Develop an option for detecting incorrect local clock

[zah]

The beacon node can use statistics regarding the observed messages in the network to detect with high-likelihood that the local clock is not set correctly. A special option --check-local-clock can turn this into a fatal error in order to make sure that the problem will be noticed.

[arnetheduck]

This option would be quite dangerous and should probably never shut down the node - ie it would open up for a remote exploit where nodes coordinate to send invalid messages and take someone offline

[arnetheduck]

fwiw, you will notice that attestations are not getting included if your clock is off by more than 500ms

[zah]

The attackers in the scenario you are describing will be other validators who will be withholding their regular duties in order to execute an attack? And the network will be populated by a majority of attackers able to skew the statistics?

Furthermore, I should have framed the description in more abstract terms. The suggestion is to introduce some kind of clock sanity check that is internal to the client. Advising users to configure clock synchronization on their systems is fine, but there will always be some setups where this hasn't been done for various reasons.