Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoS - unbonding should update validator stake and voting power at pipeline offset #366

Closed
Tracked by #340
tzemanovic opened this issue Aug 21, 2022 · 4 comments · Fixed by #740
Closed
Tracked by #340

PoS - unbonding should update validator stake and voting power at pipeline offset #366

tzemanovic opened this issue Aug 21, 2022 · 4 comments · Fixed by #740
Assignees
@tzemanovic
Labels
PoS prio:high
Milestone
0.15

Comments

@tzemanovic
Copy link
Member

Instead of applying all the unbonding storage updates at unbonding_len, the "bond", validator total deltas and voting power and validator sets should be updated earlier at pipeline_len and only the "unbond" record should be offset at unbonding_len.

This is to minimize a chance of a validator using their voting power before unbonding to perform some slashable infraction.

E.g. say a validator unbonds their stake at epoch n and then commits some slashable infraction somewhere between (n + pipeline_len .. n + unbonding_len]. They would be using their voting power before unbonding, but they couldn't be slashed for it if it's discovered at or after n + unbonding. Using the pipeline_len minimizes the duration during which the validator can use their voting power before unbonding to only epoch n + 1 (before n + pipeline_len)
@memasdeligeorgakis memasdeligeorgakis mentioned this issue Aug 23, 2022
Closed
This was referenced Aug 24, 2022
Closed
Closed
@tzemanovic
Copy link
Member Author

I'm thinking that we could design this to make it a bit clearer -
Say that instead of allowing to submit evidence for infraction in epoch n before the begining of n + unbonding_len, we only allow to submit it before the beginning of n + unbonding_len - (pipeline_len - 1) (one epoch earlier).

In effect I don't think it makes much difference, because we still cannot slash for infraction committed at epoch n + 1 with voting power that's unbonded in epoch n when the infraction is discovered at n + unbonding_len - 1, but at least this would be clear from the design, rather than saying this can happen but the chance is very low :)

Additionally, we've planned to go with pipeline_len=2, unbonding_len = 21 and disallow changes to these parameters for now, until we verify the safety of doing so, so that should be plenty time to discover any infractions at ~1 epoch per day

@tzemanovic tzemanovic self-assigned this Aug 25, 2022
@tzemanovic
Copy link
Member Author

we decided to go with making unbonded tokens withdrawal possible in pipeline_len + unbonding_len epochs from when the tx_unbond is applied to avoid the corner case

@tzemanovic tzemanovic mentioned this issue Aug 31, 2022
Merged
@brentstone brentstone mentioned this issue Oct 25, 2022
Closed
15 tasks
@cwgoes
Copy link
Contributor

cwgoes commented Jan 13, 2023

@tzemanovic are you still working on this or is @brentstone?

@brentstone
Copy link
Collaborator

@tzemanovic are you still working on this or is @brentstone?

I'm taking care of this, it is included in #740.

@brentstone brentstone mentioned this issue Jan 13, 2023
Merged
@cwgoes cwgoes added this to the 0.15 milestone Jan 16, 2023
@juped juped closed this as completed in #740 Feb 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tzemanovic tzemanovic

Labels
PoS prio:high
Projects
No open projects
Namada-Old
Status: Tested in Devnet
Milestone
0.15
Development

Successfully merging a pull request may close this issue.

PoS: lazy map epoched data anoma/namada
3 participants
@tzemanovic @cwgoes @brentstone