[BEEFY] Add runtime support for reporting fork voting #4522
Conversation
serban300
added
R0-silent
| } | ||
|
|
||
| let evidence = call.to_equivocation_evidence_for().ok_or(InvalidTransaction::Call)?; | ||
| let tag = (evidence.offender_id().clone(), evidence.set_id(), *evidence.round_number()); |
There was a problem hiding this comment.
Do we need to accept two different types of equivocation reports (double voting and fork voting) at a single slot? If so, we maybe need to add that type to the tag
There was a problem hiding this comment.
I don't think we can accept 2 equivocation reports from the same offender in the same round. I think check_evidence will fail:
fn check_evidence(
evidence: EquivocationEvidenceFor<T>,
) -> Result<(), TransactionValidityError> {
let offender = evidence.checked_offender::<P>().ok_or(InvalidTransaction::BadProof)?;
// Check if the offence has already been reported, and if so then we can discard the report.
let time_slot = TimeSlot { set_id: evidence.set_id(), round: *evidence.round_number() };
if R::is_known_offence(&[offender], &time_slot) {
Err(InvalidTransaction::Stale.into())
} else {
Ok(())
}
}
There was a problem hiding this comment.
Sorry, we could change check_evidence. I don't know what would be best. I would lean towards staying consistent with the current approach where we accept one equivocation per (offender, set_id, round).
There was a problem hiding this comment.
I don't see anywhere in this PR the extrinsic used to report these ForkEquivocations..
I am thinking since you only allow single offender per report does that mean that for a slashable fork equivocation we need to report all the offenders across multiple blocks?
There was a problem hiding this comment.
I don't see anywhere in this PR the extrinsic used to report these ForkEquivocations..
The extrinsic is here .
I am thinking since you only allow single offender per report does that mean that for a slashable fork equivocation we need to report all the offenders across multiple blocks?
Hmmm good point. Could be. I can try to implement the solution that was discussed here. It's good to have it anyway.
There was a problem hiding this comment.
The extrinsic is here .
Right, I got confused. I had noticed we don't have runtime APIs for the "unsigned" version of the call. Should we add it?
There was a problem hiding this comment.
Yes, missed that. Will add it.
There was a problem hiding this comment.
I am thinking since you only allow single offender per report does that mean that for a slashable fork equivocation we need to report all the offenders across multiple blocks?
Hmmm good point. Could be. I can try to implement the solution that was discussed here. It's good to have it anyway.
Done. PTAL ! Relevant commit: f709cef
Right, I got confused. I had noticed we don't have runtime APIs for the "unsigned" version of the call. Should we add it?
Yes, missed that. Will add it.
On a second thought, I think it's better to do this in a separate PR together with the logic for generating the ancestry proofs since the type of the ancestry proof will depend on that (it could either be AncestryProof or OpaqueValue, depending on how we generate it). WDYT ?
acatangiu
removed
the
R0-silent
When you state "at once in the future": |
Discussed offline. I am not sure if we should support a batch of votes, since it will complicate things, but if we do, we can do any of the 2 options. They both seem ok to me. |
Define `OpaqueValue` and use it instead of `grandpa::OpaqueKeyOwnershipProof` and `beefy:OpaqueKeyOwnershipProof` Related to #4522 (comment) We'll need to introduce a runtime API method that calls the `report_fork_voting_unsigned()` extrinsic. This method will need to receive the ancestry proof as a paramater. I'm still not sure, but there is a chance that we'll send the ancestry proof as an opaque type. So let's introduce this `OpaqueValue`. We can already use it to replace `grandpa::OpaqueKeyOwnershipProof` and `beefy:OpaqueKeyOwnershipProof` and maybe we'll need it for the ancestry proof as well. --------- Co-authored-by: Bastian Köcher <git@kchr.de>
Define `OpaqueValue` and use it instead of `grandpa::OpaqueKeyOwnershipProof` and `beefy:OpaqueKeyOwnershipProof` Related to paritytech#4522 (comment) We'll need to introduce a runtime API method that calls the `report_fork_voting_unsigned()` extrinsic. This method will need to receive the ancestry proof as a paramater. I'm still not sure, but there is a chance that we'll send the ancestry proof as an opaque type. So let's introduce this `OpaqueValue`. We can already use it to replace `grandpa::OpaqueKeyOwnershipProof` and `beefy:OpaqueKeyOwnershipProof` and maybe we'll need it for the ancestry proof as well. --------- Co-authored-by: Bastian Köcher <git@kchr.de>
Define `OpaqueValue` and use it instead of `grandpa::OpaqueKeyOwnershipProof` and `beefy:OpaqueKeyOwnershipProof` Related to paritytech#4522 (comment) We'll need to introduce a runtime API method that calls the `report_fork_voting_unsigned()` extrinsic. This method will need to receive the ancestry proof as a paramater. I'm still not sure, but there is a chance that we'll send the ancestry proof as an opaque type. So let's introduce this `OpaqueValue`. We can already use it to replace `grandpa::OpaqueKeyOwnershipProof` and `beefy:OpaqueKeyOwnershipProof` and maybe we'll need it for the ancestry proof as well. --------- Co-authored-by: Bastian Köcher <git@kchr.de>
Related to #4523
Extracting part of #1903 (credits to @Lederstrumpf for the high-level strategy), but also introducing significant adjustments both to the approach and to the code. The main adjustment is the fact that the
ForkVotingProofaccepts only one vote, compared to the original version which accepted avec![]. With this approach more calls are needed in order to report multiple equivocated votes on the same commit, but it simplifies a lot the checking logic. We can add support for reporting multiple signatures at once in the future.There are 2 things that are missing in order to consider this issue done, but I would propose to do them in a separate PR since this one is already pretty big:
Co-authored-by: Robert Hambrock roberthambrock@gmail.com