You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a validator unjails themselves, they do not have signed_valsets_window blocks to submit signatures because they are held accountable for validator sets created while they were jailed. Furthermore, you cannot submit signatures while you are jailed, so it's not possible for them to catch up and then unjail themselves.
Possible solution 1:
Allow jailed validators to submit valset signatures.
The problem with this is that we need to give validators the caveat that they need to catch up on signing before unjailing themselves. This is an unacceptable mental load for most validators.
Possible solution 2:
Forgive jailed validators for any valsets they missed while they were jailed
Proof that this is not exploitable by someone jailing and unjailing themselves repeatedly or something will be provided by Justin in the comments below.
There could be other issues that Justin will explore further in another documents.
The text was updated successfully, but these errors were encountered:
So we can't forgive the validator for any validator sets that where created while they where jailed. At least not without creating another slashing condition to deal with the fallout.
Imagine a scenario where we have two validators, each has 32% of the stake and they leave the validator set in back to back blocks. This is perfectly allowed by tendermint.
Neither of them sign any additional validator sets and simply rejoin fully forgiven after the jail period is up
After they both left an essential validator set was created, since they where forgiven and didn't have to sign that validator set control of the bridge is lost.
After considering this it seems to be that solution 1 is viable and easy to implement (write some docs and a minor edit to submit valset signatures) so we should at least do that one for now.
When a validator unjails themselves, they do not have
signed_valsets_window
blocks to submit signatures because they are held accountable for validator sets created while they were jailed. Furthermore, you cannot submit signatures while you are jailed, so it's not possible for them to catch up and then unjail themselves.Possible solution 1:
Possible solution 2:
The text was updated successfully, but these errors were encountered: