Separate type for unaggregated network attestations #14659
Conversation
# Conflicts: # proto/prysm/v1alpha1/electra.ssz.go
rkapka
changed the title
| att.AggregationBits = bitfield.NewBitlist(1) | ||
| committeeIndex, err := att.GetCommitteeIndex() | ||
| require.NoError(t, err) | ||
| _, result, err = service.validateBitLength(ctx, s, att.Data.Slot, committeeIndex, att.AggregationBits) | ||
| require.ErrorContains(t, "wanted participants bitfield length 4, got: 1", err) | ||
| assert.Equal(t, pubsub.ValidationReject, result) | ||
|
|
There was a problem hiding this comment.
Because I removed the helper function. We still test this, but it's done in https://github.com/prysmaticlabs/prysm/pull/14659/files#diff-f1d6b0b8f81c14d3cf2ef27e17d4c4e7e9b1ad1f8fc3b5a66d9bdf2eeb615853 now.
There was a problem hiding this comment.
never mind, I will revert this change
|
|
||
| preState, err := s.cfg.chain.AttestationTargetState(ctx, data.Target) | ||
| if err != nil { | ||
| tracing.AnnotateError(span, err) | ||
| return pubsub.ValidationIgnore, err | ||
| } | ||
| committeeIndex, err := att.GetCommitteeIndex() | ||
| if err != nil { | ||
| tracing.AnnotateError(span, err) | ||
| return pubsub.ValidationIgnore, err | ||
| } | ||
| committee, err := helpers.BeaconCommitteeFromState(ctx, preState, att.GetData().Slot, committeeIndex) | ||
| if err != nil { | ||
| tracing.AnnotateError(span, err) | ||
| return pubsub.ValidationIgnore, err | ||
| } | ||
|
|
||
| var singleAtt *eth.SingleAttestation | ||
| if att.Version() >= version.Electra { | ||
| singleAtt, ok = att.(*eth.SingleAttestation) | ||
| if !ok { | ||
| return pubsub.ValidationIgnore, fmt.Errorf("attestation has wrong type (expected %T, got %T)", ð.SingleAttestation{}, att) | ||
| } | ||
| att = singleAtt.ToAttestationElectra(committee) | ||
| } | ||
|
|
There was a problem hiding this comment.
Is there a DOS vector for calling AttestationTargetState and BeaconCommitteeFromState this early?
| name: "nil signature", | ||
| attestation: ðpb.AttestationElectra{ | ||
| AggregationBits: testhelpers.FillByteSlice(4, 74), | ||
| Data: ðpb.AttestationData{ | ||
| Source: ðpb.Checkpoint{}, | ||
| Target: ðpb.Checkpoint{}, | ||
| }, | ||
| CommitteeBits: testhelpers.FillByteSlice(8, 83), | ||
| }, | ||
| expectedErrorMessage: "attestation signature can't be nil", |
There was a problem hiding this comment.
Why nil signature test removed?
There was a problem hiding this comment.
I removed it because we had two functions in the codebase checking if an attestation is nil. One is helpers.ValidateNilAttestation and the other one is validateNilAttestation on the VC side. The only difference between them was signature validation which is missing in the helpers package. I decided it's better to just have a single implementation and I expect the one in helpers to be more accurate. I am not exactly sure what happens though when the BN receives an attestation without a signature if the function in helpers doesn't fail (most likely signature validation fails in some other place).
| if !ok { | ||
| return pubsub.ValidationIgnore, fmt.Errorf("attestation has wrong type (expected %T, got %T)", ð.SingleAttestation{}, att) | ||
| } | ||
| att = singleAtt.ToAttestationElectra(committee) |
There was a problem hiding this comment.
This is the biggest additional performance penalty as far as I can see. For a node that subscribe to several subnets. Is this a concern? We will call this 10-30k times per slot
| @@ -71,6 +70,32 @@ func (s *Service) validateCommitteeIndexBeaconAttestation(ctx context.Context, p | |||
| if data.Slot == 0 { | |||
| return pubsub.ValidationIgnore, nil | |||
| } | |||
|
|
|||
| preState, err := s.cfg.chain.AttestationTargetState(ctx, data.Target) | |||
There was a problem hiding this comment.
Why are we calling this here ? There must be strong justification for
- fetching a state
- fetching the committee from it
As these are additional bottlenecks on our highest traffic gossip path
There was a problem hiding this comment.
Also why is this being called before the current gossip checks
|
|
||
| committee, result, err := s.validateBitLength(ctx, bs, aggregate.GetData().Slot, committeeIndex, aggregate.GetAggregationBits()) |
There was a problem hiding this comment.
why was this removed ? Its effectively the same as what has been added in
There was a problem hiding this comment.
you're right, I will change it back
| committee, result, err := s.validateBitLength(ctx, bs, a.GetData().Slot, committeeIndex, a.GetAggregationBits()) | ||
| if result != pubsub.ValidationAccept { | ||
| return result, err | ||
| committee, err := helpers.BeaconCommitteeFromState(ctx, bs, a.GetData().Slot, committeeIndex) |
There was a problem hiding this comment.
Same here, why is validateBitLength removed
| @@ -115,6 +104,48 @@ func (s *Service) validateCommitteeIndexBeaconAttestation(ctx context.Context, p | |||
| } | |||
| } | |||
|
|
|||
| if !s.cfg.chain.InForkchoice(bytesutil.ToBytes32(data.BeaconBlockRoot)) { | |||
There was a problem hiding this comment.
Executing all these methods before we have validated data.BeaconBlockRoot is wrong. As we might have not processed the block yet (and it has to be inserted into our pending queue)
| return pubsub.ValidationIgnore, blockchain.ErrNotDescendantOfFinalized | ||
| } | ||
|
|
||
| if err = s.cfg.chain.VerifyLmdFfgConsistency(ctx, att); err != nil { |
There was a problem hiding this comment.
Same here and for the rest of the methods that follow it. If it is difficult enough, you should just stream the attestations after
What type of PR is this?
Feature
What does this PR do? Why is it needed?
Implements ethereum/consensus-specs#3900
The above consensus change introduces a new
SingleAttestationtype for unaggregated attestations.AttestationElectrawill still be used for aggregated atts. Using the single version in all of our code would be a huge undertaking because many components, such as the attestation pool and attestation caches, require attestations to be of the old format. Modifying these components to work both with pre-Electra attestations and the single attestation is risky and too much work for Pectra.The main reason why
SingleAttestationwas introduced is to prevent a DoS attack, which means it's main value is at the level of gossip. Once we pass gossip validation checks, there is no downside to using theAttestationElectrafor unaggregated attestations too. This allows us to leave most attestation-related code untouched. To have the best of both worlds, we convert the single attestation to an Electra attestation as quickly as possible and use the latter from that point on.When converting from
SingleAttestationtoElectraAttestationwe need to find the index within the committee of theattester_indexfrom the single attestation, becauseattester_indexis the validator index within the whole state. To give an example:The way it's done is by using the
AttestationStateFetcherto get the attestation's target state, then get the appropriate committee from that state and lastly callToAttestationElectraon theSingleAttestation, passing the committee to the function.Other notes for review
Acknowledgements