Test deposit top-up with inconsistent withdrawal credentials

scripts/phase0/build_spec.py

@@ -13,9 +13,17 @@ def build_phase0_spec(sourcefile, outfile):
     NewType,
     Tuple,
 )
-from eth2spec.utils.minimal_ssz import *
+from eth2spec.utils.minimal_ssz import (
+    SSZType,
+    hash_tree_root,
+    signing_root,
+)
 from eth2spec.utils.hash_function import hash
-from eth2spec.utils.bls import *
+from eth2spec.utils.bls import (
+    bls_aggregate_pubkeys,
+    bls_verify,
+    bls_verify_multiple,
+)
 
 
 # stub, will get overwritten by real var

specs/core/0_beacon-chain.md

@@ -17,7 +17,7 @@
         - [Initial values](#initial-values)
         - [Time parameters](#time-parameters)
         - [State list lengths](#state-list-lengths)
-        - [Reward and penalty quotients](#reward-and-penalty-quotients)
+        - [Rewards and penalties](#rewards-and-penalties)
         - [Max operations per block](#max-operations-per-block)
         - [Signature domains](#signature-domains)
     - [Data structures](#data-structures)
@@ -103,7 +103,7 @@
             - [Helper functions](#helper-functions-1)
             - [Justification and finalization](#justification-and-finalization)
             - [Crosslinks](#crosslinks)
-            - [Rewards and penalties](#rewards-and-penalties)
+            - [Rewards and penalties](#rewards-and-penalties-1)
             - [Registry updates](#registry-updates)
             - [Slashings](#slashings)
             - [Final updates](#final-updates)
@@ -220,17 +220,17 @@ These configurations are updated for releases, but may be out of sync during `de
 | `LATEST_ACTIVE_INDEX_ROOTS_LENGTH` | `2**13` (= 8,192) | epochs | ~36 days |
 | `LATEST_SLASHED_EXIT_LENGTH` | `2**13` (= 8,192) | epochs | ~36 days |
 
-### Reward and penalty quotients
+### Rewards and penalties
 
 | Name | Value |
 | - | - |
-| `BASE_REWARD_QUOTIENT` | `2**5` (= 32) |
+| `BASE_REWARD_FACTOR` | `2**5` (= 32) |
 | `WHISTLEBLOWING_REWARD_QUOTIENT` | `2**9` (= 512) |
 | `PROPOSER_REWARD_QUOTIENT` | `2**3` (= 8) |
 | `INACTIVITY_PENALTY_QUOTIENT` | `2**25` (= 33,554,432) |
 | `MIN_SLASHING_PENALTY_QUOTIENT` | `2**5` (= 32) |
 
-* **The `BASE_REWARD_QUOTIENT` is NOT final. Once all other protocol details are finalized, it will be adjusted to target a theoretical maximum total issuance of `2**21` ETH per year if `2**27` ETH is validating (and therefore `2**20` per year if `2**25` ETH is validating, etc.)**
+* **The `BASE_REWARD_FACTOR` is NOT final. Once all other protocol details are finalized, it will be adjusted to target a theoretical maximum total issuance of `2**21` ETH per year if `2**27` ETH is validating (and therefore `2**20` per year if `2**25` ETH is validating, etc.)**
 * The `INACTIVITY_PENALTY_QUOTIENT` equals `INVERSE_SQRT_E_DROP_TIME**2` where `INVERSE_SQRT_E_DROP_TIME := 2**12 epochs` (~18 days) is the time it takes the inactivity penalty to reduce the balance of non-participating [validators](#dfn-validator) to about `1/sqrt(e) ~= 60.6%`. Indeed, the balance retained by offline [validators](#dfn-validator) after `n` epochs is about `(1 - 1/INACTIVITY_PENALTY_QUOTIENT)**(n**2/2)` so after `INVERSE_SQRT_E_DROP_TIME` epochs it is roughly `(1 - 1/INACTIVITY_PENALTY_QUOTIENT)**(INACTIVITY_PENALTY_QUOTIENT/2) ~= 1/sqrt(e)`.
 
