[Feature] - Slashing Interchange Support

WORKSPACE

@@ -210,6 +210,21 @@ http_archive(
     url = "https://github.com/kubernetes/repo-infra/archive/6537f2101fb432b679f3d103ee729dd8ac5d30a0.tar.gz",
 )
 
+http_archive(
+    name = "eip3076_spec_tests",
+    build_file_content = """
+filegroup(
+    name = "test_data",
+    srcs = glob([
+        "**/*.json",
+    ]),
+    visibility = ["//visibility:public"],
+)
+    """,
+    sha256 = "91434d5fd5e1c6eb7b0174fed2afe25e09bddf00e1e4c431db931b2cee4e7773",
+    url = "https://github.com/eth2-clients/slashing-protection-interchange-tests/archive/b8413ca42dc92308019d0d4db52c87e9e125c4e9.tar.gz",
+)
+
 http_archive(
     name = "eth2_spec_tests_general",
     build_file_content = """

shared/promptutil/prompt.go

@@ -55,7 +55,7 @@ func DefaultPrompt(promptText, defaultValue string) (string, error) {
 	if defaultValue != "" {
 		fmt.Printf("%s %s:\n", promptText, fmt.Sprintf("(%s: %s)", au.BrightGreen("default"), defaultValue))
 	} else {
-		fmt.Printf("%s\n", promptText)
+		fmt.Printf("%s:\n", promptText)
 	}
 	scanner := bufio.NewScanner(os.Stdin)
 	if ok := scanner.Scan(); ok {

shared/slashutil/BUILD.bazel

@@ -3,15 +3,27 @@ load("@prysm//tools/go:def.bzl", "go_library")
 
 go_library(
     name = "go_default_library",
-    srcs = ["surround_votes.go"],
+    srcs = [
+        "double_votes.go",
+        "surround_votes.go",
+    ],
     importpath = "github.com/prysmaticlabs/prysm/shared/slashutil",
     visibility = ["//visibility:public"],
-    deps = ["@com_github_prysmaticlabs_ethereumapis//eth/v1alpha1:go_default_library"],
+    deps = [
+        "//shared/params:go_default_library",
+        "@com_github_prysmaticlabs_ethereumapis//eth/v1alpha1:go_default_library",
+    ],
 )
 
 go_test(
     name = "go_default_test",
-    srcs = ["surround_votes_test.go"],
+    srcs = [
+        "double_votes_test.go",
+        "surround_votes_test.go",
+    ],
     embed = [":go_default_library"],
-    deps = ["@com_github_prysmaticlabs_ethereumapis//eth/v1alpha1:go_default_library"],
+    deps = [
+        "//shared/params:go_default_library",
+        "@com_github_prysmaticlabs_ethereumapis//eth/v1alpha1:go_default_library",
+    ],
 )

shared/slashutil/double_votes.go

@@ -0,0 +1,16 @@
+package slashutil
+
+import "github.com/prysmaticlabs/prysm/shared/params"
+
+// SigningRootsDiffer verifies that an incoming vs. existing attestation has a different signing root.
+// If the existing signing root is empty, then we consider an attestation as different always.
+func SigningRootsDiffer(existingSigningRoot, incomingSigningRoot [32]byte) bool {
+	zeroHash := params.BeaconConfig().ZeroHash
+	// If the existing signing root is empty, we always consider the incoming
+	// attestation as a double vote to be safe.
+	if existingSigningRoot == zeroHash {
+		return true
+	}
+	// Otherwise, we consider any sort of inequality to be a double vote.
+	return existingSigningRoot != incomingSigningRoot
+}

shared/slashutil/double_votes_test.go

@@ -0,0 +1,59 @@
+package slashutil
+
+import (
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/shared/params"
+)
+
+func TestSigningRootsDiffer(t *testing.T) {
+	type args struct {
+		existingSigningRoot [32]byte
+		incomingSigningRoot [32]byte
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "Empty existing signing root is slashable",
+			args: args{
+				existingSigningRoot: params.BeaconConfig().ZeroHash,
+				incomingSigningRoot: [32]byte{1},
+			},
+			want: true,
+		},
+		{
+			name: "Non-empty, different existing signing root is slashable",
+			args: args{
+				existingSigningRoot: [32]byte{2},
+				incomingSigningRoot: [32]byte{1},
+			},
+			want: true,
+		},
+		{
+			name: "Non-empty, same existing signing root and incoming signing root is not slashable",
+			args: args{
+				existingSigningRoot: [32]byte{2},
+				incomingSigningRoot: [32]byte{2},
+			},
+			want: false,
+		},
+		{
+			name: "Both empty are considered slashable",
+			args: args{
+				existingSigningRoot: params.BeaconConfig().ZeroHash,
+				incomingSigningRoot: params.BeaconConfig().ZeroHash,
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := SigningRootsDiffer(tt.args.existingSigningRoot, tt.args.incomingSigningRoot); got != tt.want {
+				t.Errorf("SigningRootsDiffer() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

