Detect attestation with source or target lower then min as slahsable

endtoend/components/validator.go

@@ -72,6 +72,7 @@ func StartNewValidatorClient(t *testing.T, config *types.E2EConfig, validatorNum
 		"--force-clear-db",
 		"--e2e-config",
 		"--accept-terms-of-use",
+		"--verbosity=debug",
 	}
 	args = append(args, featureconfig.E2EValidatorFlags...)
 	args = append(args, config.ValidatorFlags...)

go.mod

@@ -102,7 +102,6 @@ require (
 	github.com/trailofbits/go-mutexasserts v0.0.0-20200708152505-19999e7d3cef
 	github.com/tyler-smith/go-bip39 v1.0.2
 	github.com/urfave/cli/v2 v2.2.0
-	github.com/wealdtech/go-bytesutil v1.1.1
 	github.com/wealdtech/go-eth2-util v1.6.2
 	github.com/wealdtech/go-eth2-wallet-encryptor-keystorev4 v1.1.1
 	github.com/wercker/journalhook v0.0.0-20180428041537-5d0a5ae867b3

shared/featureconfig/config.go

@@ -36,18 +36,19 @@ type Flags struct {
 	PyrmontTestnet bool // PyrmontTestnet defines the flag through which we can enable the node to run on the Pyrmont testnet.
 
 	// Feature related flags.
-	WriteSSZStateTransitions   bool // WriteSSZStateTransitions to tmp directory.
-	SkipBLSVerify              bool // Skips BLS verification across the runtime.
-	EnableBlst                 bool // Enables new BLS library from supranational.
-	PruneEpochBoundaryStates   bool // PruneEpochBoundaryStates prunes the epoch boundary state before last finalized check point.
-	EnableSnappyDBCompression  bool // EnableSnappyDBCompression in the database.
-	SlasherProtection          bool // SlasherProtection protects validator fron sending over a slashable offense over the network using external slasher.
-	EnableNoise                bool // EnableNoise enables the beacon node to use NOISE instead of SECIO when performing a handshake with another peer.
-	EnableEth1DataMajorityVote bool // EnableEth1DataMajorityVote uses the Voting With The Majority algorithm to vote for eth1data.
-	EnablePeerScorer           bool // EnablePeerScorer enables experimental peer scoring in p2p.
-	EnablePruningDepositProofs bool // EnablePruningDepositProofs enables pruning deposit proofs which significantly reduces the size of a deposit
-	EnableSyncBacktracking     bool // EnableSyncBacktracking enables backtracking algorithm when searching for alternative forks during initial sync.
-	EnableLargerGossipHistory  bool // EnableLargerGossipHistory increases the gossip history we store in our caches.
+	WriteSSZStateTransitions              bool // WriteSSZStateTransitions to tmp directory.
+	SkipBLSVerify                         bool // Skips BLS verification across the runtime.
+	EnableBlst                            bool // Enables new BLS library from supranational.
+	PruneEpochBoundaryStates              bool // PruneEpochBoundaryStates prunes the epoch boundary state before last finalized check point.
+	EnableSnappyDBCompression             bool // EnableSnappyDBCompression in the database.
+	SlasherProtection                     bool // SlasherProtection protects validator fron sending over a slashable offense over the network using external slasher.
+	EnableNoise                           bool // EnableNoise enables the beacon node to use NOISE instead of SECIO when performing a handshake with another peer.
+	EnableEth1DataMajorityVote            bool // EnableEth1DataMajorityVote uses the Voting With The Majority algorithm to vote for eth1data.
+	EnablePeerScorer                      bool // EnablePeerScorer enables experimental peer scoring in p2p.
+	EnablePruningDepositProofs            bool // EnablePruningDepositProofs enables pruning deposit proofs which significantly reduces the size of a deposit
+	EnableSyncBacktracking                bool // EnableSyncBacktracking enables backtracking algorithm when searching for alternative forks during initial sync.
+	EnableLargerGossipHistory             bool // EnableLargerGossipHistory increases the gossip history we store in our caches.
+	DisableStrictRemoteSlashingProtection bool // DisableStrictRemoteSlashing protection allows submitting attestations and blocks if slasher is unavailable.
 
 	// Logging related toggles.
 	DisableGRPCConnectionLogs bool // Disables logging when a new grpc client has connected.
@@ -206,6 +207,11 @@ func ConfigureValidator(ctx *cli.Context) {
 		log.Warn("Enabled validator attestation and block slashing protection using an external slasher.")
 		cfg.SlasherProtection = true
 	}
+	if ctx.Bool(disableStrictRemoteSlashingProtection.Name) {
+		log.Warn("Disabling strict remote slashing protection. Blocks and attestations will still be " +
+			"submitted if slasher returns gRPC error code UNAVAILABLE, CONTEXT_CANCELED, or RESOURCE_EXHAUSTED")
+		cfg.DisableStrictRemoteSlashingProtection = true
+	}
 	Init(cfg)
 }
 

