the validator - we need a reference that the validator needs to be slashed
So there is a reference point to look for undelegations/redelegations records to slash |
|
But when a delegator starts unbonding from an |
|
Slashes would happen when they are in the unbonding queue but have not yet been removed from it. While they are in the queue (and within the bond period) we need to be able to look up the validator to potentially slash the unbonding delegations or redelegations. |
|
Seems this hasn't been 100% resolved. Finishing this in #2676 |
|
Closed by #2676 et al. |
Presently, if a validator is removed from the store, we won't slash any associated unbonding delegations. I think this is incorrect, since a validator will be removed when the last delegate starts unbonding from it - but we want the unbonding delegations to be slashable for an unbonding period even if the validator no longer has any power.
The text was updated successfully, but these errors were encountered: