Expose functions to do preliminary slashing checks #7783
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaelsproul
added
val-client
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thiiiis one is a bit spicy:
Currently, the slashing database only exposes functions to atomically check slashability of an attestation/block and then insert the corresponding data into the database. As this is done atomically, we can fearlessly sign the thing as other threads will definitely see the inserted data.
In Anchor, we first decide with the SSV committee which attestation/block we should sign, and then create a partial signature and broadcast it. Until now, we did the slashing check-and-insert right before creating the partial signature, and will continue to do so. However, we want to be able to check whether a thing is slashable in the first step, in order to not decide on a invalid value and then sign nothing, as the the slashing check fails.
Basically, we want to move from:
flowchart LR A@{ shape: sm-circ, label: "Small start" } --> Z[Wait for block] Z --> B[Decide block] B --> C{Is safe?} C -->|Yes| D[Create partial sig] C -->|No| E[Sign nothing]to
flowchart LR A@{ shape: sm-circ, label: "Small start" } --> Z[Wait for block] Z --> C{"Is safe?<br>(check only)"} C -->|Yes| B[Decide block] C -->|No| Z B --> D{"Is safe?<br>(check and insert)"} D -->|Yes| H[Create partial sig] D -->|No| I[Sign nothing]For this, we need to expose check only functions in the slashing database. This introduces a way for the user of the slashing database to shoot themselves in the foot.