docs(bsm): design — make CLOB attesters slashable for forgery#19
Merged
Conversation
The redemption-default slash rail is live; CLOB attester misconduct has no on-chain path. This drafts it, honestly scoped: - Forgery (quorum vouched for an order no trader signed) is the one new slashable condition — but the attested path is un-challengeable today: its digest commits only fillsHash and BatchFill carries no signatures, so you can't prove a forgery (no sig to invalidate, "never signed" is a negative). The fix binds an ordersCommitment OVER SIGNED ORDERS into the attested digest (a consensus change), after which challengeForgedBatch is a self-contained proof: re-derive the digest, verify the quorum signed it, prove the order is in the committed set, show its trader sig is invalid → proposeSlash the quorum. - Wrong-match rides the SP1 proven path (a re-proof contradicts the fills). - Censorship is deliberately NOT slashable (can't prove a negative without a DA layer) — handled by set-determinism + proposer rotation. Lists the decisions for Drew (slash split, rate, bounty, sequencing). Not yet implemented — the digest binding is breaking and needs sign-off.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The "bonded, slashable attesters" claim is aspirational for the CLOB path — peers detect misconduct off-chain (
Verdict::Forged/Censored) but nothing routes it to a slash. This drafts the mechanism, honestly scoped.The hard truth it surfaces
The attested path is un-challengeable today: the quorum signs
H(bookId, nonce, fillsHash)andBatchFillcarries the orders' terms but no signatures. So a forgery ("quorum vouched for an order trader X never signed") has no on-chain proof — there's no signature to invalidate, and "never signed" is a negative. Compression bought this.What the design adds
challengeForgedBatch→ slash the quorumchallengeForgedBatchis self-contained (the signed batch is public): re-derive the digest, verify the quorum signed this ordersCommitment, prove the order is in the committed set, show its trader sig is invalid →proposeSlashevery co-signer (independent re-verification is the slashable duty). No new batch storage.Cost & decisions
The load-bearing part is a consensus change (bind
ordersCommitmentover(order ‖ sig)into the attested digest) — breaking, ships fleet-wide like the proposer-sig change. The doc lists the calls for you: slash split (whole-quorum vs proposer-heavy),FORGERY_SLASH_BPS, challenger bounty, and whether to sequence the proven path first.Not implemented — surfacing the design before touching consensus.
🤖 Generated with Claude Code