Disallow genesis sync outside blob pruning window #5038
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paulhauner
added a commit
to paulhauner/lighthouse
that referenced
this pull request
Jan 8, 2024
commit 63b09d1 Merge: ce8b614 db05d37 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 14:05:39 2024 +1100 Merge branch 'unstable' into disallow-genesis-sync commit ce8b614 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 13:59:11 2024 +1100 Add missing CLI flag commit b8e11ca Author: Paul Hauner <[email protected]> Date: Mon Jan 8 13:59:04 2024 +1100 Fix failing test commit 02a369e Author: Paul Hauner <[email protected]> Date: Mon Jan 8 13:58:57 2024 +1100 Fix typos commit 2dfc4b1 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 12:10:34 2024 +1100 Return an error based on the Deneb fork commit 0153572 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 11:56:11 2024 +1100 Tidy, fix tests commit 5033bfa Author: Paul Hauner <[email protected]> Date: Mon Jan 8 11:51:13 2024 +1100 Perform checks in the `ClientBuilder` commit 328ad6c Author: Mark Mackey <[email protected]> Date: Wed Jan 3 17:43:44 2024 +0100 Fix CLI Tests commit b7ff1c1 Author: Mark Mackey <[email protected]> Date: Wed Jan 3 15:21:52 2024 +0100 Disallow Syncing From Genesis By Default
Merged
paulhauner
force-pushed
the
disallow-genesis-sync
branch
from
327eb52 to
63b09d1
Compare
realbigsean
approved these changes
Jan 8, 2024
There was a problem hiding this comment.
This sounds like a really good idea to not disrupt small testnets!
There's another part of this change that I think Mark is still working on here #4377
Maybe it makes sense to just include this now, so we ensure goerli users understand the new Deneb UX. But we still need to consider unfinalized blocks from older than the DA boundary unavailable by default. We want to make sure it isn't possible for us to re-org to an unavailable chain.
|
|
||
| if now > deneb_time + blob_availability_window { | ||
| return Err( | ||
| "Syncing from genesis is insecure and incompatible with data availability checks. \ |
There was a problem hiding this comment.
Maybe this should also suggest --allow-insecure-genesis-sync if the risks are understood
paulhauner
added a commit
to paulhauner/lighthouse
that referenced
this pull request
Jan 9, 2024
Squashed commit of the following: commit 81610c1 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 18:06:14 2024 +1100 Fix conflict with blob sidecars epochs commit 18753f1 Merge: d136b5e b47e3f2 Author: Paul Hauner <[email protected]> Date: Tue Jan 9 14:01:59 2024 +1100 Merge branch 'unstable' into disallow-genesis-sync commit d136b5e Author: Paul Hauner <[email protected]> Date: Tue Jan 9 12:08:41 2024 +1100 Add suggestion from Sean commit bbc4487 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 17:26:53 2024 +1100 Fix CLI flags commit 63b09d1 Merge: ce8b614 db05d37 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 14:05:39 2024 +1100 Merge branch 'unstable' into disallow-genesis-sync commit ce8b614 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 13:59:11 2024 +1100 Add missing CLI flag commit b8e11ca Author: Paul Hauner <[email protected]> Date: Mon Jan 8 13:59:04 2024 +1100 Fix failing test commit 02a369e Author: Paul Hauner <[email protected]> Date: Mon Jan 8 13:58:57 2024 +1100 Fix typos commit 2dfc4b1 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 12:10:34 2024 +1100 Return an error based on the Deneb fork commit 0153572 Author: Paul Hauner <[email protected]> Date: Mon Jan 8 11:56:11 2024 +1100 Tidy, fix tests commit 5033bfa Author: Paul Hauner <[email protected]> Date: Mon Jan 8 11:51:13 2024 +1100 Perform checks in the `ClientBuilder` commit 328ad6c Author: Mark Mackey <[email protected]> Date: Wed Jan 3 17:43:44 2024 +0100 Fix CLI Tests commit b7ff1c1 Author: Mark Mackey <[email protected]> Date: Wed Jan 3 15:21:52 2024 +0100 Disallow Syncing From Genesis By Default
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue Addressed
#4377
Proposed Changes
This PR follows from #5031 to disallow syncing from genesis. It's different to #5031 because it only prevents the user from syncing from genesis if the chain is more than
MIN_EPOCHS_FOR_BLOB_SIDECARS_REQUESTS - 2past the Deneb fork.The benefit of this approach is that it allows users to start a new network/testnet without always needing to provide the
--allow-insecure-genesis-syncflag.The downside is that users are still permitted to sync from genesis before the Deneb fork, which is unsafe due to weak subjectivity attacks. That is how things have always been though, this PR does not introduce that.
Additional Info
A middle-ground between my approach and #5031 would be to only prevent syncing from genesis some period after genesis has occurred. I'm hesitant to introduce that breaking change right now as we already have a lot in flight. This PR as it stands is not a breaking change since it only affects the chain after Deneb.
It's worth noting that #5031 seemed to assume that weak subjectivity attacks are only possible after Capella. WS attacks are possible at any fork of the chain; stakers only need to have their
validator.withdrawal_epochset in the past to be able to sign messages without being slashed. This was possible in the base/phase0 fork.