shared/featureconfig/flags.go

@@ -46,6 +46,12 @@ var (
 		Name:  "disable-grpc-connection-logging",
 		Usage: "Disables displaying logs for newly connected grpc clients",
 	}
+	disableStrictRemoteSlashingProtection = &cli.BoolFlag{
+		Name: "disable-strict-remote-slashing-protection",
+		Usage: "Allows submitting attestations and blocks to the beacon node from the validator client if " +
+			"remote slasher protection returns gRPC error code " +
+			"UNAVAILABLE, CANCELED, or RESOURCE_EXHAUSTED",
+	}
 	attestationAggregationStrategy = &cli.StringFlag{
 		Name:  "attestation-aggregation-strategy",
 		Usage: "Which strategy to use when aggregating attestations, one of: naive, max_cover.",
@@ -100,6 +106,7 @@ var ValidatorFlags = append(deprecatedFlags, []cli.Flag{
 	Mainnet,
 	disableAccountsV2,
 	disableBlst,
+	disableStrictRemoteSlashingProtection,
 }...)
 
 // SlasherFlags contains a list of all the feature flags that apply to the slasher client.

validator/client/BUILD.bazel

@@ -6,13 +6,10 @@ go_library(
     srcs = [
         "aggregate.go",
         "attest.go",
-        "attest_protect.go",
         "log.go",
         "metrics.go",
-        "mock_validator.go",
         "multiple_endpoints_grpc_resolver.go",
         "propose.go",
-        "propose_protect.go",
         "runner.go",
         "service.go",
         "validator.go",
@@ -22,7 +19,6 @@ go_library(
     deps = [
         "//beacon-chain/core/helpers:go_default_library",
         "//proto/validator/accounts/v2:go_default_library",
-        "//shared/blockutil:go_default_library",
         "//shared/bls:go_default_library",
         "//shared/bytesutil:go_default_library",
         "//shared/event:go_default_library",
@@ -34,10 +30,10 @@ go_library(
         "//shared/timeutils:go_default_library",
         "//validator/accounts/wallet:go_default_library",
         "//validator/db:go_default_library",
-        "//validator/db/kv:go_default_library",
         "//validator/keymanager:go_default_library",
         "//validator/keymanager/imported:go_default_library",
         "//validator/slashing-protection:go_default_library",
+        "//validator/slashing-protection/remote:go_default_library",
         "@com_github_dgraph_io_ristretto//:go_default_library",
         "@com_github_gogo_protobuf//proto:go_default_library",
         "@com_github_gogo_protobuf//types:go_default_library",
@@ -68,10 +64,9 @@ go_test(
     size = "small",
     srcs = [
         "aggregate_test.go",
-        "attest_protect_test.go",
         "attest_test.go",
         "metrics_test.go",
-        "propose_protect_test.go",
+        "mock_validator_test.go",
         "propose_test.go",
         "runner_test.go",
         "service_test.go",
@@ -93,7 +88,6 @@ go_test(
         "//shared/testutil/assert:go_default_library",
         "//shared/testutil/require:go_default_library",
         "//shared/timeutils:go_default_library",
-        "//validator/db/kv:go_default_library",
         "//validator/db/testing:go_default_library",
         "//validator/testing:go_default_library",
         "@com_github_gogo_protobuf//types:go_default_library",

validator/client/attest.go

@@ -12,10 +12,12 @@ import (
 	"github.com/prysmaticlabs/prysm/beacon-chain/core/helpers"
 	validatorpb "github.com/prysmaticlabs/prysm/proto/validator/accounts/v2"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
+	"github.com/prysmaticlabs/prysm/shared/featureconfig"
 	"github.com/prysmaticlabs/prysm/shared/hashutil"
 	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/slotutil"
 	"github.com/prysmaticlabs/prysm/shared/timeutils"
+	"github.com/prysmaticlabs/prysm/validator/slashing-protection/remote"
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
 )
@@ -63,13 +65,6 @@ func (v *validator) SubmitAttestation(ctx context.Context, slot uint64, pubKey [
 		AttestingIndices: []uint64{duty.ValidatorIndex},
 		Data:             data,
 	}
-	if err := v.preAttSignValidations(ctx, indexedAtt, pubKey); err != nil {
-		log.WithFields(logrus.Fields{
-			"sourceEpoch": indexedAtt.Data.Source.Epoch,
-			"targetEpoch": indexedAtt.Data.Target.Epoch,
-		}).WithError(err).Error("Failed attestation safety check")
-		return
-	}
 
