867d8f3223
Currently, we have a bit of a convoluted flow where when sending attestations, we start broadcasting them over gossip then pass them to the attestation validation to include them in the local attestation pool - it should be the other way around: we should be checking attestations _before_ gossipping them - this serves as an additional safety net to ensure that we don't publish junk - this becomes more important when publishing attestations from the API. Also, the REST API was performing its own validation meaning attestations coming from REST would be validated twice - finally, the JSON RPC wasn't pre-validating and would happily broadcast invalid attestations. * Unified attestation production pipeline with the same flow for gossip, locally and API-produced attestations: all are now validated and entered into the pool, then broadcast/republished * Refactor subnet handling with specific SubnetId alias, streamlining where subnets are computed, avoiding the need to pass around the number of active validators * Move some of the subnet handling code to eth2_network * Use BitArray throughout for subnet handling |
||
|---|---|---|
| .. | ||
| README.md | ||
| batch_validation.nim | ||
| consensus_manager.nim | ||
| eth2_processor.nim | ||
| gossip_to_consensus.nim | ||
| gossip_validation.nim | ||
README.md
Gossip Processing
This folders hold a collection of modules to:
- validate raw gossip data before
- rebroadcasting them (potentially aggregated)
- sending it to one of the consensus object pool
Validation
Gossip Validation is different from consensus verification in particular for blocks.
- Blocks: https://github.com/ethereum/eth2.0-specs/blob/v1.0.1/specs/phase0/p2p-interface.md#beacon_block
- Attestations (aggregate): https://github.com/ethereum/eth2.0-specs/blob/v1.0.1/specs/phase0/p2p-interface.md#beacon_aggregate_and_proof
- Attestations (single): https://github.com/ethereum/eth2.0-specs/blob/v1.0.1/specs/phase0/p2p-interface.md#attestation-subnets
- Exits: https://github.com/ethereum/eth2.0-specs/blob/v1.0.1/specs/phase0/p2p-interface.md#voluntary_exit
- Proposer slashings: https://github.com/ethereum/eth2.0-specs/blob/v1.0.1/specs/phase0/p2p-interface.md#proposer_slashing
- Attester slashing: https://github.com/ethereum/eth2.0-specs/blob/v1.0.1/specs/phase0/p2p-interface.md#attester_slashing
There are 2 consumers of validated consensus objects:
- a
ValidationResult.Acceptoutput triggers rebroadcasting in libp2p- method
validate(PubSub, message)in libp2p/protocols/pubsub/pubsub.nim in the - which was called by
rpcHandler(GossipSub, PubSubPeer, RPCMsg)
- method
- a
xyzValidatormessage enqueues the validated object in one of the processing queue in eth2_processorblocksQueue: AsyncQueue[BlockEntry], (shared with request_manager and sync_manager)attestationsQueue: AsyncQueue[AttestationEntry]aggregatesQueue: AsyncQueue[AggregateEntry]
Those queues are then regularly processed to be made available to the consensus object pools.
Security concerns
As the first line of defense in Nimbus, modules must be able to handle burst of data that may come:
- from malicious nodes trying to DOS us
- from long periods of non-finality, creating lots of forks, attestations, forks