validator/BUILD.bazel

@@ -28,6 +28,7 @@ go_library(
         "//validator/db:go_default_library",
         "//validator/flags:go_default_library",
         "//validator/node:go_default_library",
+        "//validator/slashing-protection:go_default_library",
         "@com_github_joonix_log//:go_default_library",
         "@com_github_sirupsen_logrus//:go_default_library",
         "@com_github_urfave_cli_v2//:go_default_library",

validator/accounts/prompt/prompt.go

@@ -18,6 +18,10 @@ import (
 const (
 	// ImportKeysDirPromptText for the import keys cli function.
 	ImportKeysDirPromptText = "Enter the directory or filepath where your keystores to import are located"
+	// DataDirDirPromptText for the validator database directory.
+	DataDirDirPromptText = "Enter the directory of the validator database you would like to use"
+	// SlashingProtectionJSONPromptText for the EIP-3076 slashing protection JSON prompt.
+	SlashingProtectionJSONPromptText = "Enter the the filepath of your EIP-3076 Slashing Protection JSON from your previously used validator client"
 	// WalletDirPromptText for the wallet.
 	WalletDirPromptText = "Enter a wallet directory"
 	// SelectAccountsDeletePromptText --

validator/client/BUILD.bazel

@@ -35,6 +35,7 @@ go_library(
         "//shared/mputil:go_default_library",
         "//shared/params:go_default_library",
         "//shared/rand:go_default_library",
+        "//shared/slashutil:go_default_library",
         "//shared/slotutil:go_default_library",
         "//shared/timeutils:go_default_library",
         "//shared/traceutil:go_default_library",
@@ -44,7 +45,7 @@ go_library(
         "//validator/graffiti:go_default_library",
         "//validator/keymanager:go_default_library",
         "//validator/keymanager/imported:go_default_library",
-        "//validator/slashing-protection:go_default_library",
+        "//validator/slashing-protection/iface:go_default_library",
         "@com_github_dgraph_io_ristretto//:go_default_library",
         "@com_github_gogo_protobuf//proto:go_default_library",
         "@com_github_gogo_protobuf//types:go_default_library",
@@ -83,9 +84,13 @@ go_test(
         "propose_test.go",
         "runner_test.go",
         "service_test.go",
+        "slashing_protection_interchange_test.go",
         "validator_test.go",
         "wait_for_activation_test.go",
     ],
+    data = [
+        "@eip3076_spec_tests//:test_data",
+    ],
     embed = [":go_default_library"],
     deps = [
         "//beacon-chain/core/helpers:go_default_library",
@@ -96,6 +101,7 @@ go_test(
         "//shared/bytesutil:go_default_library",
         "//shared/event:go_default_library",
         "//shared/featureconfig:go_default_library",
+        "//shared/fileutil:go_default_library",
         "//shared/mock:go_default_library",
         "//shared/params:go_default_library",
         "//shared/slotutil:go_default_library",
@@ -107,6 +113,7 @@ go_test(
         "//validator/db/testing:go_default_library",
         "//validator/graffiti:go_default_library",
         "//validator/keymanager/derived:go_default_library",
+        "//validator/slashing-protection/local/standard-protection-format:go_default_library",
         "//validator/testing:go_default_library",
         "@com_github_gogo_protobuf//types:go_default_library",
         "@com_github_golang_mock//gomock:go_default_library",
@@ -119,6 +126,7 @@ go_test(
         "@com_github_tyler_smith_go_bip39//:go_default_library",
         "@com_github_wealdtech_go_eth2_util//:go_default_library",
         "@in_gopkg_d4l3k_messagediff_v1//:go_default_library",
+        "@io_bazel_rules_go//go/tools/bazel:go_default_library",
         "@org_golang_google_grpc//metadata:go_default_library",
     ],
 )

validator/client/attest_protect.go

@@ -2,11 +2,13 @@ package client
 
 import (
 	"context"
+	"encoding/hex"
 	"fmt"
 
 	"github.com/pkg/errors"
 	ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
 	"github.com/prysmaticlabs/prysm/shared/featureconfig"
+	"github.com/prysmaticlabs/prysm/shared/slashutil"
 	"github.com/prysmaticlabs/prysm/validator/db/kv"
 	"go.opencensus.io/trace"
 )
@@ -26,7 +28,39 @@ func (v *validator) slashableAttestationCheck(
 	ctx, span := trace.StartSpan(ctx, "validator.postAttSignUpdate")
 	defer span.End()
 
-	fmtKey := fmt.Sprintf("%#x", pubKey[:])
+	// Based on EIP3076, validator should refuse to sign any attestation with source epoch less
+	// than the minimum source epoch present in that signer’s attestations.
+	lowestSourceEpoch, exists, err := v.db.LowestSignedSourceEpoch(ctx, pubKey)
+	if err != nil {
+		return err
+	}
+	if exists && indexedAtt.Data.Source.Epoch < lowestSourceEpoch {
+		return fmt.Errorf(
+			"could not sign attestation lower than lowest source epoch in db, %d < %d",
+			indexedAtt.Data.Source.Epoch,
+			lowestSourceEpoch,
+		)
+	}
+	existingSigningRoot, err := v.db.SigningRootAtTargetEpoch(ctx, pubKey, indexedAtt.Data.Target.Epoch)
+	if err != nil {
+		return err
+	}
+	signingRootsDiffer := slashutil.SigningRootsDiffer(existingSigningRoot, signingRoot)
+
+	// Based on EIP3076, validator should refuse to sign any attestation with target epoch less
+	// than or equal to the minimum target epoch present in that signer’s attestations.
+	lowestTargetEpoch, exists, err := v.db.LowestSignedTargetEpoch(ctx, pubKey)
+	if err != nil {
+		return err
+	}
+	if signingRootsDiffer && exists && indexedAtt.Data.Target.Epoch <= lowestTargetEpoch {
+		return fmt.Errorf(
+			"could not sign attestation lower than or equal to lowest target epoch in db, %d <= %d",
+			indexedAtt.Data.Target.Epoch,
+			lowestTargetEpoch,
+		)
+	}
+	fmtKey := "0x" + hex.EncodeToString(pubKey[:])
 	slashingKind, err := v.db.CheckSlashableAttestation(ctx, pubKey, signingRoot, indexedAtt)
 	if err != nil {
 		if v.emitAccountMetrics {

validator/client/attest_protect_test.go

@@ -40,39 +40,10 @@ func Test_slashableAttestationCheck(t *testing.T) {
 	}
 	mockProtector := &mockSlasher.MockProtector{AllowAttestation: false}
 	validator.protector = mockProtector
-	err := validator.slashableAttestationCheck(context.Background(), att, pubKey, [32]byte{})
+	err := validator.slashableAttestationCheck(context.Background(), att, pubKey, [32]byte{1})
 	require.ErrorContains(t, failedPostAttSignExternalErr, err)
 	mockProtector.AllowAttestation = true
-	err = validator.slashableAttestationCheck(context.Background(), att, pubKey, [32]byte{})
-	require.NoError(t, err, "Expected allowed attestation not to throw error")
-}
-
-func Test_slashableAttestationCheck_Allowed(t *testing.T) {
-	config := &featureconfig.Flags{
-		SlasherProtection: false,
-	}
-	reset := featureconfig.InitWithReset(config)
-	defer reset()
-	validator, _, _, finish := setup(t)
-	defer finish()
-	att := &ethpb.IndexedAttestation{
-		AttestingIndices: []uint64{1, 2},
-		Data: &ethpb.AttestationData{
-			Slot:            5,
-			CommitteeIndex:  2,
-			BeaconBlockRoot: bytesutil.PadTo([]byte("great block"), 32),
-			Source: &ethpb.Checkpoint{
-				Epoch: 4,
-				Root:  bytesutil.PadTo([]byte("good source"), 32),
-			},
-			Target: &ethpb.Checkpoint{
-				Epoch: 10,
-				Root:  bytesutil.PadTo([]byte("good target"), 32),
-			},
-		},
-	}
-	fakePubkey := bytesutil.ToBytes48([]byte("test"))
-	err := validator.slashableAttestationCheck(context.Background(), att, fakePubkey, [32]byte{})
+	err = validator.slashableAttestationCheck(context.Background(), att, pubKey, [32]byte{1})
 	require.NoError(t, err, "Expected allowed attestation not to throw error")
 }
 
