-
Notifications
You must be signed in to change notification settings - Fork 768
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guide Update with all considerations #1961
Comments
0% slashes for voting invalid on valid to avoid nodes not getting re-elected in the honest case. (Related to the no chilling, as otherwise no chilling would not be enough.): #1962 |
Handling of disabling threshold: #2226 (comment) -> Guide should have an argument, for the handling we picked. Significant implementation complexity is such an argument, but I would like to have it described: Why and how is it complicating matters? |
Summary of today's call:
|
Node side disabling algorithm for dispute participation: #784 (comment) Explanation on 0% slashes and disabling issues in disputes around era boundaries: #784 (comment) |
For BEEFY we can either have:
We probably don't want to have disabling that we suspect might reach a significant fraction of validators with the wrong bug trigger 2 though, as we also need to be worried about BEEFY liveness. A liveness of safety violation in BEEFY can brick bridges on chains without governance like Ethereum. On the other hand validators who are completely slashed can attack BEEFY for free. So having either 1 or 2 beng the result of a large slash but not apply to things with small slashes, like raising disputes. With random sampling, BEEFY security relies on cryptoeconomics like backing security. When we have BEEFY with BLS and SNARKS, then disabling or slashing need not affect BEEFY and we can all sleep easier. |
Why is this? Slashed validators can still attack BEEFY "for free". Or you mean that with BLS the number of slashed validators attacking BEEFY is much less impactful? aka unless we're up to a third of total validators, we can sleep easy? |
With BLS and SNARKS, as long as we have 2/3 honest validators, then it does not matter that dishonest validators have their keys removed. But we don't want to accidentally remove too many honest keys - so we should just give all validator's keys irrespective of disabling and minor offences.
With random sampling BEEFY, as with backing, there is a small chance that invalid claims will suceed. However the initial claim includes a validator's signature so we can slash that validator. However if that validator has already been slashed 100% on Polkadot, signing invalid claims will not cost them any more so the attack is free. Thus a large slash, whether from BEEFY or from something like backing that we don't expect honest validators to be affected by too much should result in the validator being removed from future authority keys or at least the BEEFY validator list until the next election. It used to be that slashes did result in getting kicked out of the validator set and so not be in the list of authority keys, until the recent introduction of disabling as an alternative. |
The text was updated successfully, but these errors were encountered: