mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2025-01-05 09:14:28 +00:00
1112e01c06
* `TestStore_GenesisValidatorsRoot_ReadAndWrite`: Make all test cases independents. In a test with multiple test cases, each test case should be independents. (aka: Removing test case `A` should not impact test case `B`) * `SaveGenesisValidatorsRoot`: Allow to overwrite the genesis validator root if the root is the same. * `ProposalHistoryForSlot`: Add `signingRootExists` Currently, it is not possible with `ProposalHistoryForSlot` to know if a proposal is stored with and `0x00000....` signing root or with an empty signing root. Both cases result to `proposalExists == true` and `signingRoot == 0x00000`. This commit adds a new return boolean: `signingRootExists`. If a proposal has been saved with a `0x00000...` signing root, then: - `proposalExists` is set to `true`, and - `signingRootExists` is set to `true`, and - `signingRoot` is set to `0x00000...` If a proposal has been saved with an empty signing root, then: - `proposalExists` is set to `true`, and - `signingRootExists` is set to `false`, and - (`signingRoot` is set to `0x00000...`) * `ImportStandardProtectionJSON`: When importing EIP-3076 Slashing Protection Interchange Format, do not filter any more slashable keys. Note: Those keys are still saved into the black-listed public keys list. There is two reason not to do so: - The EIP-3076 test cases do not know about Prysm's internal black-listed public keys list. Tests will expect, without looking into this internal black-listed public keys list, to deny a further signature. If we filter these keys from the DB (even if we keep them into the black-listed keys list), then some tests will fail. - If we import a interchange file containing slashable keys and we filter them, then, if we re-export the DB, those slashing offences won't appear in the exported interchange file. * `transformSignedBlocks`: Store an 0-len byte slice When importing an EIP-3076 interchange format, and when no signing root is specified into the file, we currently store a `0x00000.....` signing root. In such a case, instead storing `0x00000...`, this commit stores a 0-len byte array, so we can differentiate real `0x000.....` signing root and no signing-root at all. * `slashableProposalCheck`: Manage lack of sign root Currently, `slashableProposalCheck` does not really make a difference between a `0x0000.....` signing root and a missing signing root. (Signing roots can be missing when importing an EIP-3076 interchange file.) This commit differentiate, for `slashableProposalCheck`, `0x0000....` signing root and a missing signing root. * `AttestationRecord.SigningRoot`: ==> `[]byte` When importing attestations from EIP-3076 interchange format, the signing root of an attestation may be missing. Currently, Prysm consider any missing attestation signing root as `0x000...`. However, it may conflict with signing root which really are equal to `0x000...`. This commit transforms `AttestationRecord.SigningRoot` from `[32]byte` to `[]byte`, and change the minimal set of functions (sic) to support this new type. * `CheckSlashableAttestation`: Empty signing root Regarding slashing roots, 2 attestations are slashable, if: - both signing roots are defined and differs, or - one attestation exists, but without a signing root * `filterSlashablePubKeysFromAttestations`: Err sort Rergarding `CheckSlashableAttestation`, we consider that: - If slashable == NotSlashable and err != nil, then CheckSlashableAttestation failed. - If slashable != NotSlashable, then err contains the reason why the attestation is slashable. * `setupEIP3076SpecTests`: Update to `v5.3.0` This commit: - Updates the version of EIP-3076 tests to `v.5.2.1`. - Setups on anti-slashing DB per test case, instead per step. * `ImportStandardProtectionJSON`: Reduce cycl cmplxt * `AttestationHistoryForPubKey`: copy signing root BoltDB documentation specifies: | Byte slices returned from Bolt are only valid during a transaction. | Once the transaction has been committed or rolled back then the memory | they point to can be reused by a new page or can be unmapped | from virtual memory and you'll see an unexpected fault address panic | when accessing it.
101 lines
3.7 KiB
Go
101 lines
3.7 KiB
Go
package client
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/pkg/errors"
|
|
fieldparams "github.com/prysmaticlabs/prysm/v4/config/fieldparams"
|
|
"github.com/prysmaticlabs/prysm/v4/consensus-types/interfaces"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
var failedBlockSignLocalErr = "attempted to sign a double proposal, block rejected by local protection"
|
|
|
|
// slashableProposalCheck checks if a block proposal is slashable by comparing it with the
|
|
// block proposals history for the given public key in our DB. If it is not, we then update the history
|
|
// with new values and save it to the database.
|
|
func (v *validator) slashableProposalCheck(
|
|
ctx context.Context, pubKey [fieldparams.BLSPubkeyLength]byte, signedBlock interfaces.ReadOnlySignedBeaconBlock, signingRoot [32]byte,
|
|
) error {
|
|
fmtKey := fmt.Sprintf("%#x", pubKey[:])
|
|
|
|
blk := signedBlock.Block()
|
|
prevSigningRoot, proposalAtSlotExists, prevSigningRootExists, err := v.db.ProposalHistoryForSlot(ctx, pubKey, blk.Slot())
|
|
if err != nil {
|
|
if v.emitAccountMetrics {
|
|
ValidatorProposeFailVec.WithLabelValues(fmtKey).Inc()
|
|
}
|
|
return errors.Wrap(err, "failed to get proposal history")
|
|
}
|
|
|
|
lowestSignedProposalSlot, lowestProposalExists, err := v.db.LowestSignedProposal(ctx, pubKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Based on EIP-3076 - Condition 2
|
|
// -------------------------------
|
|
if lowestProposalExists {
|
|
// If the block slot is (strictly) less than the lowest signed proposal slot in the DB, we consider it slashable.
|
|
if blk.Slot() < lowestSignedProposalSlot {
|
|
return fmt.Errorf(
|
|
"could not sign block with slot < lowest signed slot in db, block slot: %d < lowest signed slot: %d",
|
|
blk.Slot(),
|
|
lowestSignedProposalSlot,
|
|
)
|
|
}
|
|
|
|
// If the block slot is equal to the lowest signed proposal slot and
|
|
// - condition1: there is no signed proposal in the DB for this slot, or
|
|
// - condition2: there is a signed proposal in the DB for this slot, but with no associated signing root, or
|
|
// - condition3: there is a signed proposal in the DB for this slot, but the signing root differs,
|
|
// ==> we consider it slashable.
|
|
condition1 := !proposalAtSlotExists
|
|
condition2 := proposalAtSlotExists && !prevSigningRootExists
|
|
condition3 := proposalAtSlotExists && prevSigningRootExists && prevSigningRoot != signingRoot
|
|
if blk.Slot() == lowestSignedProposalSlot && (condition1 || condition2 || condition3) {
|
|
return fmt.Errorf(
|
|
"could not sign block with slot == lowest signed slot in db if it is not a repeat signing, block slot: %d == slowest signed slot: %d",
|
|
blk.Slot(),
|
|
lowestSignedProposalSlot,
|
|
)
|
|
}
|
|
}
|
|
|
|
// Based on EIP-3076 - Condition 1
|
|
// -------------------------------
|
|
// If there is a signed proposal in the DB for this slot and
|
|
// - there is no associated signing root, or
|
|
// - the signing root differs,
|
|
// ==> we consider it slashable.
|
|
if proposalAtSlotExists && (!prevSigningRootExists || prevSigningRoot != signingRoot) {
|
|
if v.emitAccountMetrics {
|
|
ValidatorProposeFailVec.WithLabelValues(fmtKey).Inc()
|
|
}
|
|
return errors.New(failedBlockSignLocalErr)
|
|
}
|
|
|
|
// Save the proposal for this slot.
|
|
if err := v.db.SaveProposalHistoryForSlot(ctx, pubKey, blk.Slot(), signingRoot[:]); err != nil {
|
|
if v.emitAccountMetrics {
|
|
ValidatorProposeFailVec.WithLabelValues(fmtKey).Inc()
|
|
}
|
|
return errors.Wrap(err, "failed to save updated proposal history")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func blockLogFields(pubKey [fieldparams.BLSPubkeyLength]byte, blk interfaces.ReadOnlyBeaconBlock, sig []byte) logrus.Fields {
|
|
fields := logrus.Fields{
|
|
"proposerPublicKey": fmt.Sprintf("%#x", pubKey),
|
|
"proposerIndex": blk.ProposerIndex(),
|
|
"blockSlot": blk.Slot(),
|
|
}
|
|
if sig != nil {
|
|
fields["signature"] = fmt.Sprintf("%#x", sig)
|
|
}
|
|
return fields
|
|
}
|