 ### Max operations per block
@@ -471,8 +471,6 @@ The types are defined topologically to aid in facilitating an executable version
 {
     # Branch in the deposit tree
     'proof': ['bytes32', DEPOSIT_CONTRACT_TREE_DEPTH],
-    # Index in the deposit tree
-    'index': 'uint64',
     # Data
     'data': DepositData,
 }
@@ -963,9 +961,9 @@ def bytes_to_int(data: bytes) -> int:
 ```python
 def get_total_balance(state: BeaconState, indices: List[ValidatorIndex]) -> Gwei:
     """
-    Return the combined effective balance of an array of ``validators``.
+    Return the combined effective balance of the ``indices``. (1 Gwei minimum to avoid divisions by zero.)
     """
-    return sum([state.validator_registry[index].effective_balance for index in indices])
+    return max(sum([state.validator_registry[index].effective_balance for index in indices]), 1)
 ```
 
 ### `get_domain`
@@ -1413,10 +1411,9 @@ def process_crosslinks(state: BeaconState) -> None:
 
 ```python
 def get_base_reward(state: BeaconState, index: ValidatorIndex) -> Gwei:
-    adjusted_quotient = integer_squareroot(get_total_active_balance(state)) // BASE_REWARD_QUOTIENT
-    if adjusted_quotient == 0:
-        return 0
-    return state.validator_registry[index].effective_balance // adjusted_quotient // BASE_REWARDS_PER_EPOCH
+    total_balance = get_total_active_balance(state)
+    effective_balance = state.validator_registry[index].effective_balance
+    return effective_balance * BASE_REWARD_FACTOR // integer_squareroot(total_balance) // BASE_REWARDS_PER_EPOCH
 ```
 
 ```python
@@ -1531,10 +1528,9 @@ def process_registry_updates(state: BeaconState) -> None:
 ```python
 def process_slashings(state: BeaconState) -> None:
     current_epoch = get_current_epoch(state)
-    active_validator_indices = get_active_validator_indices(state, current_epoch)
-    total_balance = get_total_balance(state, active_validator_indices)
+    total_balance = get_total_active_balance(state)
 
-    # Compute `total_penalties`
+    # Compute slashed balances in the current epoch
     total_at_start = state.latest_slashed_balances[(current_epoch + 1) % LATEST_SLASHED_EXIT_LENGTH]
     total_at_end = state.latest_slashed_balances[current_epoch % LATEST_SLASHED_EXIT_LENGTH]
     total_penalties = total_at_end - total_at_start
@@ -1763,20 +1759,20 @@ def process_deposit(state: BeaconState, deposit: Deposit) -> None:
         leaf=hash_tree_root(deposit.data),
         proof=deposit.proof,
         depth=DEPOSIT_CONTRACT_TREE_DEPTH,
-        index=deposit.index,
+        index=state.deposit_index,
         root=state.latest_eth1_data.deposit_root,
     )
 
     # Deposits must be processed in order
-    assert deposit.index == state.deposit_index
     state.deposit_index += 1
 
     pubkey = deposit.data.pubkey
     amount = deposit.data.amount
     validator_pubkeys = [v.pubkey for v in state.validator_registry]
     if pubkey not in validator_pubkeys:
         # Verify the deposit signature (proof of possession).
-        # Invalid signatures are allowed by the deposit contract, and hence included on-chain, but must not be processed.
+        # Invalid signatures are allowed by the deposit contract,
+        # and hence included on-chain, but must not be processed.
         # Note: deposits are valid across forks, hence the deposit domain is retrieved directly from `bls_domain`
         if not bls_verify(
             pubkey, signing_root(deposit.data), deposit.data.signature, bls_domain(DOMAIN_DEPOSIT)

specs/test_formats/README.md

@@ -35,7 +35,8 @@ Test formats:
 - [`bls`](./bls/README.md)
 - [`operations`](./operations/README.md)
 - [`shuffling`](./shuffling/README.md)
-- [`ssz`](./ssz/README.md)
+- [`ssz_generic`](./ssz_generic/README.md)
+- [`ssz_static`](./ssz_static/README.md)
 - More formats are planned, see tracking issues for CI/testing
 
