Stagger allowed miner responses during a dispute

[area]

First off, this is (notionally) based on #812 hence draft status for now.

We obviously hope that multiple people will run reputation mining clients. For submissions, we have a window over which it gets easier and easier to submit new hashes, with the difficulty being randomised per user, and with it being easier to submit if you have more staked. We did this because we wanted rewards to be 'fairly' distributed and for miners to not be wasting gas, making submissions that wouldn't succeed because all the slots filled up before their transaction was mined (which wasn't the case when they broadcast it). This PR adds similar functionality to dispute resolutions.

In this implementation, there is a window during a dispute resolution where only those that have submitted a hash are able to respond to a challenge, and the point in this window where a submitter is able to respond is randomised per-submitter for each stage. This additional window lasts 10 minutes, so in the event of a 'full' mining cycle submission, each submitter can expect to get (waves hands vaguely) a minute after they are eligible to respond to a dispute before someone else becomes eligible, which seems adequate. This increases the potential severity of a DDOS attack, because each dispute round can take twice as long to resolve if bad submissions are defended judiciously, but the well-behaving miners shouldn't step on each others toes during submissions, which is well worth the cost.

There's one subtlety in the implementation worth drawing attention to; in the case of all but one of these windows, the window is based on the last response timestamp of the submission being defended. The one case that's not true is the invalidateHash call where an entry is being invalidated (i.e. not the case where a bye is awarded), where the window is based on the last response timestamp of the submission being invalided.

[area]

Further comments as this hopefully nears being done:

ReputationMiningCycleBinarySearch.sol and ReputationMiningCycleCommon.sol have been introduced as the contract sizes were getting too large.

lastResponseTimestamp is now set on submission to the time the window closes. This is fairer (even-numbered submissions now pay the same gas) and also makes working out when a valid window is easier in the case of the last submission being able to get a bye in the first round (when previously, that timestamp wouldn't be set).

I have added a BinarySearchStep event - every other stage of a mining dispute had a corresponding event.

I have added a helper function makeTxAtTimestamp which does what it says on the tin. It stops mining, sends a transaction, and then mines a block at the specified timestamp before re-enabling mining. This helps massively in making tests reproduceable (and was necessary here) for the main test added (should not allow miners to respond immediately during a dispute, but they should be able to some time before the end of the window). It arguably should be used instead of forwardTime wherever possible, but that is much more of a maintenance PR than something that should be here I think.

[kronosapiens]

Are we not using the underscore convention in these contracts? We use them in the interface contract...

[area]

It's barely used in the interface contract either for what it's worth, but I guess it's best to be consistent across all contracts.

[kronosapiens]

Reading through this and I'm still getting confused around which way the window works. One one level it seems like it should be >=, i.e. more restrictive when the delta is large, but we have the opposite. Can we rename delta to responseTimeRemaining or something? since could also be clearer.

[area]

Rearranged this a bit, that hopefully makes it clearer to the reader.

[kronosapiens]

Does the client not have a constants.js file?

[area]

It does not. We could add one, ideally though we'd want these values being picked up off the contracts, which I think is what I had in mind when I wrote this comment.

[kronosapiens]

to.be.zero

[kronosapiens]

Remind me why we don't just await these promises directly?

[area]

Because it's testing the auto functionality. If we awaited directly where they're created, the actions to trigger them have not yet taken place on chain so the test would time out. If we moved the creation to where they're awaited, then the tests become spotty, as the thing the promises are waiting for might have happened before they've been set up.

[kronosapiens]

to.be.zero

[kronosapiens]

If you want to make the most of this variable I'd be happy using it up in the conditional as

if (windowOpenFor <= SUBMITTER_ONLY_WINDOW_DURATION) {

[kronosapiens]

Nice! This has been in the works a while.