Mitigate attacks that cause a node to reach finality

[aeyakovenko]

Problem

We want to make sure that nodes do not reach full confirmation on any blocks that the supermajority doesn't have agreement on. This is a property of consensus, but we need some mechanism to double check it during runtime.

Proposed Solution

Ideas:

• Monitor the votes in gossip and halt if the supermajority is not on the same fork as BankForks

Proposal:

1. Add current root to EpochSlots
2. when collecting epoch slots assert that root is either a parent of the current root, a child of the current root, or unknown.
3. if the check fails for a superminority of roots, halt the node.

tag: @carllin @mvines

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[stale]

This stale issue has been automatically closed. Thank you for your contributions.