ssv
ssv copied to clipboard
SSV Nodes can be taken down via a duplicate operator registration.
Describe the bug SSV allows re-registration of already registered operator pubkeys and removes Validator shares on the original node when the "impersonated" operator gets removed again. This shouldn't be possible as it allows me to take down any node operator at no cost.
That way I've accidentally killed BloxStaking3 during testing yesterday.
To Reproduce Steps to reproduce the behavior:
- Call registerOperator with an already registered pubkey (eg. https://goerli.etherscan.io/tx/0xe71338daa195b06144ca3c5446a8f8ae04613ab337195450089be91f0bc88cdf )
- Call removeOperator with the id of the new operator that was just created (eg. https://goerli.etherscan.io/tx/0x6300fbe82fef5fe36dba40fc32a8bfca67e17aa31ce1ecb8f65cfa895df97e5d )
Expected behavior The original node operator should be unaffected by all this. (Actually the operator registration should fail as the pubkey is already registered)
Actual behavior The original node operator (BloxStaking3 in my example) stopped working on attestations and is unavailable since my removeOperator transaction.
Additional context I've done the same to my own node for verification of the issue. My node immediately stopped working after the removeOperator transaction and prints the following lines to the log:
2022-10-13T01:45:24.001517Z WARN duties/controller.go:126 could not find validator {"app": "SSV-Node:v0.3.2", "committee_index": 18, "current slot": 4093127, "slot": 4093127, "epoch": 127910, "pubKey": "887c412218c44f07e2c55434eb98e4fcf9e05a042ea8faf0562588417cd5c6fdc47a8da9308536cfbd92494619b8ee4a", "start_time": "2022-10-13T01:45:24.000000Z"}
2022-10-13T01:45:28.583803Z WARN worker/message_worker.go:138 could not handle message {"app": "SSV-Node:v0.3.2", "who": "messageWorker", "error": "could not find validator [887c412218c44f07e2c55434eb98e4fcf9e05a042ea8faf0562588417cd5c6fdc47a8da9308536cfbd92494619b8ee4a]", "errorVerbose": "could not find validator [887c412218c44f07e2c55434eb98e4fcf9e05a042ea8faf0562588417cd5c6fdc47a8da9308536cfbd92494619b8ee4a]\ngithub.com/bloxapp/ssv/operator/validator.(*controller).handleWorkerMessages\n\t/go/src/github.com/bloxapp/ssv/operator/validator/controller.go:312\ngithub.com/bloxapp/ssv/protocol/v1/queue/worker.(*Worker).process\n\t/go/src/github.com/bloxapp/ssv/protocol/v1/queue/worker/message_worker.go:136\ngithub.com/bloxapp/ssv/protocol/v1/queue/worker.(*Worker).startWorker\n\t/go/src/github.com/bloxapp/ssv/protocol/v1/queue/worker/message_worker.go:93\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1581"}
2022-10-13T01:45:28.632446Z WARN worker/message_worker.go:138 could not handle message {"app": "SSV-Node:v0.3.2", "who": "messageWorker", "error": "could not find validator [887c412218c44f07e2c55434eb98e4fcf9e05a042ea8faf0562588417cd5c6fdc47a8da9308536cfbd92494619b8ee4a]", "errorVerbose": "could not find validator [887c412218c44f07e2c55434eb98e4fcf9e05a042ea8faf0562588417cd5c6fdc47a8da9308536cfbd92494619b8ee4a]\ngithub.com/bloxapp/ssv/operator/validator.(*controller).handleWorkerMessages\n\t/go/src/github.com/bloxapp/ssv/operator/validator/controller.go:312\ngithub.com/bloxapp/ssv/protocol/v1/queue/worker.(*Worker).process\n\t/go/src/github.com/bloxapp/ssv/protocol/v1/queue/worker/message_worker.go:136\ngithub.com/bloxapp/ssv/protocol/v1/queue/worker.(*Worker).startWorker\n\t/go/src/github.com/bloxapp/ssv/protocol/v1/queue/worker/message_worker.go:93\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1581"}
I haven't been able to repair my node. It doesn't matter if I delete & recreate or reassign the validators, it doesn't work anymore.
I think I've found the problematic code: https://github.com/bloxapp/ssv/blob/d3ef4129a2242186cdcf852b77c1e6c40d38cd75/operator/validator/event_handler.go#L112-L126 The validator shares are accessed by pubkey, which was impersonated in my case. Then they're all removed.