[feat] implement the operator interfaces expected by dogfood #21
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -55,6 +64,8 @@ message OptedInfo { | |||
| uint64 opted_in_height = 2; | |||
| // opted_out_height is the exocore block height at which the operator opted out | |||
| uint64 opted_out_height = 3; | |||
| // jailed defined whether the operator has been jailed from bonded status or not. | |||
| bool jailed = 4; | |||
There was a problem hiding this comment.
Design question: Should jailing be done on a per-AVS basis or globally? We consider two potential reasons for slashing: first being the downtime and second being malicious activity like double-signing.
If an operator is slashed for downtime, we should only jail them for that specific AVS.
If an operator is slashed for malicious activity, we should ban them on all AVS.
What do you think?
There was a problem hiding this comment.
Both the malicious activities and slash proportions are configured by the specific Avs. If we ban them on all AVS when an operator acts maliciously on one Avs, Is it a problem that low-level misconduct will cause a maximum punishment?
I noticed a tombstone mechanism to mitigate the impact of initially likely categories of non-malicious protocol faults in cosmos-sdk. So, I'm also unsure about the appropriate level for the slash mechanism in Exocore.
There was a problem hiding this comment.
If we ban them on all AVS when an operator acts maliciously on one Avs, Is it a problem that low-level misconduct will cause a maximum punishment?
Yes, as discussed, we should only jail temporarily for low level misconduct.
I noticed a tombstone mechanism to mitigate the impact of initially likely categories of non-malicious protocol faults in cosmos-sdk. So, I'm also unsure about the appropriate level for the slash mechanism in Exocore.
I might be misinterpreting this but I think they have two things:
- Jailing, which is temporary or permanent. An operator is jailed for downtime and slashed a small amount. Unjailing is first on the protocol level (upon expiry of the jailing time), and then the operator must send a transaction indicating that they have fixed the misconfiguration that led to the slashing time.
- Tombstoning, which is permanent (equivalent to freezing). An operator is tombstoned for double signing, slashed a larger amount and permanently jailed. The only "mitigation" offered by this mechanism is that a validator cannot be slashed twice if they double sign across multiple blocks, even if evidence is received for each of those blocks.
I observed that permanent jailing is equivalent to tombstoning (and the SDK even performs them together). So we can remove that feature. Either an operator is jailed temporarily on a specific AVS, or they are permanently blocked from them all. For ease of use, we can replace the word "tombstone" with "freeze" like in our proposed design.
There was a problem hiding this comment.
Yeah, this needs to be considered in the design and implementation of the slash module.
TimmyExogenous
force-pushed
the
integrate-with-dogfood
branch
from
af367a0 to
ff6edf5
Compare
Description
This PR implements the operator interfaces expected by the dogfood module. Additionally, it solves a problem encountered when running
make proto-download-deps.The makefile about
proto-download-depsdownloads the code from branchcosmos-sdk\origin\master. However, we currently rely on the historical version, Therefore we need to update the makefile to download the corresponding version of the dependency proto code.The implemented operator interfaces are as follows:
Todo
min_self_delegation