 ## Glossary

test_libs/pyspec/eth2spec/test/block_processing/test_process_deposit.py

@@ -1,9 +1,13 @@
 import eth2spec.phase0.spec as spec
 from eth2spec.phase0.spec import process_deposit
 from eth2spec.test.context import spec_state_test, expect_assertion_error, always_bls
-from eth2spec.test.helpers.deposits import prepare_state_and_deposit, sign_deposit_data
+from eth2spec.test.helpers.deposits import (
+    build_deposit,
+    prepare_state_and_deposit,
+    sign_deposit_data,
+)
 from eth2spec.test.helpers.state import get_balance
-from eth2spec.test.helpers.keys import privkeys
+from eth2spec.test.helpers.keys import privkeys, pubkeys
 
 
 def run_deposit_processing(state, deposit, validator_index, valid=True, effective=True):
@@ -18,9 +22,6 @@ def run_deposit_processing(state, deposit, validator_index, valid=True, effectiv
     pre_balance = 0
     if validator_index < pre_validator_count:
         pre_balance = get_balance(state, validator_index)
-    else:
-        # if it is a new validator, it should be right at the end of the current registry.
-        assert validator_index == pre_validator_count
 
     yield 'pre', state
     yield 'deposit', deposit
@@ -93,6 +94,22 @@ def test_invalid_sig_top_up(state):
     yield from run_deposit_processing(state, deposit, validator_index, valid=True, effective=True)
 
 
+@spec_state_test
+def test_invalid_withdrawal_credentials_top_up(state):
+    validator_index = 0
+    amount = spec.MAX_EFFECTIVE_BALANCE // 4
+    withdrawal_credentials = spec.BLS_WITHDRAWAL_PREFIX_BYTE + spec.hash(b"junk")[1:]
+    deposit = prepare_state_and_deposit(
+        state,
+        validator_index,
+        amount,
+        withdrawal_credentials=withdrawal_credentials
+    )
+
+    # inconsistent withdrawal credentials, in top-ups, are allowed!
+    yield from run_deposit_processing(state, deposit, validator_index, valid=True, effective=True)
+
+
 @spec_state_test
 def test_wrong_index(state):
     validator_index = len(state.validator_registry)
@@ -107,6 +124,46 @@ def test_wrong_index(state):
     yield from run_deposit_processing(state, deposit, validator_index, valid=False)
 
 
+@spec_state_test
+def test_wrong_deposit_for_deposit_count(state):
+    deposit_data_leaves = [spec.ZERO_HASH] * len(state.validator_registry)
+
+    # build root for deposit_1
+    index_1 = len(deposit_data_leaves)
+    pubkey_1 = pubkeys[index_1]
+    privkey_1 = privkeys[index_1]
+    deposit_1, root_1, deposit_data_leaves = build_deposit(
+        state,
+        deposit_data_leaves,
+        pubkey_1,
+        privkey_1,
+        spec.MAX_EFFECTIVE_BALANCE,
+        withdrawal_credentials=b'\x00'*32,
+        signed=True,
+    )
+    deposit_count_1 = len(deposit_data_leaves)
+
+    # build root for deposit_2
+    index_2 = len(deposit_data_leaves)
+    pubkey_2 = pubkeys[index_2]
+    privkey_2 = privkeys[index_2]
+    deposit_2, root_2, deposit_data_leaves = build_deposit(
+        state,
+        deposit_data_leaves,
+        pubkey_2,
+        privkey_2,
+        spec.MAX_EFFECTIVE_BALANCE,
+        withdrawal_credentials=b'\x00'*32,
+        signed=True,
+    )
+
+    # state has root for deposit_2 but is at deposit_count for deposit_1
+    state.latest_eth1_data.deposit_root = root_2
+    state.latest_eth1_data.deposit_count = deposit_count_1
+
+    yield from run_deposit_processing(state, deposit_2, index_2, valid=False)
+
+
 # TODO: test invalid signature
 
