pocket
pocket copied to clipboard
[Consensus] Penalize validators for double signing
Objective
Penalize validators that double-signed competing state transitions.
Origin Document
This was discussed during a core team protocol hour. Due to Pocket's application-specific stack, we can eliminate the need for Tendermint's Evidence in exchange for a simpler solution.
Some of the ideas discussed included looking at getQuorumCertificate
and shown in the comments below:
func (m *consensusModule) getQuorumCertificate(height uint64, step typesCons.HotstuffStep, round uint64) (*typesCons.QuorumCertificate, error) {
var pss []*typesCons.PartialSignature
for _, msg := range m.MessagePool[step] {
// ...
hasDoubleSign := /* pseudo-code: group by msg.SenderAddress + check for multiplicity > 1 */
if hasDoubleSign {
// Maybe: Send a message to award the validator who caught double sign
// Send message to slash the signer that did a double sign
}
// ...
return &typesCons.QuorumCertificate{
Height: m.Height,
Step: step,
Round: m.Round,
Block: m.Block,
ThresholdSignature: thresholdSig,
}, nil
}
Goals
- Identify how double signing can happen and how it should be handled in Pocket Network v1
- Identify other missing elements in the codebase that need to be accounted for in lieu of Tendermint's evidence
Deliverable
- [ ] Implementation that penalizes validators for double-signing state transitions
- [ ] Sufficient tests for the implementation above
- [ ] Add a new README explaining how double signing attacks are handled
- [ ] Update the appropriate CHANGELOG(s)
- [ ] Creating Github issues for subsequent work that is handled by Tendermint's evidence and is not done in Pocket network V1
Non-goals / Non-deliverables
- Reimplenting everything that
Evidence
does in Tendermint
Testing Methodology
- [ ] make target for a new set of tests
- [ ] All tests:
make test_all
- [ ] LocalNet: verify a
LocalNet
is still functioning correctly by following the instructions at docs/development/README.md
Creator: @Olshansk Co-Owners: @gokutheengineer