Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(block, epoch)-fork choice #2292

Open
wants to merge 8 commits into
base: dev
Choose a base branch
from
Open

(block, epoch)-fork choice #2292

wants to merge 8 commits into from

Conversation

adiasg
Copy link
Contributor

@adiasg adiasg commented Mar 30, 2021
edited
Loading

This PR contains a security fix for the finality delay attack outlined in this paper.

Finality Delay Attack

The execution of the attack involves temporary block withholding by the first few proposers in the epoch. At the end of the last withholding proposer's slot, all blocks are released. During slots in which blocks were withheld, honest attesters make FFG target votes for the last block of the previous epoch (which is "pulled up" to serve as the FFG checkpoint for the current epoch). After the blocks have been released, honest attesters make FFG target votes for the first block of the current epoch.
During each slot, 1 / SLOTS_PER_EPOCH (= 3.125%) fraction of stake is attesting. So a 25% attacker needs to control the first 3 slots (= ceil((33.33 - 25) / 3.125)) of an epoch to successfully delay finality at the end of that epoch.

A brief description from the original paper:
image

The attack is possible because the fork choice allows for updating the head block, without any reorgs, in the following situation:

  • the old head block points to an FFG target inconsistent with the one pointed to by the new head block, and
  • there is more support for the old head block's FFG target than the new head block's FFG target.

This happens because the fork choice only calculates the LMD GHOST winner based on the support for each individual block. This PR prevents the attack by changing the block tree structure, and by also taking into account the support for the FFG target pointed to by each block.

For example, the below block hierarchy will be transformed into a block tree in the following manner:
image

Summary of Changes

  • Block Tree Structure
  • LatestMessage Accounting
    • To calculate support for nodes in the block tree, LMD GHOST fork choice now interprets LatestMessage in the spirit of the attack fix. (Refer: get_latest_attesting_balance)
  • Fork Choice Store & Functions
    • Updated the fork choice store & all functions for compatibility with the new block tree structure.
    • Added block tree updates to the on_block & on_attestation functions.
  • Testing
    • Added tests for the finality delay attack.
    • Updated existing tests that use internal fork choice functions.

@adiasg adiasg added scope:fork-choice scope:security General protocol security-related items labels Mar 30, 2021
@adiasg
Copy link
Contributor Author

adiasg commented Apr 20, 2021
edited
Loading

Note: First merge PR #2301 into dev, then merge this into dev

@adiasg adiasg changed the base branch from dev to fix-bouncing-attack-tests April 23, 2021 18:58
@adiasg adiasg mentioned this pull request Apr 23, 2021
Closed
Base automatically changed from fix-bouncing-attack-tests to dev April 27, 2021 13:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vbuterin vbuterin vbuterin approved these changes

Assignees
No one assigned
Labels
scope:fork-choice scope:security General protocol security-related items
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adiasg @vbuterin