 

test_libs/pyspec/eth2spec/test/block_processing/test_process_transfer.py

@@ -89,7 +89,7 @@ def test_invalid_signature(state):
     transfer = get_valid_transfer(state)
     # un-activate so validator can transfer
     state.validator_registry[transfer.sender].activation_eligibility_epoch = spec.FAR_FUTURE_EPOCH
-    
+
     yield from run_transfer_processing(state, transfer, False)
 
 
@@ -140,7 +140,13 @@ def test_insufficient_balance(state):
 def test_no_dust_sender(state):
     sender_index = get_active_validator_indices(state, get_current_epoch(state))[-1]
     balance = state.balances[sender_index]
-    transfer = get_valid_transfer(state, sender_index=sender_index, amount=balance - spec.MIN_DEPOSIT_AMOUNT + 1, fee=0, signed=True)
+    transfer = get_valid_transfer(
+        state,
+        sender_index=sender_index,
+        amount=balance - spec.MIN_DEPOSIT_AMOUNT + 1,
+        fee=0,
+        signed=True,
+    )
 
     # un-activate so validator can transfer
     state.validator_registry[transfer.sender].activation_epoch = spec.FAR_FUTURE_EPOCH

test_libs/pyspec/eth2spec/test/conftest.py

@@ -3,6 +3,7 @@
 # We import pytest only when it's present, i.e. when we are running tests.
 # The test-cases themselves can be generated without installing pytest.
 
+
 def module_exists(module_name):
     try:
         __import__(module_name)

test_libs/pyspec/eth2spec/test/helpers/block.py

@@ -77,4 +77,3 @@ def build_empty_block(state, slot=None, signed=False):
 
 def build_empty_block_for_next_slot(state, signed=False):
     return build_empty_block(state, state.slot + 1, signed=signed)
-

test_libs/pyspec/eth2spec/test/helpers/deposits.py

@@ -8,11 +8,10 @@
 from eth2spec.utils.minimal_ssz import signing_root
 
 
-def build_deposit_data(state, pubkey, privkey, amount, signed=False):
+def build_deposit_data(state, pubkey, privkey, amount, withdrawal_credentials, signed=False):
     deposit_data = DepositData(
         pubkey=pubkey,
-        # insecurely use pubkey as withdrawal key as well
-        withdrawal_credentials=spec.BLS_WITHDRAWAL_PREFIX_BYTE + spec.hash(pubkey)[1:],
+        withdrawal_credentials=withdrawal_credentials,
         amount=amount,
     )
     if signed:
@@ -37,8 +36,9 @@ def build_deposit(state,
                   pubkey,
                   privkey,
                   amount,
+                  withdrawal_credentials,
                   signed):
-    deposit_data = build_deposit_data(state, pubkey, privkey, amount, signed)
+    deposit_data = build_deposit_data(state, pubkey, privkey, amount, withdrawal_credentials, signed)
 
     item = deposit_data.hash_tree_root()
     index = len(deposit_data_leaves)
@@ -57,7 +57,7 @@ def build_deposit(state,
     return deposit, root, deposit_data_leaves
 
 
-def prepare_state_and_deposit(state, validator_index, amount, signed=False):
+def prepare_state_and_deposit(state, validator_index, amount, withdrawal_credentials=None, signed=False):
     """
     Prepare the state for the deposit, and create a deposit for the given validator, depositing the given amount.
     """
@@ -67,12 +67,18 @@ def prepare_state_and_deposit(state, validator_index, amount, signed=False):
 
     pubkey = pubkeys[validator_index]
     privkey = privkeys[validator_index]
+
+    # insecurely use pubkey as withdrawal key if no credentials provided
+    if withdrawal_credentials is None:
+        withdrawal_credentials = spec.BLS_WITHDRAWAL_PREFIX_BYTE + spec.hash(pubkey)[1:]
+
     deposit, root, deposit_data_leaves = build_deposit(
         state,
         deposit_data_leaves,
         pubkey,
         privkey,
         amount,
+        withdrawal_credentials,
         signed
     )
 

test_libs/pyspec/eth2spec/test/sanity/test_slots.py

@@ -55,4 +55,3 @@ def test_over_epoch_boundary(state):
     yield 'slots', slots
     process_slots(state, state.slot + slots)
     yield 'post', state
-