lighthouse/validator_client/slashing_protection/src/signed_attestation.rs

use crate::{hash256_from_row, SigningRoot};
use types::{AttestationData, Epoch, Hash256, SignedRoot};

/// An attestation that has previously been signed.
#[derive(Clone, Debug, PartialEq)]
pub struct SignedAttestation {
    pub source_epoch: Epoch,
    pub target_epoch: Epoch,
    pub signing_root: SigningRoot,
}

/// Reasons why an attestation may be slashable (or invalid).
#[derive(PartialEq, Debug)]
pub enum InvalidAttestation {
    /// The attestation has the same target epoch as an attestation from the DB (enclosed).
    DoubleVote(SignedAttestation),
    /// The attestation surrounds an existing attestation from the database (`prev`).
    NewSurroundsPrev { prev: SignedAttestation },
    /// The attestation is surrounded by an existing attestation from the database (`prev`).
    PrevSurroundsNew { prev: SignedAttestation },
    /// The attestation is invalid because its source epoch is greater than its target epoch.
    SourceExceedsTarget,
    /// The attestation is invalid because its source epoch is less than the lower bound on source
    /// epochs for this validator.
    SourceLessThanLowerBound {
        source_epoch: Epoch,
        bound_epoch: Epoch,
    },
    /// The attestation is invalid because its target epoch is less than or equal to the lower
    /// bound on target epochs for this validator.
    TargetLessThanOrEqLowerBound {
        target_epoch: Epoch,
        bound_epoch: Epoch,
    },
}

impl SignedAttestation {
    pub fn new(source_epoch: Epoch, target_epoch: Epoch, signing_root: SigningRoot) -> Self {
        Self {
            source_epoch,
            target_epoch,
            signing_root,
        }
    }

    /// Create a `SignedAttestation` from attestation data and a domain.
    pub fn from_attestation(attestation: &AttestationData, domain: Hash256) -> Self {
        Self {
            source_epoch: attestation.source.epoch,
            target_epoch: attestation.target.epoch,
            signing_root: attestation.signing_root(domain).into(),
        }
    }

    /// Create a `SignedAttestation` from an SQLite row of `(source, target, signing_root)`.
    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
        let source = row.get(0)?;
        let target = row.get(1)?;
        let signing_root = hash256_from_row(2, row)?.into();
        Ok(SignedAttestation::new(source, target, signing_root))
    }
}
Refine and test slashing protection semantics (#1885) ## Issue Addressed Closes #1873 ## Proposed Changes Fixes the bug in slashing protection import (#1873) by pruning the database upon import. Also expands the test generator to cover this case and a few others which are under discussion here: https://ethereum-magicians.org/t/eip-3076-validator-client-interchange-format-slashing-protection/4883 ## Additional Info Depending on the outcome of the discussion on Eth Magicians, we can either wait for consensus before merging, or merge our preferred solution and patch things later. 2020-11-24 07:21:14 +00:00			`use crate::{hash256_from_row, SigningRoot};`
Implement Slashing Protection (#1116) * Implement slashing protection Roll-up of #588 with some conflicts resolved * WIP improvements * Require slot uniqueness for blocks (rather than epochs) * Native DB support for Slot and Epoch * Simplify surrounding/surrounded-by queries * Implement unified slashing protection database A single SQL database saves on open file descriptors. * Make slashing protection concurrency safe. Revive tests, add parallel tests. * Some simplifications * Auto-registration, test clean-ups * More tests, clean-ups, hardening * Fix comments in BLS * Optimise bulk validator registration * Delete outdated tests * Use bundled SQLite in slashing protection * Auto-register validators in simulation * Use real signing_root in slashing protection * Update book for --auto-register * Refine log messages and help flags * Correct typo in Cargo.toml authors * Fix merge conflicts * Safer error handling in sqlite slot/epoch * Address review comments * Add attestation test mutating block root Co-authored-by: pscott <scottpiriou@gmail.com> 2020-05-18 06:25:16 +00:00			`use types::{AttestationData, Epoch, Hash256, SignedRoot};`

