More logging & CLI tests

Author: michaelsproul

book/src/help_vc.md

@@ -13,14 +13,19 @@ FLAGS:
         --disable-auto-discover
             If present, do not attempt to discover new validators in the validators-dir. Validators will need to be
             manually added to the validator_definitions.yml file.
-        --disable-log-timestamp                  If present, do not include timestamps in logging output.
+        --disable-log-timestamp                     If present, do not include timestamps in logging output.
         --disable-malloc-tuning
             If present, do not configure the system allocator. Providing this flag will generally increase memory usage,
             it should only be provided when debugging specific memory allocation issues.
         --disable-run-on-all
             DEPRECATED. Use --broadcast. By default, Lighthouse publishes attestation, sync committee subscriptions and
             proposer preparation messages to all beacon nodes provided in the `--beacon-nodes flag`. This option changes
             that behaviour such that these api calls only go out to the first available and synced beacon node
+        --disable-slashing-protection-web3signer
+            Disable Lighthouse's slashing protection for all web3signer keys. This can reduce the I/O burden on the VC
+            but is only safe if slashing protection is enabled on the remote signer and is implemented correctly. DO NOT
+            ENABLE THIS FLAG UNLESS YOU ARE CERTAIN THAT SLASHING PROTECTION IS ENABLED ON THE REMOTE SIGNER. IT IS OFF
+            BY DEFAULT, AND YOU WILL GET SLASHED IF YOU USE THIS FLAG WITHOUT ENABLING IT.
         --enable-doppelganger-protection
             If this flag is set, Lighthouse will delay startup for three epochs and monitor for messages on the network
             by any of the validators managed by this client. This will result in three (possibly four) epochs worth of
@@ -32,8 +37,8 @@ FLAGS:
             Enable per validator metrics for > 64 validators. Note: This flag is automatically enabled for <= 64
             validators. Enabling this metric for higher validator counts will lead to higher volume of prometheus
             metrics being collected.
-    -h, --help                                   Prints help information
-        --http                                   Enable the RESTful HTTP API server. Disabled by default.
+    -h, --help                                      Prints help information
+        --http                                      Enable the RESTful HTTP API server. Disabled by default.
         --http-allow-keystore-export
             If present, allow access to the DELETE /lighthouse/keystores HTTP API method, which allows exporting
             keystores and passwords to HTTP API consumers who have access to the API token. This method is useful for
@@ -47,15 +52,15 @@ FLAGS:
             flag unless you're certain that a new slashing protection database is required. Usually, your database will
             have been initialized when you imported your validator keys. If you misplace your database and then run with
             this flag you risk being slashed.
-        --log-color                              Force outputting colors when emitting logs to the terminal.
+        --log-color                                 Force outputting colors when emitting logs to the terminal.
         --logfile-compress
             If present, compress old log files. This can help reduce the space needed to store old logs.
 
         --logfile-no-restricted-perms
             If present, log files will be generated as world-readable meaning they can be read by any user on the
             machine. Note that logs can often contain sensitive information about your validator and so this flag should
             be used with caution. For Windows users, the log file permissions will be inherited from the parent folder.
-        --metrics                                Enable the Prometheus metrics HTTP server. Disabled by default.
+        --metrics                                   Enable the Prometheus metrics HTTP server. Disabled by default.
         --prefer-builder-proposals
             If this flag is set, Lighthouse will always prefer blocks constructed by builders, regardless of payload
             value.
@@ -69,7 +74,7 @@ FLAGS:
         --use-long-timeouts
             If present, the validator client will use longer timeouts for requests made to the beacon node. This flag is
             generally not recommended, longer timeouts can cause missed duties when fallbacks are used.
-    -V, --version                                Prints version information
+    -V, --version                                   Prints version information
 
 OPTIONS:
         --beacon-nodes <NETWORK_ADDRESSES>
@@ -96,9 +101,6 @@ OPTIONS:
         --debug-level <LEVEL>
             Specifies the verbosity level used when emitting logs to the terminal. [default: info]  [possible values:
             info, debug, trace, warn, error, crit]
-        --disable-slashing-protection-web3signer <disable-slashing-protection-web3signer>
-            Disable Lighthouse's slashing protection for all web3signer keys. This can reduce the I/O burden on the VC
-            and is safe as long as slashing protection is enabled on the remote signer and is implemented correctly.
         --gas-limit <INTEGER>
             The gas limit to be used in all builder proposals for all validators managed by this validator client. Note
             this will not necessarily be used if the gas limit set here moves too far from the previous block's gas

lighthouse/tests/validator_client.rs

@@ -636,3 +636,20 @@ fn validator_registration_batch_size_zero_value() {
         .flag("validator-registration-batch-size", Some("0"))
         .run();
 }
+
+#[test]
+fn validator_disable_web3_signer_slashing_protection_default() {
+    CommandLineTest::new().run().with_config(|config| {
+        assert!(config.enable_web3signer_slashing_protection);
+    });
+}
+
+#[test]
+fn validator_disable_web3_signer_slashing_protection() {
+    CommandLineTest::new()
+        .flag("disable-slashing-protection-web3signer", None)
+        .run()
+        .with_config(|config| {
+            assert!(!config.enable_web3signer_slashing_protection);
+        });
+}

validator_client/src/cli.rs

@@ -371,8 +371,11 @@ pub fn cli_app<'a, 'b>() -> App<'a, 'b> {
             Arg::with_name("disable-slashing-protection-web3signer")
                 .long("disable-slashing-protection-web3signer")
                 .help("Disable Lighthouse's slashing protection for all web3signer keys. This can \
-                       reduce the I/O burden on the VC and is safe as long as slashing protection \
-                       is enabled on the remote signer and is implemented correctly.")
+                       reduce the I/O burden on the VC but is only safe if slashing protection \
+                       is enabled on the remote signer and is implemented correctly. DO NOT ENABLE \
+                       THIS FLAG UNLESS YOU ARE CERTAIN THAT SLASHING PROTECTION IS ENABLED ON \
+                       THE REMOTE SIGNER. IT IS OFF BY DEFAULT, AND YOU WILL GET SLASHED IF YOU \
+                       USE THIS FLAG WITHOUT ENABLING IT.")
         )
         /*
          * Experimental/development options.

validator_client/src/config.rs

@@ -411,7 +411,17 @@ impl Config {
         }
 
         config.enable_web3signer_slashing_protection =
-            !cli_args.is_present("disable-slashing-protection-web3signer");
+            if cli_args.is_present("disable-slashing-protection-web3signer") {
+                warn!(
+                    log,
+                    "Slashing protection for remote keys disabled";
+                    "info" => "ensure slashing protection on web3signer is enabled or you WILL \
+                               get slashed"
+                );
+                false
+            } else {
+                true
+            };
 
         Ok(config)
     }