@@ -107,21 +78,24 @@ func Test_slashableAttestationCheck_UpdatesLowestSignedEpochs(t *testing.T) {
 	validator.protector = mockProtector
 	m.validatorClient.EXPECT().DomainData(
 		gomock.Any(), // ctx
-		gomock.Any(), // epoch2
+		&ethpb.DomainRequest{Epoch: 10, Domain: []byte{1, 0, 0, 0}},
 	).Return(&ethpb.DomainResponse{SignatureDomain: make([]byte, 32)}, nil /*err*/)
 	_, sr, err := validator.getDomainAndSigningRoot(ctx, att.Data)
 	require.NoError(t, err)
-	err = validator.slashableAttestationCheck(context.Background(), att, pubKey, sr)
-	require.ErrorContains(t, "rejected", err, "Expected error on post signature update is detected as slashable")
 	mockProtector.AllowAttestation = true
 	err = validator.slashableAttestationCheck(context.Background(), att, pubKey, sr)
-	require.NoError(t, err, "Expected allowed attestation not to throw error")
+	require.NoError(t, err)
+	differentSigningRoot := [32]byte{2}
+	err = validator.slashableAttestationCheck(context.Background(), att, pubKey, differentSigningRoot)
+	require.ErrorContains(t, "could not sign attestation", err)
 
-	e, err := validator.db.LowestSignedSourceEpoch(context.Background(), pubKey)
+	e, exists, err := validator.db.LowestSignedSourceEpoch(context.Background(), pubKey)
 	require.NoError(t, err)
+	require.Equal(t, true, exists)
 	require.Equal(t, uint64(4), e)
-	e, err = validator.db.LowestSignedTargetEpoch(context.Background(), pubKey)
+	e, exists, err = validator.db.LowestSignedTargetEpoch(context.Background(), pubKey)
 	require.NoError(t, err)
+	require.Equal(t, true, exists)
 	require.Equal(t, uint64(10), e)
 }
 
@@ -184,10 +158,12 @@ func Test_slashableAttestationCheck_GenesisEpoch(t *testing.T) {
 	fakePubkey := bytesutil.ToBytes48([]byte("test"))
 	err := validator.slashableAttestationCheck(ctx, att, fakePubkey, [32]byte{})
 	require.NoError(t, err, "Expected allowed attestation not to throw error")
-	e, err := validator.db.LowestSignedSourceEpoch(context.Background(), fakePubkey)
+	e, exists, err := validator.db.LowestSignedSourceEpoch(context.Background(), fakePubkey)
 	require.NoError(t, err)
+	require.Equal(t, true, exists)
 	require.Equal(t, uint64(0), e)
-	e, err = validator.db.LowestSignedTargetEpoch(context.Background(), fakePubkey)
+	e, exists, err = validator.db.LowestSignedTargetEpoch(context.Background(), fakePubkey)
 	require.NoError(t, err)
+	require.Equal(t, true, exists)
 	require.Equal(t, uint64(0), e)
 }

validator/client/attest_test.go

@@ -215,7 +215,7 @@ func TestAttestToBlockHead_BlocksDoubleAtt(t *testing.T) {
 
 	validator.SubmitAttestation(context.Background(), 30, pubKey)
 	validator.SubmitAttestation(context.Background(), 30, pubKey)
-	require.LogsContain(t, hook, failedAttLocalProtectionErr)
+	require.LogsContain(t, hook, "Failed attestation slashing protection")
 }
 
 func TestAttestToBlockHead_BlocksSurroundAtt(t *testing.T) {
@@ -267,7 +267,7 @@ func TestAttestToBlockHead_BlocksSurroundAtt(t *testing.T) {
 
 	validator.SubmitAttestation(context.Background(), 30, pubKey)
 	validator.SubmitAttestation(context.Background(), 30, pubKey)
-	require.LogsContain(t, hook, failedAttLocalProtectionErr)
+	require.LogsContain(t, hook, "Failed attestation slashing protection")
 }
 
 func TestAttestToBlockHead_BlocksSurroundedAtt(t *testing.T) {
@@ -322,7 +322,7 @@ func TestAttestToBlockHead_BlocksSurroundedAtt(t *testing.T) {
 	}, nil)
 
 	validator.SubmitAttestation(context.Background(), 30, pubKey)
-	require.LogsContain(t, hook, failedAttLocalProtectionErr)
+	require.LogsContain(t, hook, "Failed attestation slashing protection")
 }
 
 func TestAttestToBlockHead_DoesNotAttestBeforeDelay(t *testing.T) {