pre-emptive duplicate validator detection heuristic

Author: tersec

beacon_chain/conf.nim

@@ -231,6 +231,11 @@ type
         desc: "Write SSZ dumps of blocks, attestations and states to data dir"
         name: "dump" }: bool
 
+      selfSlashingDetectionEpochs* {.
+        defaultValue: 2
+        desc: "Number of epochs of gossip to which to listen before broadcasting"
+        name: "self-slashing-detection-epochs" }: uint64
+
     of createTestnet:
       testnetDepositsFile* {.
         desc: "A LaunchPad deposits file for the genesis state validators"

beacon_chain/eth2_processor.nim

@@ -4,7 +4,7 @@ import
   chronicles, chronicles/chronos_tools, chronos, metrics,
   ./spec/[crypto, datatypes, digest],
   ./block_pools/[clearance, chain_dag],
-  ./attestation_aggregation, ./exit_pool,
+  ./attestation_aggregation, ./exit_pool, ./validator_pool,
   ./beacon_node_types, ./attestation_pool,
   ./time, ./conf, ./sszdump
 
@@ -62,12 +62,15 @@ type
     chainDag*: ChainDAGRef
     attestationPool*: ref AttestationPool
     exitPool: ref ExitPool
+    validatorPool: ref ValidatorPool
     quarantine*: QuarantineRef
 
     blocksQueue*: AsyncQueue[BlockEntry]
     attestationsQueue*: AsyncQueue[AttestationEntry]
     aggregatesQueue*: AsyncQueue[AggregateEntry]
 
+    selfSlashingDetection*: SelfSlashingDetection
+
 proc updateHead*(self: var Eth2Processor, wallSlot: Slot) =
   ## Trigger fork choice and returns the new head block.
   ## Can return `nil`
@@ -285,6 +288,34 @@ proc blockValidator*(
 
   ValidationResult.Accept
 
+proc checkForPotentialSelfSlashing(
+    self: var Eth2Processor, attestationData: AttestationData,
+    attesterIndices: HashSet[ValidatorIndex], wallSlot: Slot) =
+  # Attestations remain valid for 32 slots, so avoid confusing with one's own
+  # reflections, for a ATTESTATION_PROPAGATION_SLOT_RANGE div SLOTS_PER_EPOCH
+  # period after the attestation slot. For mainnet this can be one additional
+  # epoch, and for minimal, four epochs.
+  const GUARD_EPOCHS = ATTESTATION_PROPAGATION_SLOT_RANGE div SLOTS_PER_EPOCH
+
+  let epoch = wallSlot.epoch
+  # Can skip this whole conditional by setting relevant config value to 0
+  if epoch < self.selfSlashingDetection.broadcastStartEpoch and
+      epoch >= self.selfSlashingDetection.probeEpoch and
+      epoch <= self.selfSlashingDetection.probeEpoch + GUARD_EPOCHS:
+    let tgtBlck = self.chainDag.getRef(attestationData.target.root)
+    doAssert not tgtBlck.isNil  # because attestation is valid above
+
+    let epochRef = self.chainDag.getEpochRef(
+      tgtBlck, attestationData.target.epoch)
+    for validatorIndex in attesterIndices:
+      let validatorPubkey = epochRef.validator_keys[validatorIndex]
+      if self.validatorPool[].getValidator(validatorPubkey) !=
+          default(AttachedValidator):
+        notice "Found another validator using same public key; would be slashed",
+          validatorIndex,
+          validatorPubkey
+        quit 1
+
 proc attestationValidator*(
     self: var Eth2Processor,
     attestation: Attestation,
@@ -315,6 +346,8 @@ proc attestationValidator*(
   beacon_attestations_received.inc()
   beacon_attestation_delay.observe(delay.toFloatSeconds())
 
+  self.checkForPotentialSelfSlashing(attestation.data, v.value, wallSlot)
+
   while self.attestationsQueue.full():
     let dropped = self.attestationsQueue.popFirst()
     doAssert dropped.finished, "popFirst sanity"
@@ -358,6 +391,9 @@ proc aggregateValidator*(
   beacon_aggregates_received.inc()
   beacon_aggregate_delay.observe(delay.toFloatSeconds())
 
