Optional slashing protection for remote keys#4981
Optional slashing protection for remote keys#4981mergify[bot] merged 12 commits intosigp:unstablefrom
Conversation
michaelsproul
added
val-client
…protection-web3signer
…protection-web3signer
…3signer' into disable-slashing-protection-web3signer
|
Ready for Deneb on Sepolia/Chiado/Goerli. I'll hopefully write the tests for this next week and we can merge it to |
michaelsproul
added
ready-for-review
|
Ready for review! 🚀 |
dapplion
left a comment
dapplion
left a comment
There was a problem hiding this comment.
Both block and attestation signature code paths hit requires_local_slashing_protection which is always true for LocalKeystore.
Tests cover the case of attempting to sign a slashable block, or attestation with LocalKeystore and --disable-slashing-protection-web3signer.
Moving the doppelganger check before the slashing protection check is conceptually better and should have no effect on safety.
I've not manually tested the feature
|
Any ETA about this PR making it to a public version? |
|
@jmcruz1983 It'll be in the next release, which is likely happening within 3 weeks |
michaelsproul
added
waiting-on-author
…protection-web3signer
michaelsproul
added
ready-for-review
jimmygchen
left a comment
jimmygchen
left a comment
There was a problem hiding this comment.
Looks good to me, I think the tests are comprehensive too!
jimmygchen
added
ready-for-merge
|
@Mergifyio queue |
🛑 The pull request has been removed from the queue
|
|
@Mergifyio dequeue |
✅ The pull request has been removed from the queue
|
|
@Mergifyio requeue |
✅ This pull request will be re-embarked automaticallyDetailsThe followup |
🛑 The pull request has been removed from the queue
|
|
@Mergifyio requeue |
✅ This pull request will be re-embarked automaticallyDetailsThe followup |
✅ The pull request has been merged automaticallyDetailsThe pull request has been merged automatically at 7bec3f9 |
* Optional slashing protection for remote keys * Merge remote-tracking branch 'origin/unstable' into disable-slashing-protection-web3signer * Start writing tests * Merge remote-tracking branch 'origin/unstable' into disable-slashing-protection-web3signer * Merge remote-tracking branch 'michael/disable-slashing-protection-web3signer' into disable-slashing-protection-web3signer * Make half-written tests compile * Make tests work * Update help text * Update book CLI text * Merge remote-tracking branch 'origin/unstable' into disable-slashing-protection-web3signer * More logging & CLI tests * CLI tweaks
5 participants
Issue Addressed
Closes #4890
Proposed Changes
Introduce a new flag for the validator client which turns off local slashing protection for remote keys:
--disable-slashing-protection-web3signerThis is intended as an optimisation to avoid redundant I/O for the slashing protection DB. It is likely only useful on VC nodes with large numbers of keys (1k+). We should never enable this by default due to the risk of the user running with their remote signer slashing protection disabled, and relying on the current database to protect them.
Additional Info
This needs a very thorough review. I've written what I think are comprehensive tests.