Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malicious consumer can slash same validator for downtime multiple times #635

Closed
2 tasks done
Tracked by #754
mpoke opened this issue Jan 3, 2023 · 5 comments
Closed
2 tasks done
Tracked by #754

Malicious consumer can slash same validator for downtime multiple times #635

mpoke opened this issue Jan 3, 2023 · 5 comments
Labels
S: KTLO Keeping the lights on: Keeping the current product operational (bugs, troubleshooting, deps updates) type: bug Issues that need priority attention -- something isn't working

Comments

@mpoke
Copy link
Contributor

mpoke commented Jan 3, 2023

Problem

A malicious consumer could send multiple SlashPackets for the same validator for the same downtime infraction, which would result in that validator being slashed multiple times.

Closing criteria

Add logic on the provider that drops SlashPackets for downtime infraction for the same validator that were received from the same consumer without the validator having the chance to Unjail itself.

TODOs

  • Labels have been added for issue
  • Issue has been added to the ICS project
@mpoke mpoke added the type: feature-request New feature or request improvement label Jan 3, 2023
@mpoke
Copy link
Contributor Author

mpoke commented Jan 3, 2023

Potential solution (from discussion with @smarshall-spitzbart):

  • Keep an outstandingDowntime bool per validator per consumer chain (the bool is not needed if it's false).
  • When receiving a SlashPacket for downtime, set outstandingDowntime to true.
  • When a validator Unjails itself, set outstandingDowntime to false.

As there is no Unjail hook in the SDK, we could either add one, or just check for newly bonded validators in the set of validator updates received from staking.

This was referenced Jan 3, 2023
Closed
Closed
@mpoke mpoke added this to the Untrusted consumers milestone Jan 27, 2023
@mpoke mpoke removed this from the Untrusted consumers milestone Mar 5, 2023
@mpoke mpoke mentioned this issue Mar 6, 2023
Closed
@sainoe
Copy link
Contributor

sainoe commented Mar 8, 2023

Isn't it a duplicate of #417?

@mpoke
Copy link
Contributor Author

mpoke commented Mar 13, 2023

Isn't it a duplicate of #417?

It may be. Could you please converge them into a single issue?

@sainoe sainoe mentioned this issue Mar 13, 2023
Closed
2 tasks
@shaspitz
Copy link
Contributor

Indeed it was a duplicate issue, thanks @sainoe

@sainoe sainoe self-assigned this Mar 14, 2023
@mpoke mpoke added S: KTLO Keeping the lights on: Keeping the current product operational (bugs, troubleshooting, deps updates) type: bug Issues that need priority attention -- something isn't working and removed type: feature-request New feature or request improvement labels Sep 13, 2023
@mpoke
Copy link
Contributor Author

mpoke commented Sep 17, 2024

Closing as a malicious consumer chain could always jail an opted in validator without that validator actually being down.

@mpoke mpoke closed this as completed Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S: KTLO Keeping the lights on: Keeping the current product operational (bugs, troubleshooting, deps updates) type: bug Issues that need priority attention -- something isn't working
Projects
Cosmos Hub
Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mpoke @sainoe @shaspitz