-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R4R: Fix signing info handling bugs & faulty slashing #2480
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #2480 +/- ##
=========================================
Coverage ? 60%
=========================================
Files ? 151
Lines ? 8844
Branches ? 0
=========================================
Hits ? 5307
Misses ? 3167
Partials ? 370 |
OK, this should basically do what we want, just need to make sure the jail duration is greater than the signed blocks window. Needs testcases & spec update. |
cc @SLAMPER @HaoyangLiu want to review? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK however please note minimal change requests.
} | ||
minHeight := signInfo.StartHeight + k.SignedBlocksWindow(ctx) | ||
if height > minHeight && signInfo.SignedBlocksCounter < k.MinSignedPerWindow(ctx) { | ||
maxMissed := k.SignedBlocksWindow(ctx) - k.MinSignedPerWindow(ctx) | ||
if height > minHeight && signInfo.MissedBlocksCounter > maxMissed { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really want to keep this dependent on the StartHeight ?
That way a validator could unbond every SignedBlocksWindow-2 blocks and then rebond to avoid slashing since the StartHeight is reset now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes, of course, in the case when they aren't jailed at all.
I think I'll try the other strategy, deleting the array shouldn't be too expensive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now we never reset the start height, and instead reset the counter & clear the array when the validator is slashed for downtime.
Ready for review again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good! few lil comments
Thanks @rigelrozanski - do you want to review this @jaekwon? |
Closes #2372
Closes #1867
Addressing both issues at once is more efficient.
Nothing is reset if a validator leaves the bonded set as a result of any reason other than being slashed for downtime, so it shouldn't be possible to reset the counter without also incurring the penalties of being slashed & jailed.
We must iterate over
SignedBlocksWindow
store keys and delete them when a validator is slashed for downtime, but that's probably a relatively rare occurrence and incurs a real cost, so I don't think spam is too much of a concern.Standard checklist:
docs/
)PENDING.md
with issue #Files changed
in the github PR explorerFor Admin Use: