interchain-security icon indicating copy to clipboard operation
interchain-security copied to clipboard
Published 6 months ago verified publisher icon cosmos

Malicious consumer can slash same validator for downtime multiple times

Open mpoke opened this issue 3 years ago • 4 comments

Problem

A malicious consumer could send multiple SlashPackets for the same validator for the same downtime infraction, which would result in that validator being slashed multiple times.

Closing criteria

Add logic on the provider that drops SlashPackets for downtime infraction for the same validator that were received from the same consumer without the validator having the chance to Unjail itself.

TODOs

  • [x] Labels have been added for issue
  • [x] Issue has been added to the ICS project

mpoke avatar Jan 03 '23 18:01 mpoke

Potential solution (from discussion with @smarshall-spitzbart):

  • Keep an outstandingDowntime bool per validator per consumer chain (the bool is not needed if it's false).
  • When receiving a SlashPacket for downtime, set outstandingDowntime to true.
  • When a validator Unjails itself, set outstandingDowntime to false.

As there is no Unjail hook in the SDK, we could either add one, or just check for newly bonded validators in the set of validator updates received from staking.

mpoke avatar Jan 03 '23 18:01 mpoke

Isn't it a duplicate of #417?

sainoe avatar Mar 08 '23 09:03 sainoe

Isn't it a duplicate of #417?

It may be. Could you please converge them into a single issue?

mpoke avatar Mar 13 '23 13:03 mpoke

Indeed it was a duplicate issue, thanks @sainoe

shaspitz avatar Mar 13 '23 16:03 shaspitz

Closing as a malicious consumer chain could always jail an opted in validator without that validator actually being down.

mpoke avatar Sep 17 '24 10:09 mpoke