Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Implement slashing protection interchange format #1544

Closed
wants to merge 7 commits into from
Closed

[Merged by Bors] - Implement slashing protection interchange format #1544

wants to merge 7 commits into from

Conversation

michaelsproul
Copy link
Member

@michaelsproul michaelsproul commented Aug 18, 2020
edited
Loading

Issue Addressed

Implements support for importing and exporting the slashing protection DB interchange format described here:

https://hackmd.io/@sproul/Bk0Y0qdGD

Also closes #1584

Proposed Changes

  • Support for serializing and deserializing the format
  • Support for importing and exporting Lighthouse's database
  • CLI commands to invoke import and export
  • Export to minimal format (required when a minimal format has been previously imported)
  • Tests for export to minimal (utilising mixed importing and attestation signing?)
  • Tests for import/export of complete format, and import of minimal format
  • Prevent attestations with sources less than our max source (Danny's suggestion). Required for the fake attestation that we put in for the minimal format to block attestations from source 0.
  • Add the concept of a "low watermark" for compatibility with the minimal format

Bonus!

  • A fix to a potentially nasty bug involving validators getting re-registered each time the validator client ran! Thankfully, the ordering of keys meant that the validator IDs used for attestations and blocks remained stable -- otherwise we could have had some slashings on our hands! 😱
  • Tests to confirm that this bug is indeed vanquished

@michaelsproul michaelsproul added work-in-progress PR is a work-in-progress val-client Relates to the validator client binary security labels Aug 18, 2020
@djrtwo
Copy link

djrtwo commented Aug 20, 2020

Are you implementing both formats from the doc? Or should teku instead just use the first format and just provide one stubbed message for attestations and blocks

@michaelsproul
Copy link
Member Author

@djrtwo Yeah I've already implemented both! I just need to write some tests and a CLI porcelain, but have been distracted by fixing some DB issues

@michaelsproul
Copy link
Member Author

I'm planning to try a different approach to importing the minimal format. Rather than filling the DB with fake blocks for every slot from 0 to last_signed_block_slot (which is really slow), I want to add the last signed block slot as a first-class entity in slashing protection, which we can set with one query. This would also allow us to prune the DB, although I might not implement that yet.

A similar low watermark for attestations will obsolete the need for the source >= max_source check on attestations, and the "clever" attestation import strategy with an attestation spanning 0->last_signed_attestation_target_epoch. I realised that this strategy was going to get even messier, because in addition to the attestation from 0->N which blocks i->j for i, j in [1..N], we need one with a source greater than 0 to block 0->j for j in 1..N that isn't mutually slashable with the 0->N one. I think there's a hacky way to do it with 2 attestations, but the low watermark really seems simpler and less error prone.

Glossary:

  • i->j is an attestation with source epoch i and target j

@wemeetagain wemeetagain mentioned this pull request Aug 28, 2020
Closed
@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch from 428304a to 6d77a3a Compare August 31, 2020 02:02
@michaelsproul michaelsproul mentioned this pull request Sep 3, 2020
Closed
15 tasks
@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch 2 times, most recently from f50c3a4 to 0be58dc Compare September 3, 2020 07:16
@michaelsproul michaelsproul mentioned this pull request Sep 5, 2020
Closed
@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch from 0be58dc to a49abeb Compare September 6, 2020 23:35
@michaelsproul michaelsproul marked this pull request as ready for review September 6, 2020 23:35
@michaelsproul
Copy link
Member Author

Blocked on #1588

bors bot pushed a commit that referenced this pull request Sep 7, 2020
@michaelsproul
Add serde_utils module with quoted u64 support (#1588)
74fa87a 
## Proposed Changes

This is an extraction of the quoted int code from #1569, that I've come to rely on for #1544.

It allows us to parse integers from serde strings in YAML, JSON, etc. The main differences from the code in Paul's original PR are:

* Added a submodule that makes quoting mandatory (`require_quotes`).
* Decoding is generic over the type `T` being decoded. You can use `#[serde(with = "serde_utils::quoted_u64::require_quotes")]` on `Epoch` and `Slot` fields (this is what I do in my slashing protection PR).

I've turned on quoting for `Epoch` and `Slot` in this PR, but will leave the other `types` changes to you Paul.

I opted to put everything in the `conseus/serde_utils` module so that BLS can use it without a circular dependency. In future when we want to publish `types` I think we could publish `serde_utils` as `lighthouse_serde_utils` or something. Open to other ideas on this front too.
@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch from a49abeb to 1701c1a Compare September 7, 2020 02:15
@michaelsproul michaelsproul added ready-for-review The code is ready for review and removed blocked work-in-progress PR is a work-in-progress labels Sep 7, 2020
@michaelsproul
Copy link
Member Author

This is ready for review!

