Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

slashing: add duplicate block proof verification #7418

Merged
merged 18 commits into from
Nov 28, 2024

Conversation

AshwinSekar
Copy link
Contributor

@AshwinSekar AshwinSekar commented Oct 30, 2024

Initial change for duplicate block slashing as part of solana-foundation/solana-improvement-documents#204

Users should create a proof account with data storage of at least 2512 bytes (2 * PACKET_DATA_SIZE + struct overhead) and populate it with the 2 shreds that comprise the proof in the format of DuplicateBlockProofData.

The program supports 1 instruction DuplicateBlockProof which takes a proof account, an offset to read from, the slot in which a duplicate block was broadcasted, and the pubkey of the offending leader.

After verification and deserialization of the proof account, we check if any of the following conditions are met which invalidate the proof:

  • Shreds are not for the slot specified
  • Shreds are for differing shred versions
  • Shreds are in the legacy shred format

We then verify if the proof is valid. A proof consisting of shred1 and shred2 is valid if any of the following conditions are met:

  • shred1 and shred2 are part of the same FEC set but have different merkle roots
  • shred1 and shred2 are part of different FEC sets, however their erasure config indicates that the sets overlap
  • shred1 and shred2 are for the same index with the same shred type and their payloads differ
  • shred1 and shred2 are data shreds with different indices and indicate a last in slot violation. This means one shred has the LAST_SHRED_IN_SLOT flag set, however the other shred has a higher index.
  • shred1 and shred2 are part of the same FEC set however they have conflicting erasure configs

At the moment we only log the results of the proof verification. Future work will store these results in a context state account for use by the runtime.

Signature verification is not implemented in this change. A future change will use instruction introspection to verify that both shreds were signed by the node_pubkey.

@mergify mergify bot added the community Community contribution label Oct 30, 2024
}

#[test]
fn test_solana_shred_parity() {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is essentially copied from shred::layout in agave. This test ensures parity.

Not sure if there's a better way that will allow code reuse here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Considering we've been working on breaking up the SDK, all of the shred structures could probably use the same treatment, with some sort of solana-shred crate that can be used onchain.

I don't think the crate would belong in sdk/ in the monorepo, since it's a very niche usecase.

It doesn't need to land with this PR, of course, but what do you think about that approach?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense, i'm okay with that approach. Are you also suggesting that the monorepo uses solana-shred? or this is just a mirror for onchain programs.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The monorepo would use it too. I can get a PR together for that split-up if you like

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with that approach. @behzadnouri wdyt about a solana-shred crate that copies the data structures and layout functions for use in solana_ledger as well as the slashing program onchain?

We can also make this split after this PR lands.

Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really great work! The base logic looks solid, and the next steps for signature verification and creating an account are very clear.

Most of the comments are pretty minor, to make this more performant.

slashing/program/src/error.rs Outdated Show resolved Hide resolved
slashing/program/src/shred.rs Show resolved Hide resolved
}

#[test]
fn test_solana_shred_parity() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Considering we've been working on breaking up the SDK, all of the shred structures could probably use the same treatment, with some sort of solana-shred crate that can be used onchain.

I don't think the crate would belong in sdk/ in the monorepo, since it's a very niche usecase.

It doesn't need to land with this PR, of course, but what do you think about that approach?

slashing/program/src/shred.rs Show resolved Hide resolved
slashing/program/src/error.rs Outdated Show resolved Hide resolved
slashing/program/src/duplicate_block_proof.rs Show resolved Hide resolved
slashing/program/src/duplicate_block_proof.rs Show resolved Hide resolved
slashing/program/src/duplicate_block_proof.rs Show resolved Hide resolved
slashing/program/src/duplicate_block_proof.rs Show resolved Hide resolved
slashing/program/Cargo.toml Show resolved Hide resolved
@AshwinSekar AshwinSekar force-pushed the duplicate-block-slashing branch 5 times, most recently from 269f41d to a3d74ab Compare November 25, 2024 22:35
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking really close! A couple last bits on my side, then we can get this in

slashing/program/src/processor.rs Outdated Show resolved Hide resolved
slashing/program/src/processor.rs Outdated Show resolved Hide resolved
slashing/program/src/processor.rs Outdated Show resolved Hide resolved
slashing/program/src/duplicate_block_proof.rs Outdated Show resolved Hide resolved
slashing/program/src/duplicate_block_proof.rs Outdated Show resolved Hide resolved
slashing/program/src/processor.rs Show resolved Hide resolved
slashing/program/src/shred.rs Outdated Show resolved Hide resolved
slashing/program/src/state.rs Show resolved Hide resolved
Cargo.lock Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh sorry, one last bit, can you revert these changes so that the PR only picks up the new crate that you're adding? There shouldn't be too many other changes past that

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done 74cdd12

@AshwinSekar AshwinSekar force-pushed the duplicate-block-slashing branch from 8ed365b to 09235da Compare November 27, 2024 16:23
joncinque
joncinque previously approved these changes Nov 27, 2024
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really great, thanks for integrating all the feedback!

And sorry, I didn't mean to totally revert Cargo.lock -- can you just run cargo tree from the root and commit that? Once it passes CI, all good from my side

@mergify mergify bot dismissed joncinque’s stale review November 27, 2024 22:55

Pull request has been modified.

Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

@AshwinSekar AshwinSekar merged commit 633f061 into solana-labs:master Nov 28, 2024
6 checks passed
@AshwinSekar AshwinSekar deleted the duplicate-block-slashing branch November 28, 2024 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community Community contribution
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants