-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check for Signing Root Mismatch When Submitting Proposals and Importing Proposals in Slashing Interchange #8085
Check for Signing Root Mismatch When Submitting Proposals and Importing Proposals in Slashing Interchange #8085
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update the title? There are changes in the proposal logic rather than changes only in the import logic.
validator/client/propose_protect.go
Outdated
// If the signing root is nil, then we consider it slashable. If signing root is not nil, | ||
// we check if it is different than the incoming block's signing root. If that is the case, | ||
// we consider that proposal slashable. | ||
if exists && (prevSigningRoot == params.BeaconConfig().ZeroHash || prevSigningRoot != signingRoot) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we stop a proposal if a block proposal was already submitted?
Why allow another block to be proposed, even if it has exactly the same information?
Whatever benefit there is, I dont know if it's worth the risk of proposing a block when the validator has already proposed one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is totally allowed. The only slashable offense is if the signing root does not match but the slot matches
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also this is a test case for the EIP spec tests. We expect a block with same slot and same signing root to go through ok
@@ -84,66 +84,6 @@ func marshalAttestationData(data *ethpb.AttestationData) []byte { | |||
return enc | |||
} | |||
|
|||
func attestationRoot(hasher htrutils.HashFn, att *ethpb.Attestation) ([32]byte, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deep source was complaining of unused code
if err := v.preBlockSignValidations(ctx, pubKey, b, signingRoot); err != nil { | ||
log.WithFields( | ||
blockLogFields(pubKey, b, nil), | ||
).WithError(err).Error("Failed block slashing protection check") | ||
return | ||
} | ||
|
||
if err := v.postBlockSignUpdate(ctx, pubKey, blk, signingRoot); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe something for another PR, but these should just be merged into 1 method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, but out of scope. Will open an issue
"github.com/sirupsen/logrus" | ||
) | ||
|
||
var failedPreBlockSignLocalErr = "attempted to sign a double proposal, block rejected by local protection" | ||
var failedPreBlockSignExternalErr = "attempted a double proposal, block rejected by remote slashing protection" | ||
var failedPostBlockSignErr = "made a double proposal, considered slashable by remote slashing protection" | ||
|
||
func (v *validator) preBlockSignValidations(ctx context.Context, pubKey [48]byte, block *ethpb.BeaconBlock) error { | ||
func (v *validator) preBlockSignValidations( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, maybe for another PR. Would like some documentation on what this method does here.
* Change LowestSignedProposal to Also Return a Boolean for Slashing Protection (#8020) * amend to use bools * ineff assign * comment * Update `LowestSignedTargetEpoch` to include exists (#8004) * Replace highest with lowerest * Update validator/db/kv/attestation_history_v2.go Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Update validator/db/kv/attestation_history_v2.go Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Invert equality for saveLowestSourceTargetToDB * Add eip checks to ensure epochs cant be lower than db ones * Should be less than equal to * Check if epoch exists in DB getters * Revert run time checks Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Export Attesting History for Slashing Interchange Standard (#8027) * added in att history checks * logic for export * export return nil * test for export atts * round trip passes first try! * rem println * fix up tests * pass test * Validate Proposers Are Not Slashable With Regard to Data Within Slasher Interchange JSON (#8031) * filter slashable blocks and atts in same json stub * add filter blocks func * add test for filtering out the bad public keys * Export Slashing Protection History Via CLI (#8040) * include cli entrypoint for history exports * builds properly * test to confirm we export the data as expected * abstract helpers properly * full test suite * gaz * better errors * marshal ident * Add the additional eip-3076 attestation checks (#7966) * Replace highest with lowerest * Update validator/db/kv/attestation_history_v2.go Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Update validator/db/kv/attestation_history_v2.go Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Invert equality for saveLowestSourceTargetToDB * Add eip checks to ensure epochs cant be lower than db ones * Should be less than equal to * Check if epoch exists in DB getters Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Add EIP-3076 Invariants