eip6110: Queue deposit requests and apply them during epoch processing

[mkalinin]

Description

Introduces majority of things described in #3689 (comment), specifically:

• Queues full deposit request objects and process them on the epoch processing, rate limits a number of deposit signature verifications per epoch by the max number of deposit requests allowed to be processed (MAX_PENDING_DEPOSITS_PER_EPOCH)
• Finalizes deposit request position in the queue before applying it to the state. The outcome is that no new validator is created before the corresponding deposit is finalized hence no fork aware (pubkey, index) cache is required.
• Eth1 bridge deposits are processed as before this change, the corresponding entry with the entire balance is created in the pending_deposits queue to ensure the deposit will pass through the activation churn.
• No deposit request is processed until Eth1 bridge covers the gap during the transition period. This prevents the scenario when deposit request can easily front-run the Eth1 bridge deposit because of the large follow distance and create validator with the same pubkey but malicious withdrawal credentials.
• Refactors process_pending_deposits by moving deposit applying to apply_pending_deposit

Other than the above, the logic of the previous process_pending_balance_deposits function remains.

Additionally, moves switch_to_compounding_validator to process_deposit_request. Removes switch_to_compounding_validator from the deposit flow in favour of #3918.

Points of discussion and open questions

• Due to refactor that facilitates spec reading there are two places where validatorIndex is looked up by the pubkey (process_pending_deposits and apply_pending_deposit functions), this happens for each pending deposit that is being processed. There is a less readable workaround where validatorIndex is resolved once, but I am not sure if it is necessary because client implementations are likely to use cache in both cases.
• MAX_PENDING_DEPOSITS_PER_EPOCH_PROCESSING is set to 16, should it be more? The activation churn is limited by 256 ETH which would mean 256 signature verifications in the worst case. The most optimal scenario of an attack resulting in 256 sig verifications would entail creation of 128 1-ETH validators (the first deposit would be to create a validator with eth1 creds, the second would be to switch the validator to compounding creds); it seems that employing such an attack is quite discouraging because it requires decent amount of ETH with no substantial gain. Should we even have this limitation if the churn could do the limit?
• This PR does not explore an optimisation with two queues that was discussed previously, it is planned to be a part of a separate PR once this PR gets merged.

Testing

Many thanks to @james-prysm for helping to write and adjust the tests!

• apply_pending_deposits checks
• Deposit transition period checks -- the logic has changed and part of it is in process_pending_deposit
• Repeat test_process_deposit_requests scenarious in application to process_pending_deposit
• Finalized deposit position check
• MAX_PENDING_DEPOSITS_PER_EPOCH_PROCESSING check
• Revisit test_process_pending_deposit (is_deposit_applied, is_churn_limit_reached etc)

Link to a more comprehensive test plan: https://hackmd.io/mqV7TaFyTq--vEMcB5msJw

Supersedes #3689

[dapplion]

From @mkalinin this line is motivated by

• Handle top-ups to exiting/exited validators #3776

[dapplion]

Why doesn't this condition validator.exit_epoch < FAR_FUTURE_EPOCH match

consensus-specs/specs/electra/beacon-chain.md

Lines 870 to 871 in 43e7344

	if get_current_epoch(state) <= validator.withdrawable_epoch:
	return False

[mkalinin]

The idea is to postpone deposit processing for an exiting validator until it has fully withdrawn. And then do the top-up without affecting WS period.

[james-prysm]

Due to refactor that facilitates spec reading there are two places where validatorIndex is looked up by the pubkey (get_activation_churn_consumption and apply_pending_deposit functions), this happens for each pending deposit that is being processed. There is a less readable workaround where validatorIndex is resolved once, but I am not sure if it is necessary because client implementations are likely to use cache in both cases.

does this mean that the cache should continue to be used as opposed to the previous pr that looked for its removal in #3689

reading through I think my question is answered. we need it based on this PR

[ppopth]

Can you use get_max_effective_balance instead? You can create an instance of Validator first and then call get_max_effective_balance.

[ppopth]

What is the consequence if I set this to state.slot instead?

[mkalinin]

Then the excess balance will wait for when state.slot is finalized before being applied even in the case when there is enough activation churn to let the balance in. The GENESIS_SLOT is used to bypass that finality check as that slot is always finalized

[ppopth]

I think we should define meaningful constants for both bls.G2_POINT_AT_INFINITY and GENESIS_SLOT. How about aliasing them as

• UNSET_SIGNATURE and
• UNSET_DEPOSIT_SLOT

By seeing only the point at infinity and the genesis slot, the readers wouldn't know what they mean.

[mkalinin]

I have put comments instead of aliasing those two. It is a bit difficult to incorporate the semantics into these constants in both cases

[jtraglia]

AIUI we would merge in #3918 which will simplify this PR a bit further
does this align with your understanding @mkalinin ?

yes, the plan is to wait for that PR and then merge this one

@mkalinin We've merged #3918. Any additional changes you'd like to make?

[jtraglia]

After merging in dev, the test_pending_consolidation_future_epoch test fails. I probably messed something up but it's not clear to me what is wrong. Do you know?

[mkalinin]

After merging in dev, the test_pending_consolidation_future_epoch test fails. I probably messed something up but it's not clear to me what is wrong. Do you know?

Fixed now (the change of this test from the dev wasn’t applied to this branch)

@mkalinin We've merged #3918. Any additional changes you'd like to make?

The corresponding changes were already made, so the PR is ready for review and merging into dev

[hwwhww]

is it needed?

[mkalinin]

Might be not as these methods are called from post electra tests only

[hwwhww]

is it needed?