There's one FIXME that depends on #1532, but that should be straight-forward to resolve once one of these PRs is merged.

@michaelsproul michaelsproul mentioned this pull request Sep 11, 2020
Closed
@michaelsproul michaelsproul added work-in-progress PR is a work-in-progress and removed ready-for-review The code is ready for review labels Sep 17, 2020
@michaelsproul
Copy link
Member Author

Marking this as WIP again, because it needs updating for v4 of the spec

@paulhauner paulhauner added the A1 label Sep 23, 2020
@michaelsproul michaelsproul changed the base branch from master to v0.3.0-staging September 28, 2020 06:20
@michaelsproul michaelsproul removed the work-in-progress PR is a work-in-progress label Sep 28, 2020
@michaelsproul
Copy link
Member Author

This is ready to roll again, just waiting on resolution of merge conflicts in #1532

@michaelsproul
Copy link
Member Author

This PR closes an A0 issue (#1584), but the fix is relatively well-contained in 1dbd537 if we want to cherry-pick it and merge it before reviewing+merging this PR.

@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch from 1dbd537 to f80fcb3 Compare September 29, 2020 02:15
@michaelsproul michaelsproul added ready-for-review The code is ready for review and removed blocked labels Sep 29, 2020
@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch from 60765fb to 86730f3 Compare September 30, 2020 04:11
@michaelsproul michaelsproul force-pushed the slashing-db-interchange branch from ce55656 to 07f93ba Compare October 1, 2020 01:24
@michaelsproul michaelsproul mentioned this pull request Oct 1, 2020
Closed
18 tasks
paulhauner
paulhauner requested changes Oct 1, 2020
View reviewed changes
Copy link
Member

@paulhauner paulhauner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Impressive, especially with all the test vectors and interop contribution!

I just have a few comments. I played around with it and it worked great, I had a couple of suggestions for logs that might reduce our support load.

account_manager/src/validator/slashing_protection.rs Show resolved Hide resolved
account_manager/src/validator/slashing_protection.rs Show resolved Hide resolved
validator_client/slashing_protection/src/slashing_database.rs Outdated Show resolved Hide resolved
account_manager/src/validator/slashing_protection.rs Show resolved Hide resolved
lighthouse/tests/account_manager.rs Outdated Show resolved Hide resolved
validator_client/slashing_protection/build.rs Show resolved Hide resolved
validator_client/slashing_protection/src/interchange.rs Show resolved Hide resolved
validator_client/slashing_protection/src/interchange.rs Show resolved Hide resolved
@michaelsproul
Copy link
Member Author

All comments addressed 🎉

paulhauner
paulhauner approved these changes Oct 2, 2020
View reviewed changes
Copy link
Member

@paulhauner paulhauner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved! 🎉

@michaelsproul
Copy link
Member Author

Thanks!

bors r+

bors bot pushed a commit that referenced this pull request Oct 2, 2020
@michaelsproul
Implement slashing protection interchange format (#1544)
1d278aa 
## Issue Addressed

Implements support for importing and exporting the slashing protection DB interchange format described here:

https://hackmd.io/@sproul/Bk0Y0qdGD

Also closes #1584 

## Proposed Changes

* [x] Support for serializing and deserializing the format
* [x] Support for importing and exporting Lighthouse's database
* [x] CLI commands to invoke import and export
* [x] Export to minimal format (required when a minimal format has been previously imported)
* [x] Tests for export to minimal (utilising mixed importing and attestation signing?)
* [x] Tests for import/export of complete format, and import of minimal format
* [x] ~~Prevent attestations with sources less than our max source (Danny's suggestion). Required for the fake attestation that we put in for the minimal format to block attestations from source 0.~~
* [x] Add the concept of a "low watermark" for compatibility with the minimal format

Bonus!

* [x] A fix to a potentially nasty bug involving validators getting re-registered each time the validator client ran! Thankfully, the ordering of keys meant that the validator IDs used for attestations and blocks remained stable -- otherwise we could have had some slashings on our hands! 😱
* [x] Tests to confirm that this bug is indeed vanquished
@bors
Copy link

bors bot commented Oct 2, 2020

Pull request successfully merged into v0.3.0-staging.

Build succeeded:

@bors bors bot changed the title Implement slashing protection interchange format [Merged by Bors] - Implement slashing protection interchange format Oct 2, 2020
@bors bors bot closed this Oct 2, 2020
@michaelsproul michaelsproul deleted the slashing-db-interchange branch October 2, 2020 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulhauner paulhauner paulhauner approved these changes

Assignees
No one assigned
Labels
ready-for-review The code is ready for review security val-client Relates to the validator client binary
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Register validators with slashing protection as they are created/imported
3 participants
@michaelsproul @djrtwo @paulhauner