for Proposer Slashing Protection (#8067) * add invariant for proposer protection * write different test cases * pass tests * Add EIP-3076 Interchange JSON CLI command to validator (#7880) * Import JSON CLI * CLI impotr * f * Begin adding new commands in slashing protection * Move testing helpers to separate packae * Add command for importing slashing protection JSONs * fix import cycle * fix test * Undo cleaning changes * Improvements * Add better prompts * Fix prompt * Fix * Fix * Fix * Fix conflict * Fix * Fixes * Fixes * Fix exported func * test func * Fixes * fix test * simplify import and standardize with export * add round trip test * true integration test works * fix up comments * logrus * better error * fix build * build fix * Update validator/slashing-protection/cli_export.go Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> * Update validator/slashing-protection/cli_import.go Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> * fmt Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> * Filter Slashable Attester Public Keys in Slashing Interchange Import (#8051) * filter slashable attesters from the same JSON * builds * fix up initially broken test * circular dep * import fix * giz * added in attesting history package * add test for filter slashable attester keys * pass tests * Save Slashable Keys to Disk in the Validator Client (#8082) * begin db funcs * add in test and bucket * gaz * rem changes to import * ineff assign * add godoc * Properly Handle Duplicate Public Key Entries in Slashing Interchange Imports (#8089) * Prevent Blacklisted Public Keys from Slashing Protection Imports from Having Duties at Runtime (#8084) * tests on update duties * ensure the slashable public keys are filtered out from update duties via test * begin test * attempt test * rename for better context * pass tests * deep source * ensure tests pass * Check for Signing Root Mismatch When Submitting Proposals and Importing Proposals in Slashing Interchange (#8085) * flexible signing root * add test * add tests * fix test * Preston's comments * res tests * ensure we consider the case for minimum proposals * pass test * tests passing * rem unused code * Set Empty Epochs in Between Attestations as FAR_FUTURE_EPOCH in Attesting History (#8113) * set target data * all tests passing * ineff assign * signing root * Add Slashing Interchange, EIP-3076, Spec Tests to Prysm (#7858) * Add interchange test framework * add checks for attestations * Import genesis root if necessary * flexible signing root * add test * Sync * fix up test build * only 3 failing tests now * two failing * attempting to debug problems in conformity tests * include latest changes * protect test in validator/client passing * pass tests * imports * spec tests passing with bazel * gh archive link to spectests using tar.gz suffix * rev * rev more comment changes * fix sha * godoc * add back save Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Implement Migration for Unattested Epochs in Attesting History Database (#8121) * migrate attesting history backbone done * begin migration logic * implement migration logic * migration test * add test * migration logic * bazel * migration to its own file * Handle empty blocks and attestations in interchange json and sort interchange json by public key (#8132) * Handle empty blocks and attestations in interchange json * add test * sort json * easier empty arrays * pass test Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * builds * more tests finally build * Align Slashing Interchange With Optimized Slashing Protection (#8268) * attestation history should account for multiple targets per source * attempt at some fixes * attempt some test fixes * experimenting with sorting * only one more failing test * tests now pass * slash protect tests passing * only few tests now failing * only spec tests failing now * spec tests passing * all tests passing * helper function for verifying double votes * use helper * gaz * deep source * tests fixed * expect specific number of times for domain data calls * final comments * Batch Save Imported EIP-3076 Attestations (#8304) * optimize save * test added * add test for sad path Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * revert bad find replace * add comment to db func Co-authored-by: terence tsao <terence@prysmaticlabs.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> Co-authored-by: Shay Zluf <thezluf@gmail.com>
Part of #7813, this PR makes sure we check the following when importing proposals via slashing interchange:
Given signing roots are optional in the EIP standard, we behave as follows:
For a given block:
If we have a previous block with the same slot in our history:
If signing root is empty, we consider that proposer public key as slashable
If signing root is not empty , then we compare signing roots. If they are different,
then we consider that proposer public key as slashable.