			`/// An attestation that has previously been signed.`
			`#[derive(Clone, Debug, PartialEq)]`
			`pub struct SignedAttestation {`
			`pub source_epoch: Epoch,`
			`pub target_epoch: Epoch,`
Refine and test slashing protection semantics (#1885) ## Issue Addressed Closes #1873 ## Proposed Changes Fixes the bug in slashing protection import (#1873) by pruning the database upon import. Also expands the test generator to cover this case and a few others which are under discussion here: https://ethereum-magicians.org/t/eip-3076-validator-client-interchange-format-slashing-protection/4883 ## Additional Info Depending on the outcome of the discussion on Eth Magicians, we can either wait for consensus before merging, or merge our preferred solution and patch things later. 2020-11-24 07:21:14 +00:00			`pub signing_root: SigningRoot,`
Implement Slashing Protection (#1116) * Implement slashing protection Roll-up of #588 with some conflicts resolved * WIP improvements * Require slot uniqueness for blocks (rather than epochs) * Native DB support for Slot and Epoch * Simplify surrounding/surrounded-by queries * Implement unified slashing protection database A single SQL database saves on open file descriptors. * Make slashing protection concurrency safe. Revive tests, add parallel tests. * Some simplifications * Auto-registration, test clean-ups * More tests, clean-ups, hardening * Fix comments in BLS * Optimise bulk validator registration * Delete outdated tests * Use bundled SQLite in slashing protection * Auto-register validators in simulation * Use real signing_root in slashing protection * Update book for --auto-register * Refine log messages and help flags * Correct typo in Cargo.toml authors * Fix merge conflicts * Safer error handling in sqlite slot/epoch * Address review comments * Add attestation test mutating block root Co-authored-by: pscott <scottpiriou@gmail.com> 2020-05-18 06:25:16 +00:00			`}`

			`/// Reasons why an attestation may be slashable (or invalid).`
			`#[derive(PartialEq, Debug)]`
			`pub enum InvalidAttestation {`
			`/// The attestation has the same target epoch as an attestation from the DB (enclosed).`
			`DoubleVote(SignedAttestation),`
			/// The attestation surrounds an existing attestation from the database (`prev`).
			`NewSurroundsPrev { prev: SignedAttestation },`
			/// The attestation is surrounded by an existing attestation from the database (`prev`).
			`PrevSurroundsNew { prev: SignedAttestation },`
			`/// The attestation is invalid because its source epoch is greater than its target epoch.`
			`SourceExceedsTarget,`
Implement slashing protection interchange format (#1544) ## Issue Addressed Implements support for importing and exporting the slashing protection DB interchange format described here: https://hackmd.io/@sproul/Bk0Y0qdGD Also closes #1584 ## Proposed Changes * [x] Support for serializing and deserializing the format * [x] Support for importing and exporting Lighthouse's database * [x] CLI commands to invoke import and export * [x] Export to minimal format (required when a minimal format has been previously imported) * [x] Tests for export to minimal (utilising mixed importing and attestation signing?) * [x] Tests for import/export of complete format, and import of minimal format * [x] ~~Prevent attestations with sources less than our max source (Danny's suggestion). Required for the fake attestation that we put in for the minimal format to block attestations from source 0.~~ * [x] Add the concept of a "low watermark" for compatibility with the minimal format Bonus! * [x] A fix to a potentially nasty bug involving validators getting re-registered each time the validator client ran! Thankfully, the ordering of keys meant that the validator IDs used for attestations and blocks remained stable -- otherwise we could have had some slashings on our hands! :scream: * [x] Tests to confirm that this bug is indeed vanquished 2020-10-02 01:42:27 +00:00			`/// The attestation is invalid because its source epoch is less than the lower bound on source`
			`/// epochs for this validator.`
			`SourceLessThanLowerBound {`
			`source_epoch: Epoch,`
			`bound_epoch: Epoch,`
			`},`
			`/// The attestation is invalid because its target epoch is less than or equal to the lower`
			`/// bound on target epochs for this validator.`
			`TargetLessThanOrEqLowerBound {`
			`target_epoch: Epoch,`
			`bound_epoch: Epoch,`
			`},`
Implement Slashing Protection (#1116) * Implement slashing protection Roll-up of #588 with some conflicts resolved * WIP improvements * Require slot uniqueness for blocks (rather than epochs) * Native DB support for Slot and Epoch * Simplify surrounding/surrounded-by queries * Implement unified slashing protection database A single SQL database saves on open file descriptors. * Make slashing protection concurrency safe. Revive tests, add parallel tests. * Some simplifications * Auto-registration, test clean-ups * More tests, clean-ups, hardening * Fix comments in BLS * Optimise bulk validator registration * Delete outdated tests * Use bundled SQLite in slashing protection * Auto-register validators in simulation * Use real signing_root in slashing protection * Update book for --auto-register * Refine log messages and help flags * Correct typo in Cargo.toml authors * Fix merge conflicts * Safer error handling in sqlite slot/epoch * Address review comments * Add attestation test mutating block root Co-authored-by: pscott <scottpiriou@gmail.com> 2020-05-18 06:25:16 +00:00			`}`

			`impl SignedAttestation {`
Refine and test slashing protection semantics (#1885) ## Issue Addressed Closes #1873 ## Proposed Changes Fixes the bug in slashing protection import (#1873) by pruning the database upon import. Also expands the test generator to cover this case and a few others which are under discussion here: https://ethereum-magicians.org/t/eip-3076-validator-client-interchange-format-slashing-protection/4883 ## Additional Info Depending on the outcome of the discussion on Eth Magicians, we can either wait for consensus before merging, or merge our preferred solution and patch things later. 2020-11-24 07:21:14 +00:00			`pub fn new(source_epoch: Epoch, target_epoch: Epoch, signing_root: SigningRoot) -> Self {`
Implement Slashing Protection (#1116) * Implement slashing protection Roll-up of #588 with some conflicts resolved * WIP improvements * Require slot uniqueness for blocks (rather than epochs) * Native DB support for Slot and Epoch * Simplify surrounding/surrounded-by queries * Implement unified slashing protection database A single SQL database saves on open file descriptors. * Make slashing protection concurrency safe. Revive tests, add parallel tests. * Some simplifications * Auto-registration, test clean-ups * More tests, clean-ups, hardening * Fix comments in BLS * Optimise bulk validator registration * Delete outdated tests * Use bundled SQLite in slashing protection * Auto-register validators in simulation * Use real signing_root in slashing protection * Update book for --auto-register * Refine log messages and help flags * Correct typo in Cargo.toml authors * Fix merge conflicts * Safer error handling in sqlite slot/epoch * Address review comments * Add attestation test mutating block root Co-authored-by: pscott <scottpiriou@gmail.com> 2020-05-18 06:25:16 +00:00			`Self {`
			`source_epoch,`
			`target_epoch,`
			`signing_root,`
			`}`
			`}`

			/// Create a `SignedAttestation` from attestation data and a domain.
			`pub fn from_attestation(attestation: &AttestationData, domain: Hash256) -> Self {`
			`Self {`
			`source_epoch: attestation.source.epoch,`
			`target_epoch: attestation.target.epoch,`
Refine and test slashing protection semantics (#1885) ## Issue Addressed Closes #1873 ## Proposed Changes Fixes the bug in slashing protection import (#1873) by pruning the database upon import. Also expands the test generator to cover this case and a few others which are under discussion here: https://ethereum-magicians.org/t/eip-3076-validator-client-interchange-format-slashing-protection/4883 ## Additional Info Depending on the outcome of the discussion on Eth Magicians, we can either wait for consensus before merging, or merge our preferred solution and patch things later. 2020-11-24 07:21:14 +00:00			`signing_root: attestation.signing_root(domain).into(),`
Implement Slashing Protection (#1116) * Implement slashing protection Roll-up of #588 with some conflicts resolved * WIP improvements * Require slot uniqueness for blocks (rather than epochs) * Native DB support for Slot and Epoch * Simplify surrounding/surrounded-by queries * Implement unified slashing protection database A single SQL database saves on open file descriptors. * Make slashing protection concurrency safe. Revive tests, add parallel tests. * Some simplifications * Auto-registration, test clean-ups * More tests, clean-ups, hardening * Fix comments in BLS * Optimise bulk validator registration * Delete outdated tests * Use bundled SQLite in slashing protection * Auto-register validators in simulation * Use real signing_root in slashing protection * Update book for --auto-register * Refine log messages and help flags * Correct typo in Cargo.toml authors * Fix merge conflicts * Safer error handling in sqlite slot/epoch * Address review comments * Add attestation test mutating block root Co-authored-by: pscott <scottpiriou@gmail.com> 2020-05-18 06:25:16 +00:00			`}`
			`}`

			/// Create a `SignedAttestation` from an SQLite row of `(source, target, signing_root)`.
			`pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {`
			`let source = row.get(0)?;`
			`let target = row.get(1)?;`
Refine and test slashing protection semantics (#1885) ## Issue Addressed Closes #1873 ## Proposed Changes Fixes the bug in slashing protection import (#1873) by pruning the database upon import. Also expands the test generator to cover this case and a few others which are under discussion here: https://ethereum-magicians.org/t/eip-3076-validator-client-interchange-format-slashing-protection/4883 ## Additional Info Depending on the outcome of the discussion on Eth Magicians, we can either wait for consensus before merging, or merge our preferred solution and patch things later. 2020-11-24 07:21:14 +00:00			`let signing_root = hash256_from_row(2, row)?.into();`
Implement Slashing Protection (#1116) * Implement slashing protection Roll-up of #588 with some conflicts resolved * WIP improvements * Require slot uniqueness for blocks (rather than epochs) * Native DB support for Slot and Epoch * Simplify surrounding/surrounded-by queries * Implement unified slashing protection database A single SQL database saves on open file descriptors. * Make slashing protection concurrency safe. Revive tests, add parallel tests. * Some simplifications * Auto-registration, test clean-ups * More tests, clean-ups, hardening * Fix comments in BLS * Optimise bulk validator registration * Delete outdated tests * Use bundled SQLite in slashing protection * Auto-register validators in simulation * Use real signing_root in slashing protection * Update book for --auto-register * Refine log messages and help flags * Correct typo in Cargo.toml authors * Fix merge conflicts * Safer error handling in sqlite slot/epoch * Address review comments * Add attestation test mutating block root Co-authored-by: pscott <scottpiriou@gmail.com> 2020-05-18 06:25:16 +00:00			`Ok(SignedAttestation::new(source, target, signing_root))`
			`}`
			`}`