Enforce terminal PoW block to be on the cusp #2522
Conversation
specs/merge/validator.md
Outdated
| @@ -90,7 +90,8 @@ def get_execution_payload(state: BeaconState, | |||
| execution_engine: ExecutionEngine) -> ExecutionPayload: | |||
| if not is_merge_complete(state): | |||
| pow_block = get_pow_chain_head() | |||
There was a problem hiding this comment.
This is making an assumption that the execution-engine is rejecting blocks past valid terminal PoW blocks, otherwise (if for example a child is the head past the terminal pow block) this function might never see is_valid_terminal_pow_block as true.
I'm not certain if this should be noted here, but if we keep the semantics of get_pow_chain_head it must be a hard requiremnt somewhere in the spec that the PoW chain rejects beyond terminal difficulty. Otherwise you'd have to do get_pow_chain_at_difficulty(terminal_difficulty) -> Union[Block, None] if this is not a strict requirement under the hood
There was a problem hiding this comment.
This is making an assumption that the execution-engine is rejecting blocks past valid terminal PoW blocks
That was the intention. The execution-layer must have a hard requirement on not importing PoW blocks beyond the terminal one which implies that the head won't move beyond the terminal PoW block. However, I do see the value in getting rid of this assumption on the beacon chain side.
Otherwise you'd have to do get_pow_chain_at_difficulty(terminal_difficulty) -> Union[Block, None]
Looks reasonable and this function may be implemented without the corresponding query to the execution client. Beacon chain client may follow the PoW chain in the same fashion as it does in order to obtain Eth1Data and filter the PoW block tree to get terminal PoW block.
|
In the most recent change there was a conflict between Not sure which one is better and leaving it up you, cc @djrtwo @protolambda @hwwhww |
|
@mkalinin (Sorry, I just saw it!)
For this case, we can use Python typing |
Thanks a lot for directions. Fixed! |
What's done
Execution client must stop importing PoW blocks beyond the terminal PoW block. This PR introduces the corresponding change to this requirement.
Rationale
Suppose the beacon chain client goes offline before
transition_total_difficultyhas been reached and stays offline while the network meets this threshold. This may happen either due to misconfiguration or software bug and results in the inability of the execution client to switch to the proof-of-stake and is following the wrong chain. Stopping block import after terminal PoW block would prevent potential security issues in this case.Credits to @dankrad who made this point during Eth2 Call 68.