 	sig, signingRoot, err := v.signAtt(ctx, pubKey, data)
 	if err != nil {
@@ -79,6 +74,45 @@ func (v *validator) SubmitAttestation(ctx context.Context, slot uint64, pubKey [
 		}
 		return
 	}
+	indexedAtt.Signature = sig
+	locallySlashable, err := v.localSlashingProtector.IsSlashableAttestation(ctx, indexedAtt, pubKey, signingRoot)
+	if err != nil {
+		log.WithFields(
+			attestationLogFields(pubKey, indexedAtt),
+		).WithError(err).Error("Could not check attestation safety with local slashing protection, not submitting")
+		return
+	}
+	if locallySlashable {
+		log.WithFields(
+			attestationLogFields(pubKey, indexedAtt),
+		).Warn("Attempted to submit a slashable attestation, blocked by local slashing protection")
+		return
+	}
+	if remoteProtector, ok := v.remoteSlashingProtector.(*remote.Service); ok && remoteProtector != nil {
+		remoteSlashable, err := v.remoteSlashingProtector.IsSlashableAttestation(ctx, indexedAtt, pubKey, signingRoot)
+		if err != nil {
+			if featureconfig.Get().DisableStrictRemoteSlashingProtection {
+				if !errors.Is(err, remote.ErrSlasherUnavailable) {
+					// If slasher is unavailable, trust local protection and proceed with submitting the attestation.
+					log.WithFields(
+						attestationLogFields(pubKey, indexedAtt),
+					).WithError(err).Warn("Could not check attestation safety with remote slashing protection, not submitting")
+					return
+				}
+			} else {
+				log.WithFields(
+					attestationLogFields(pubKey, indexedAtt),
+				).WithError(err).Warn("Could not check attestation safety with remote slashing protection, not submitting")
+				return
+			}
+		}
+		if remoteSlashable {
+			log.WithFields(
+				attestationLogFields(pubKey, indexedAtt),
+			).Warn("Attempted to submit a slashable attestation, blocked by remote slashing protection")
+			return
+		}
+	}
 
 	var indexInCommittee uint64
 	var found bool
@@ -105,15 +139,6 @@ func (v *validator) SubmitAttestation(ctx context.Context, slot uint64, pubKey [
 		Signature:       sig,
 	}
 
-	indexedAtt.Signature = sig
-	if err := v.postAttSignUpdate(ctx, indexedAtt, pubKey, signingRoot); err != nil {
-		log.WithFields(logrus.Fields{
-			"sourceEpoch": indexedAtt.Data.Source.Epoch,
-			"targetEpoch": indexedAtt.Data.Target.Epoch,
-		}).WithError(err).Error("Failed post attestation signing updates")
-		return
-	}
-
 	attResp, err := v.validatorClient.ProposeAttestation(ctx, attestation)
 	if err != nil {
 		log.WithError(err).Error("Could not submit attestation to beacon node")
@@ -122,9 +147,6 @@ func (v *validator) SubmitAttestation(ctx context.Context, slot uint64, pubKey [
 		}
 		return
 	}
-	if err := v.SaveProtection(ctx, pubKey); err != nil {
-		log.WithError(err).Errorf("Could not save validator: %#x protection", pubKey)
-	}
 
 	if err := v.saveAttesterIndexToData(data, duty.ValidatorIndex); err != nil {
 		log.WithError(err).Error("Could not save validator index for logging")
@@ -166,7 +188,11 @@ func (v *validator) duty(pubKey [48]byte) (*ethpb.DutiesResponse_Duty, error) {
 }
 
 // Given validator's public key, this function returns the signature of an attestation data and its signing root.
-func (v *validator) signAtt(ctx context.Context, pubKey [48]byte, data *ethpb.AttestationData) ([]byte, [32]byte, error) {
+func (v *validator) signAtt(
+	ctx context.Context,
+	pubKey [48]byte,
+	data *ethpb.AttestationData,
+) ([]byte, [32]byte, error) {
 	domain, root, err := v.getDomainAndSigningRoot(ctx, data)
 	if err != nil {
 		return nil, [32]byte{}, err
@@ -227,3 +253,17 @@ func (v *validator) waitToSlotOneThird(ctx context.Context, slot uint64) {
 	finalTime := startTime.Add(delay)
 	time.Sleep(timeutils.Until(finalTime))
 }
+
+func attestationLogFields(pubKey [48]byte, indexedAtt *ethpb.IndexedAttestation) logrus.Fields {
+	return logrus.Fields{
+		"attesterPublicKey": fmt.Sprintf("%#x", pubKey),
+		"attestationSlot":   indexedAtt.Data.Slot,
+		"committeeIndex":    indexedAtt.Data.CommitteeIndex,
+		"beaconBlockRoot":   fmt.Sprintf("%#x", indexedAtt.Data.BeaconBlockRoot),
+		"sourceEpoch":       indexedAtt.Data.Source.Epoch,
+		"sourceRoot":        fmt.Sprintf("%#x", indexedAtt.Data.Source.Root),
+		"targetEpoch":       indexedAtt.Data.Target.Epoch,
+		"targetRoot":        fmt.Sprintf("%#x", indexedAtt.Data.Target.Root),
+		"signature":         fmt.Sprintf("%#x", indexedAtt.Signature),
+	}
+}