+  self.checkForPotentialSelfSlashing(
+    signedAggregateAndProof.message.aggregate.data, v.value, wallSlot)
+
   while self.aggregatesQueue.full():
     let dropped = self.aggregatesQueue.popFirst()
     doAssert dropped.finished, "popFirst sanity"
@@ -453,6 +489,7 @@ proc new*(T: type Eth2Processor,
           chainDag: ChainDAGRef,
           attestationPool: ref AttestationPool,
           exitPool: ref ExitPool,
+          validatorPool: ref ValidatorPool,
           quarantine: QuarantineRef,
           getWallTime: GetWallTimeFn): ref Eth2Processor =
   (ref Eth2Processor)(
@@ -461,6 +498,7 @@ proc new*(T: type Eth2Processor,
     chainDag: chainDag,
     attestationPool: attestationPool,
     exitPool: exitPool,
+    validatorPool: validatorPool,
     quarantine: quarantine,
     blocksQueue: newAsyncQueue[BlockEntry](1),
     aggregatesQueue: newAsyncQueue[AggregateEntry](MAX_ATTESTATIONS.int),

beacon_chain/nimbus_beacon_node.nim

@@ -288,7 +288,8 @@ proc init*(T: type BeaconNode,
   proc getWallTime(): BeaconTime = res.beaconClock.now()
 
   res.processor = Eth2Processor.new(
-    conf, chainDag, attestationPool, exitPool, quarantine, getWallTime)
+    conf, chainDag, attestationPool, exitPool, newClone(res.attachedValidators),
+    quarantine, getWallTime)
 
   res.requestManager = RequestManager.init(
     network, res.processor.blocksQueue)
@@ -449,6 +450,33 @@ proc removeMessageHandlers(node: BeaconNode): Future[void] =
 
   allFutures(unsubscriptions)
 
+proc setupSelfSlashingProtection(node: BeaconNode, slot: Slot) =
+  # When another client's already running, this is very likely to detect
+  # potential duplicate validators, which can trigger slashing. Assuming
+  # the most pessimal case of two validators started simultaneously, the
+  # probability of triggering a slashable condition is up to 1/n, with n
+  # being the number of epochs one waits before proposing or attesting.
+  #
+  # Every missed attestation costs approximately 3*get_base_reward(), which
+  # can be up to around 10,000 Wei. Thus, skipping attestations isn't cheap
+  # and one should gauge the likelihood of this simultaneous launch to tune
+  # the epoch delay to one's perceived risk.
+  #
+  # This approach catches both startup and network outage conditions.
+
+  node.processor.selfSlashingDetection.broadcastStartEpoch =
+    slot.epoch + node.config.selfSlashingDetectionEpochs
+  # randomize() already called
+  node.processor.selfSlashingDetection.probeEpoch =
+    slot.epoch + rand(node.config.selfSlashingDetectionEpochs.int - 1).uint64
+  doAssert node.processor.selfSlashingDetection.probeEpoch <
+    node.processor.selfSlashingDetection.broadcastStartEpoch
+
+  debug "Setting up self-slashing protection",
+    epoch = slot.epoch,
+    probeEpoch = node.processor.selfSlashingDetection.probeEpoch,
+    broadcastStartEpoch = node.processor.selfSlashingDetection.broadcastStartEpoch
+
 proc onSlotStart(node: BeaconNode, lastSlot, scheduledSlot: Slot) {.async.} =
   ## Called at the beginning of a slot - usually every slot, but sometimes might
   ## skip a few in case we're running late.
@@ -588,6 +616,7 @@ proc onSlotStart(node: BeaconNode, lastSlot, scheduledSlot: Slot) {.async.} =
       headSlot = node.chainDag.head.slot,
       syncQueueLen
 
+    node.setupSelfSlashingProtection(slot)
     await node.addMessageHandlers()
     doAssert node.getTopicSubscriptionEnabled()
   elif

beacon_chain/spec/datatypes.nim

@@ -460,6 +460,10 @@ type
     stabilitySubnet*: uint64
     stabilitySubnetExpirationEpoch*: Epoch
 
+  SelfSlashingDetection* = object
+    broadcastStartEpoch*: Epoch
+    probeEpoch*: Epoch
+
 func shortValidatorKey*(state: BeaconState, validatorIdx: int): string =
   ($state.validators[validatorIdx].pubkey)[0..7]
 

beacon_chain/validator_duties.nim

@@ -503,6 +503,18 @@ proc handleValidatorDuties*(node: BeaconNode, lastSlot, slot: Slot) {.async.} =
 
   var curSlot = lastSlot + 1
 
+  # In general, the default values of 0 are fine, since it will at most prevent
+  # from gossiping (proposing beacon blocks, attesting, etc) for epoch 0.
+  doAssert node.processor[].selfSlashingDetection.probeEpoch == 0 or (
+    node.processor[].selfSlashingDetection.probeEpoch <
+    node.processor[].selfSlashingDetection.broadcastStartEpoch)
+  if curSlot.epoch < node.processor[].selfSlashingDetection.broadcastStartEpoch and
+      curSlot.epoch != node.processor[].selfSlashingDetection.probeEpoch:
+    notice "Waiting to gossip out to detect potential duplicate validators",
+      broadcastStartEpoch = node.processor[].selfSlashingDetection.broadcastStartEpoch,
+      probeEpoch = node.processor[].selfSlashingDetection.probeEpoch
+    return
+
   # Start by checking if there's work we should have done in the past that we
   # can still meaningfully do
   while curSlot < slot: