Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional slashing protection for remote keys #4981

Merged
merged 12 commits into from
Feb 6, 2024
Merged

Optional slashing protection for remote keys #4981

merged 12 commits into from
Feb 6, 2024

Conversation

michaelsproul
Copy link
Member

@michaelsproul michaelsproul commented Dec 6, 2023
edited
Loading

Issue Addressed

Closes #4890

Proposed Changes

Introduce a new flag for the validator client which turns off local slashing protection for remote keys:

  • --disable-slashing-protection-web3signer

This is intended as an optimisation to avoid redundant I/O for the slashing protection DB. It is likely only useful on VC nodes with large numbers of keys (1k+). We should never enable this by default due to the risk of the user running with their remote signer slashing protection disabled, and relying on the current database to protect them.

Additional Info

This needs a very thorough review. I've written what I think are comprehensive tests.

@michaelsproul michaelsproul added val-client Relates to the validator client binary do-not-merge optimization Something to make Lighthouse run more efficiently. labels Dec 6, 2023
@michaelsproul michaelsproul mentioned this pull request Dec 6, 2023
Closed
@michaelsproul
Copy link
Member Author

Ready for Deneb on Sepolia/Chiado/Goerli. I'll hopefully write the tests for this next week and we can merge it to unstable.

@michaelsproul michaelsproul added ready-for-review The code is ready for review v5.0.0 Q1 2024 and removed do-not-merge labels Jan 29, 2024
@michaelsproul
Copy link
Member Author

Ready for review! 🚀

dapplion
dapplion approved these changes Jan 29, 2024
View reviewed changes
Copy link
Collaborator

@dapplion dapplion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both block and attestation signature code paths hit requires_local_slashing_protection which is always true for LocalKeystore.

Tests cover the case of attempting to sign a slashable block, or attestation with LocalKeystore and --disable-slashing-protection-web3signer.

Moving the doppelganger check before the slashing protection check is conceptually better and should have no effect on safety.

I've not manually tested the feature

@jmcruz1983
Copy link

jmcruz1983 commented Feb 1, 2024
edited
Loading

Any ETA about this PR making it to a public version?
Thanks

@michaelsproul
Copy link
Member Author

@jmcruz1983 It'll be in the next release, which is likely happening within 3 weeks

@michaelsproul michaelsproul added waiting-on-author The reviewer has suggested changes and awaits thier implementation. and removed ready-for-review The code is ready for review labels Feb 1, 2024
@michaelsproul michaelsproul added ready-for-review The code is ready for review and removed waiting-on-author The reviewer has suggested changes and awaits thier implementation. labels Feb 2, 2024
jimmygchen
jimmygchen approved these changes Feb 2, 2024
View reviewed changes
Copy link
Member

@jimmygchen jimmygchen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, I think the tests are comprehensive too!

jimmygchen
jimmygchen approved these changes Feb 2, 2024
View reviewed changes
Copy link
Member

@jimmygchen jimmygchen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thanks

@jimmygchen jimmygchen added ready-for-merge This PR is ready to merge. and removed ready-for-review The code is ready for review labels Feb 2, 2024
@michaelsproul
Copy link
Member Author

@Mergifyio queue

@mergify Mergify
Copy link

mergify bot commented Feb 5, 2024
edited
Loading

queue

🛑 The pull request has been removed from the queue default

Pull request #4981 has been dequeued by a dequeue command.

You can take a look at Queue: Embarked in merge queue check runs for more details.

In case of a failure due to a flaky test, you should first retrigger the CI.
Then, re-embark the pull request into the merge queue by posting the comment
@mergifyio refresh on the pull request.

@michaelsproul
Copy link
Member Author

@Mergifyio dequeue

@mergify Mergify
Copy link

mergify bot commented Feb 5, 2024

dequeue

✅ The pull request has been removed from the queue default

@realbigsean
Copy link
Member

@Mergifyio requeue

@mergify Mergify
Copy link

mergify bot commented Feb 5, 2024

requeue

✅ This pull request will be re-embarked automatically

The followup queue command will be automatically executed to re-embark the pull request

@mergify Mergify
Copy link

mergify bot commented Feb 5, 2024
edited
Loading

queue

🛑 The pull request has been removed from the queue default

The queue conditions cannot be satisfied due to failing checks.

You can take a look at Queue: Embarked in merge queue check runs for more details.

In case of a failure due to a flaky test, you should first retrigger the CI.
Then, re-embark the pull request into the merge queue by posting the comment
@mergifyio refresh on the pull request.

mergify bot added a commit that referenced this pull request Feb 5, 2024
@mergify
Merge of #4981
e4b360c
This was referenced Feb 5, 2024
Closed
Merged
Merged
mergify bot added a commit that referenced this pull request Feb 5, 2024
@mergify
Merge of #4981
5b22710
@mergify mergify bot mentioned this pull request Feb 5, 2024
Closed
5 tasks
mergify bot added a commit that referenced this pull request Feb 5, 2024
@mergify
Merge of #4981
35e1606
@mergify mergify bot mentioned this pull request Feb 5, 2024
Closed
5 tasks
@realbigsean
Copy link
Member

@Mergifyio requeue

@mergify Mergify
Copy link

mergify bot commented Feb 5, 2024

requeue

✅ This pull request will be re-embarked automatically

The followup queue command will be automatically executed to re-embark the pull request

@mergify Mergify
Copy link

mergify bot commented Feb 5, 2024
edited
Loading

queue

✅ The pull request has been merged automatically

The pull request has been merged automatically at 7bec3f9

mergify bot added a commit that referenced this pull request Feb 5, 2024
@mergify
Merge of #4981
af980ea
@mergify mergify bot mentioned this pull request Feb 5, 2024
Closed
5 tasks
mergify bot added a commit that referenced this pull request Feb 5, 2024
@mergify
Merge of #4981
b750c8d
This was referenced Feb 5, 2024
Closed
Merged
mergify bot added a commit that referenced this pull request Feb 6, 2024
@mergify
Merge of #4981
81040ff
@mergify mergify bot mentioned this pull request Feb 6, 2024
Closed
8 tasks
@mergify mergify bot merged commit 7bec3f9 into sigp:unstable Feb 6, 2024
30 checks passed
danielrachi1 pushed a commit to danielrachi1/lighthouse that referenced this pull request Feb 14, 2024
@michaelsproul @danielrachi1
Optional slashing protection for remote keys (sigp#4981)
a62ccbb 
* Optional slashing protection for remote keys

* Merge remote-tracking branch 'origin/unstable' into disable-slashing-protection-web3signer

* Start writing tests

* Merge remote-tracking branch 'origin/unstable' into disable-slashing-protection-web3signer

* Merge remote-tracking branch 'michael/disable-slashing-protection-web3signer' into disable-slashing-protection-web3signer

* Make half-written tests compile

* Make tests work

* Update help text

* Update book CLI text

* Merge remote-tracking branch 'origin/unstable' into disable-slashing-protection-web3signer

* More logging & CLI tests

* CLI tweaks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmygchen jimmygchen jimmygchen approved these changes

@dapplion dapplion dapplion approved these changes

@paulhauner paulhauner Awaiting requested review from paulhauner

Assignees
No one assigned
Labels
optimization Something to make Lighthouse run more efficiently. ready-for-merge This PR is ready to merge. v5.0.0 Q1 2024 val-client Relates to the validator client binary
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@michaelsproul @jmcruz1983 @realbigsean @jimmygchen @dapplion