FRC0051 Implementation Proposal #10793
Comments
|
@Stebalien Thanks for the write-up!
I think this part is fairly uncontroversial, safe, and easy to do. Regardless of the equivocation attack that motivated FRC-0051, let's do it.
I think what would be great is if this didn't have to be a sleep, but instead a timer that we check before submitting our block. I'd propose changing
There's some slight concern equivocating then becomes an attack on miners to slow them down, but I think overall this is better than 2 seconds of dead time. |
We can do that. Although, unless we have a way to interrupt tipset computation, long block execution times could be a bit of an issue. But that's not currently an issue. |
|
It might be worth splitting this into 2 issues: one for the chainstore changes in the Lotus node, and one for the changes relevant to the lotus-miner's block production process. Let's discuss this further in sync. |
(just a small nit for future that the triaging (trying to not saying the g word lolol) session last friady was a better place for discussing scope instead of sprint planning |
Sounds reasonable, would recommend using this as the epic issue that tracks both node/miner issue if we ended up splitting. |
|
For testing, should we deploy this to the long-term-lotus team ndoe (we need a name) and confirm it runs for 48hr? |
I'm gonna run this on my local node to confirm sync works, but I think the more notable test will be that miners still produce blocks well. Hoping TSE gang can help with that. |
|
#11104 implements the first half of this (the chainstore changes). |
|
@jennijuju ^Unlinking that PR because it won't close the issue |
|
So, even the first half of this proposal (the chainstore changes) are a bit harder than they appear. We need to consider the possibility that the weight of our current head can decrease because we need to evict blocks from our current head due to equivocation. This is a new problem. \ We can deal with this by:
|
|
The first half of this change has now landed in #11104. |
|
The second half of this change has been opened in #11157 |
Added by @arajasek
Implement https://github.com/filecoin-project/FIPs/blob/master/FRCs/frc-0051.md
Technical Breakdown
Development
Testing
created by @Stebalien
FRC0051 proposes rejecting equivocations. I.e., multiple blocks at the same height with the same ticket.
This was previously implemented in the sync engine but reverted in #10777 due to DoS and other issues.
Here, I propose that re-implementing this FRC, but inside the chainstore, re-using all the existing tipset tracking logic. Specifically, when we expand a tipset, we currently drop duplicate blocks from the same miner. Instead, we should drop all blocks at a given height from a miner if more than one block is produced (or drop all blocks if we see multiple blocks with the same ticket? I think these are equivalent).
However, to actually catch equivocations, we need a delay after we receive the last block in a tipset but before we create the block. Otherwise, an equivocating miner could send out multiple blocks to different miners at the last possible moment, right before the end of the propagation delay period.
Unfortunately, it looks like any reasonable solution will require modifying the block miner. But it sould be a simple modification. Basically:
Most of this logic should center around the waitFunc call in the miner.
Alternatively, we could (and probably should?) insert this sleep right after computing the proof. Effectively, we'd pass a "proposed" base tipset into
mineOne, then havemineOneprune the proposed tipset right before mining a block.In the future, we could even make
createBlockinterruptable.The text was updated successfully, but these errors were encountered: