cerc-io/lighthouse
16
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Fix gossip verification of duplicate attester slashings (#5385)

Browse Source 
* Fix gossip verification of duplicate attester slashings
This commit is contained in:
Michael Sproul 2024-03-21 07:47:38 +11:00 committed by GitHub
parent f33ce8cc34
commit 65a6118c53
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 208 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
beacon_node/beacon_chain/src/beacon_chain.rs
View File

@ -413,14 +413,14 @@ pub struct BeaconChain<T: BeaconChainTypes> {
/// Maintains a record of slashable message seen over the gossip network or RPC. /// Maintains a record of slashable message seen over the gossip network or RPC.
pub observed_slashable: RwLock<ObservedSlashable<T::EthSpec>>, pub observed_slashable: RwLock<ObservedSlashable<T::EthSpec>>,
/// Maintains a record of which validators have submitted voluntary exits. /// Maintains a record of which validators have submitted voluntary exits.
pub(crate) observed_voluntary_exits: Mutex<ObservedOperations<SignedVoluntaryExit, T::EthSpec>>, pub observed_voluntary_exits: Mutex<ObservedOperations<SignedVoluntaryExit, T::EthSpec>>,
/// Maintains a record of which validators we've seen proposer slashings for. /// Maintains a record of which validators we've seen proposer slashings for.
pub(crate) observed_proposer_slashings: Mutex<ObservedOperations<ProposerSlashing, T::EthSpec>>, pub observed_proposer_slashings: Mutex<ObservedOperations<ProposerSlashing, T::EthSpec>>,
/// Maintains a record of which validators we've seen attester slashings for. /// Maintains a record of which validators we've seen attester slashings for.
pub(crate) observed_attester_slashings: pub observed_attester_slashings:
Mutex<ObservedOperations<AttesterSlashing<T::EthSpec>, T::EthSpec>>, Mutex<ObservedOperations<AttesterSlashing<T::EthSpec>, T::EthSpec>>,
/// Maintains a record of which validators we've seen BLS to execution changes for. /// Maintains a record of which validators we've seen BLS to execution changes for.
pub(crate) observed_bls_to_execution_changes: pub observed_bls_to_execution_changes:
Mutex<ObservedOperations<SignedBlsToExecutionChange, T::EthSpec>>, Mutex<ObservedOperations<SignedBlsToExecutionChange, T::EthSpec>>,
/// Provides information from the Ethereum 1 (PoW) chain. /// Provides information from the Ethereum 1 (PoW) chain.
pub eth1_chain: Option<Eth1Chain<T::Eth1Chain, T::EthSpec>>, pub eth1_chain: Option<Eth1Chain<T::Eth1Chain, T::EthSpec>>,

5
beacon_node/beacon_chain/src/observed_operations.rs
View File

@ -153,6 +153,11 @@ impl<T: ObservableOperation<E>, E: EthSpec> ObservedOperations<T, E> {
self.current_fork = head_fork; self.current_fork = head_fork;
} }
} }
/// Reset the cache. MUST ONLY BE USED IN TESTS.
pub fn __reset_for_testing_only(&mut self) {
self.observed_validator_indices.clear();
}
} }
impl<T: ObservableOperation<E> + VerifyOperationAt<E>, E: EthSpec> ObservedOperations<T, E> { impl<T: ObservableOperation<E> + VerifyOperationAt<E>, E: EthSpec> ObservedOperations<T, E> {

195
beacon_node/beacon_chain/tests/op_verification.rs
View File

@ -2,12 +2,18 @@
#![cfg(not(debug_assertions))] #![cfg(not(debug_assertions))]
use beacon_chain::observed_operations::ObservationOutcome; use beacon_chain::{
use beacon_chain::test_utils::{ observed_operations::ObservationOutcome,
test_spec, AttestationStrategy, BeaconChainHarness, BlockStrategy, DiskHarnessType, test_utils::{
test_spec, AttestationStrategy, BeaconChainHarness, BlockStrategy, DiskHarnessType,
},
BeaconChainError,
}; };
use lazy_static::lazy_static; use lazy_static::lazy_static;
use sloggers::{null::NullLoggerBuilder, Build}; use sloggers::{null::NullLoggerBuilder, Build};
use state_processing::per_block_processing::errors::{
AttesterSlashingInvalid, BlockOperationError, ExitInvalid, ProposerSlashingInvalid,
};
use std::sync::Arc; use std::sync::Arc;
use store::{LevelDB, StoreConfig}; use store::{LevelDB, StoreConfig};
use tempfile::{tempdir, TempDir}; use tempfile::{tempdir, TempDir};
@ -119,6 +125,75 @@ async fn voluntary_exit() {
)); ));
} }
#[tokio::test]
async fn voluntary_exit_duplicate_in_state() {
let db_path = tempdir().unwrap();
let store = get_store(&db_path);
let harness = get_harness(store.clone(), VALIDATOR_COUNT);
let spec = &harness.chain.spec;
harness
.extend_chain(
(E::slots_per_epoch() * (spec.shard_committee_period + 1)) as usize,
BlockStrategy::OnCanonicalHead,
AttestationStrategy::AllValidators,
)
.await;
harness.advance_slot();
// Exit a validator.
let exited_validator = 0;
let exit =
harness.make_voluntary_exit(exited_validator, Epoch::new(spec.shard_committee_period));
let ObservationOutcome::New(verified_exit) = harness
.chain
.verify_voluntary_exit_for_gossip(exit.clone())
.unwrap()
else {
panic!("exit should verify");
};
harness.chain.import_voluntary_exit(verified_exit);
// Make a new block to include the exit.
harness
.extend_chain(
1,
BlockStrategy::OnCanonicalHead,
AttestationStrategy::AllValidators,
)
.await;
// Verify validator is actually exited.
assert_ne!(
harness
.get_current_state()
.validators()
.get(exited_validator as usize)
.unwrap()
.exit_epoch,
spec.far_future_epoch
);
// Clear the in-memory gossip cache & try to verify the same exit on gossip.
// It should still fail because gossip verification should check the validator's `exit_epoch`
// field in the head state.
harness
.chain
.observed_voluntary_exits
.lock()
.__reset_for_testing_only();
assert!(matches!(
harness
.chain
.verify_voluntary_exit_for_gossip(exit)
.unwrap_err(),
BeaconChainError::ExitValidationError(BlockOperationError::Invalid(
ExitInvalid::AlreadyExited(index)
)) if index == exited_validator
));
}
#[test] #[test]
fn proposer_slashing() { fn proposer_slashing() {
let db_path = tempdir().unwrap(); let db_path = tempdir().unwrap();
@ -171,6 +246,63 @@ fn proposer_slashing() {
)); ));
} }
#[tokio::test]
async fn proposer_slashing_duplicate_in_state() {
let db_path = tempdir().unwrap();
let store = get_store(&db_path);
let harness = get_harness(store.clone(), VALIDATOR_COUNT);
// Slash a validator.
let slashed_validator = 0;
let slashing = harness.make_proposer_slashing(slashed_validator);
let ObservationOutcome::New(verified_slashing) = harness
.chain
.verify_proposer_slashing_for_gossip(slashing.clone())
.unwrap()
else {
panic!("slashing should verify");
};
harness.chain.import_proposer_slashing(verified_slashing);
// Make a new block to include the slashing.
harness
.extend_chain(
1,
BlockStrategy::OnCanonicalHead,
AttestationStrategy::AllValidators,
)
.await;
// Verify validator is actually slashed.
assert!(
harness
.get_current_state()
.validators()
.get(slashed_validator as usize)
.unwrap()
.slashed
);
// Clear the in-memory gossip cache & try to verify the same slashing on gossip.
// It should still fail because gossip verification should check the validator's `slashed` field
// in the head state.
harness
.chain
.observed_proposer_slashings
.lock()
.__reset_for_testing_only();
assert!(matches!(
harness
.chain
.verify_proposer_slashing_for_gossip(slashing)
.unwrap_err(),
BeaconChainError::ProposerSlashingValidationError(BlockOperationError::Invalid(
ProposerSlashingInvalid::ProposerNotSlashable(index)
)) if index == slashed_validator
));
}
#[test] #[test]
fn attester_slashing() { fn attester_slashing() {
let db_path = tempdir().unwrap(); let db_path = tempdir().unwrap();
@ -241,3 +373,60 @@ fn attester_slashing() {
ObservationOutcome::AlreadyKnown ObservationOutcome::AlreadyKnown
)); ));
} }
#[tokio::test]
async fn attester_slashing_duplicate_in_state() {
let db_path = tempdir().unwrap();
let store = get_store(&db_path);
let harness = get_harness(store.clone(), VALIDATOR_COUNT);
// Slash a validator.
let slashed_validator = 0;
let slashing = harness.make_attester_slashing(vec![slashed_validator]);
let ObservationOutcome::New(verified_slashing) = harness
.chain
.verify_attester_slashing_for_gossip(slashing.clone())
.unwrap()
else {
panic!("slashing should verify");
};
harness.chain.import_attester_slashing(verified_slashing);
// Make a new block to include the slashing.
harness
.extend_chain(
1,
BlockStrategy::OnCanonicalHead,
AttestationStrategy::AllValidators,
)
.await;
// Verify validator is actually slashed.
assert!(
harness
.get_current_state()
.validators()
.get(slashed_validator as usize)
.unwrap()
.slashed
);
// Clear the in-memory gossip cache & try to verify the same slashing on gossip.
// It should still fail because gossip verification should check the validator's `slashed` field
// in the head state.
harness
.chain
.observed_attester_slashings
.lock()
.__reset_for_testing_only();
assert!(matches!(
harness
.chain
.verify_attester_slashing_for_gossip(slashing)
.unwrap_err(),
BeaconChainError::AttesterSlashingValidationError(BlockOperationError::Invalid(
AttesterSlashingInvalid::NoSlashableIndices
))
));
}

6
consensus/state_processing/src/per_block_processing/process_operations.rs
View File

@ -231,11 +231,9 @@ pub fn process_attester_slashings<T: EthSpec>(
spec: &ChainSpec, spec: &ChainSpec,
) -> Result<(), BlockProcessingError> { ) -> Result<(), BlockProcessingError> {
for (i, attester_slashing) in attester_slashings.iter().enumerate() { for (i, attester_slashing) in attester_slashings.iter().enumerate() {
verify_attester_slashing(state, attester_slashing, verify_signatures, spec)
.map_err(|e| e.into_with_index(i))?;
let slashable_indices = let slashable_indices =
get_slashable_indices(state, attester_slashing).map_err(|e| e.into_with_index(i))?; verify_attester_slashing(state, attester_slashing, verify_signatures, spec)
.map_err(|e| e.into_with_index(i))?;
for i in slashable_indices { for i in slashable_indices {
slash_validator(state, i as usize, None, ctxt, spec)?; slash_validator(state, i as usize, None, ctxt, spec)?;

13
consensus/state_processing/src/per_block_processing/verify_attester_slashing.rs
View File

@ -13,16 +13,15 @@ fn error(reason: Invalid) -> BlockOperationError<Invalid> {
/// Indicates if an `AttesterSlashing` is valid to be included in a block in the current epoch of /// Indicates if an `AttesterSlashing` is valid to be included in a block in the current epoch of
/// the given state. /// the given state.
/// ///
/// Returns `Ok(())` if the `AttesterSlashing` is valid, otherwise indicates the reason for /// Returns `Ok(indices)` with `indices` being a non-empty vec of validator indices in ascending
/// order if the `AttesterSlashing` is valid. Otherwise returns `Err(e)` with the reason for
/// invalidity. /// invalidity.
///
/// Spec v0.12.1
pub fn verify_attester_slashing<T: EthSpec>( pub fn verify_attester_slashing<T: EthSpec>(
state: &BeaconState<T>, state: &BeaconState<T>,
attester_slashing: &AttesterSlashing<T>, attester_slashing: &AttesterSlashing<T>,
verify_signatures: VerifySignatures, verify_signatures: VerifySignatures,
spec: &ChainSpec, spec: &ChainSpec,
) -> Result<()> { ) -> Result<Vec<u64>> {
let attestation_1 = &attester_slashing.attestation_1; let attestation_1 = &attester_slashing.attestation_1;
let attestation_2 = &attester_slashing.attestation_2; let attestation_2 = &attester_slashing.attestation_2;
@ -38,14 +37,12 @@ pub fn verify_attester_slashing<T: EthSpec>(
is_valid_indexed_attestation(state, attestation_2, verify_signatures, spec) is_valid_indexed_attestation(state, attestation_2, verify_signatures, spec)
.map_err(|e| error(Invalid::IndexedAttestation2Invalid(e)))?; .map_err(|e| error(Invalid::IndexedAttestation2Invalid(e)))?;
Ok(()) get_slashable_indices(state, attester_slashing)
} }
/// For a given attester slashing, return the indices able to be slashed in ascending order. /// For a given attester slashing, return the indices able to be slashed in ascending order.
/// ///
/// Returns Ok(indices) if `indices.len() > 0`. /// Returns Ok(indices) if `indices.len() > 0`
///
/// Spec v0.12.1
pub fn get_slashable_indices<T: EthSpec>( pub fn get_slashable_indices<T: EthSpec>(
state: &BeaconState<T>, state: &BeaconState<T>,
attester_slashing: &AttesterSlashing<T>, attester_slashing: &AttesterSlashing<T>,