Send blocks that fail p2p validation to slasher (#6164)

* send blocks that fails validation to block feed for slasher. in order to enable slashing proposers

* add sig validation

* fix imports

* Update shared/featureconfig/config.go

Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>

* Update shared/featureconfig/config.go

Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>

* Update shared/featureconfig/flags.go

Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>

* remove extra validation path for slasher

* ivan feedback

* notify all blocks that pass minimal validation to block stream

* notify all blocks that pass minimal validation to block stream

* add to e2e flags

Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>
Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
This commit is contained in:
Shay Zluf 2020-06-10 20:24:05 +03:00 committed by GitHub
parent a9e3ea3ccc
commit f40a7575de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 53 additions and 11 deletions

View File

@ -11,6 +11,7 @@ import (
"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
"github.com/prysmaticlabs/prysm/beacon-chain/core/state/interop"
"github.com/prysmaticlabs/prysm/beacon-chain/state/stateutil"
"github.com/prysmaticlabs/prysm/shared/featureconfig"
)
func (r *Service) beaconBlockSubscriber(ctx context.Context, msg proto.Message) error {
@ -31,15 +32,16 @@ func (r *Service) beaconBlockSubscriber(ctx context.Context, msg proto.Message)
if err != nil {
return err
}
// Broadcast the block on a feed to notify other services in the beacon node
// of a received block (even if it does not process correctly through a state transition).
r.blockNotifier.BlockFeed().Send(&feed.Event{
Type: blockfeed.ReceivedBlock,
Data: &blockfeed.ReceivedBlockData{
SignedBlock: signed,
},
})
if !featureconfig.Get().SlasherP2P {
// Broadcast the block on a feed to notify other services in the beacon node
// of a received block (even if it does not process correctly through a state transition).
r.blockNotifier.BlockFeed().Send(&feed.Event{
Type: blockfeed.ReceivedBlock,
Data: &blockfeed.ReceivedBlockData{
SignedBlock: signed,
},
})
}
if err := r.chain.ReceiveBlockNoPubsub(ctx, signed, root); err != nil {
interop.WriteBlockToDisk(signed, true /*failed*/)

View File

@ -8,6 +8,8 @@ import (
pubsub "github.com/libp2p/go-libp2p-pubsub"
ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
"github.com/prysmaticlabs/prysm/beacon-chain/core/blocks"
"github.com/prysmaticlabs/prysm/beacon-chain/core/feed"
blockfeed "github.com/prysmaticlabs/prysm/beacon-chain/core/feed/block"
"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
"github.com/prysmaticlabs/prysm/beacon-chain/state/stateutil"
"github.com/prysmaticlabs/prysm/shared/bytesutil"
@ -54,10 +56,13 @@ func (r *Service) validateBeaconBlockPubSub(ctx context.Context, pid peer.ID, ms
if blk.Block == nil {
return pubsub.ValidationReject
}
hasSeen := false
// Verify the block is the first block received for the proposer for the slot.
if r.hasSeenBlockIndexSlot(blk.Block.Slot, blk.Block.ProposerIndex) {
return pubsub.ValidationIgnore
if !featureconfig.Get().SlasherP2P {
return pubsub.ValidationIgnore
}
hasSeen = true
}
blockRoot, err := stateutil.BlockRoot(blk.Block)
@ -75,6 +80,27 @@ func (r *Service) validateBeaconBlockPubSub(ctx context.Context, pid peer.ID, ms
}
r.pendingQueueLock.RUnlock()
// Send block to block stream for slasher detection after minimal validation.
if featureconfig.Get().SlasherP2P {
state, err := r.chain.HeadState(ctx)
if err != nil {
return pubsub.ValidationIgnore
}
if err := blocks.VerifyBlockSignature(state, blk); err != nil {
log.WithError(err).WithField("blockSlot", blk.Block.Slot).Warn("Could not verify block signature")
return pubsub.ValidationReject
}
r.blockNotifier.BlockFeed().Send(&feed.Event{
Type: blockfeed.ReceivedBlock,
Data: &blockfeed.ReceivedBlockData{
SignedBlock: blk,
},
})
}
if hasSeen {
return pubsub.ValidationReject
}
// Add metrics for block arrival time subtracts slot start time.
if captureArrivalTimeMetric(uint64(r.chain.GenesisTime().Unix()), blk.Block.Slot) != nil {
return pubsub.ValidationIgnore

View File

@ -45,6 +45,7 @@ type Flags struct {
ProtectProposer bool // ProtectProposer prevents the validator client from signing any proposals that would be considered a slashable offense.
ProtectAttester bool // ProtectAttester prevents the validator client from signing any attestations that would be considered a slashable offense.
SlasherProtection bool // SlasherProtection protects validator fron sending over a slashable offense over the network using external slasher.
SlasherP2P bool // SlasherP2P use less restrictive p2p validation for beacon nodes that have a connected slasher.
DisableStrictAttestationPubsubVerification bool // DisableStrictAttestationPubsubVerification will disabling strict signature verification in pubsub.
DisableUpdateHeadPerAttestation bool // DisableUpdateHeadPerAttestation will disabling update head on per attestation basis.
EnableDomainDataCache bool // EnableDomainDataCache caches validator calls to DomainData per epoch.
@ -223,6 +224,11 @@ func ConfigureBeaconChain(ctx *cli.Context) {
log.Warn("Enabling libp2p's kademlia discovery")
cfg.EnableKadDHT = true
}
if ctx.Bool(slasherP2P.Name) {
log.Warn("Enabled slasher-friendly P2P validation. Please do not use this flag if you are not running a slasher " +
"that connects to this beacon node!")
cfg.SlasherP2P = true
}
if ctx.IsSet(deprecatedP2PWhitelist.Name) {
log.Warnf("--%s is deprecated, please use --%s", deprecatedP2PWhitelist.Name, cmd.P2PAllowList.Name)
if err := ctx.Set(cmd.P2PAllowList.Name, ctx.String(deprecatedP2PWhitelist.Name)); err != nil {

View File

@ -165,6 +165,12 @@ var (
Name: "disable-init-sync-wrr",
Usage: "Disables weighted round robin fetching optimization",
}
// SlasherRPCProviderFlag defines a slasher node RPC endpoint.
slasherP2P = &cli.BoolFlag{
Name: "slasher-p2p",
Usage: "Use this flag to reduce block p2p validation in order for the slasher to receive any blocks" +
"the beacon node receives. Please only use if there is a slasher connected to this beacon node",
}
)
// devModeFlags holds list of flags that are set when development mode is on.
@ -531,6 +537,7 @@ var BeaconChainFlags = append(deprecatedFlags, []cli.Flag{
disableNewStateMgmt,
enableKadDht,
disableReduceAttesterStateCopy,
slasherP2P,
}...)
// E2EBeaconChainFlags contains a list of the beacon chain feature flags to be tested in E2E.
@ -538,4 +545,5 @@ var E2EBeaconChainFlags = []string{
"--cache-filtered-block-tree",
"--enable-state-gen-sig-verify",
"--check-head-state",
"--slasher-p2p",
}