[Draft] Slash malevolent validators #294
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kayabaNerve
reviewed
May 26, 2023
kayabaNerve
reviewed
May 26, 2023
kayabaNerve
force-pushed
the
tm-slash
branch
3 times, most recently
from
04749ca
to
4700ac6
Compare
Also moves Evidence from Vec<Message> to (Message, Option<Message>). That should meet all requirements while being a bit safer.
One use of sort was inefficient, sorting unsigned || signed when unsigned was already properly sorted. Given how the unsigned TXs were given a nonce of 0, an unstable sort may swap places with an unsigned TX and a signed TX with a nonce of 0 (leading to a faulty block). The extra protection added here sorts signed, then concats.
empty_signature led to corrupted local state histories. Unfortunately, the API is only sane with a signature. We now use the actual signature, which risks creating a signature over a malicious message if we have ever have an invariant producing malicious messages. Prior, we only signed the message after the local machine confirmed it was okay per the local view of consensus. This is tolerated/preferred over a corrupt state history since production of such messages is already an invariant. TODOs are added to make handling of this theoretical invariant further robust.
There was no competition for resources forcing them to be run sequentially.
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a draft pr to slash validators with bad behavior. Comments and/or reviews are appreciated.
in tributary, tendermint is used for the consensus. And there are bunch of defined invalid or bad behaviors for validators that participate in the tendermint consensus algorithm. We slash those nodes to disincentive those behaviors.
In this case, once a node catches an invalid/bad behavior from another validator, it either sends an evidence for this bad behavior or a vote to slash the bad node. If an evidence provided and valid, it is solely enough to slash the node by the network participants even if other nodes didn't see this behavior. Once the evidence is on the chain, the bad node is slashed. If a vote is sent, then we wait vote from 2/3 of the nodes to slash the node.
For now following points are completed;