-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slashing v2 #1278
Slashing v2 #1278
Conversation
Addressed comments & added an extra test in x/stake/handler_test.go
d0a7017
to
68406dd
Compare
68406dd
to
c1987da
Compare
200a8b0
to
9bc99f1
Compare
b88f82c
to
30d9d90
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WiP review, overall looks good, just want a bit more clarification in some of the comments!
defer cleanup() | ||
|
||
signingInfo := getSigningInfo(t, port, pks[0].Address()) | ||
tests.WaitForHeight(4, port) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be better to use tests.WaitForNextNBlocksTM
@@ -38,6 +38,11 @@ func (v Validator) GetDelegatorShares() sdk.Rat { | |||
return sdk.ZeroRat() | |||
} | |||
|
|||
// Implements sdk.Validator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this sdk.Validator, or x/stake/types.Validator
?`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is sdk.Validator
(types/stake.go
), to which GetRevoked()
was added.
x/slashing/tick.go
Outdated
// Iterate over all the validators which *should* have signed this block | ||
for _, signingValidator := range req.Validators { | ||
present := signingValidator.SignedLastBlock | ||
pubkey, err := tmtypes.PB2TM.PubKey(signingValidator.Validator.PubKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can there be a comment here regarding what the goal of this loop is? Is it just to figure out which validators signed the block? (wasn't clear to me) If so, is this for liveness slashing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes; for downtime slashing, added a comment.
x/stake/keeper/slash.go
Outdated
// slash a validator | ||
func (k Keeper) Slash(ctx sdk.Context, pubkey crypto.PubKey, height int64, fraction sdk.Rat) { | ||
// slash an unbonding delegation and update the pool | ||
func (k Keeper) slashUnbondingDelegation(ctx sdk.Context, unbondingDelegation types.UnbondingDelegation, infractionHeight int64, fraction sdk.Rat) (slashAmount sdk.Int) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can fraction be renamed to something more descriptive, perhaps slashFactor
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to slashFraction
.
x/stake/keeper/slash.go
Outdated
// Calculate slash amount proportional to stake contributing to infraction | ||
slashAmount = sdk.NewRatFromInt(unbondingDelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt() | ||
|
||
// Don't slash more tokens than held |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Write a note here, that this is a concern since this unbonding delegation may have already been slashed once, and we slash based on initial balance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comment, here and for the same check on redelegation.
x/stake/keeper/slash.go
Outdated
} | ||
|
||
// Calculate slash amount proportional to stake contributing to infraction | ||
slashAmount = sdk.NewRatFromInt(unbondingDelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want a sanity check that this is a non-negative number? I think that would improve overall safety, and it shouldn't be an expensive check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a sanity check for the sign of slashFraction
.
x/stake/keeper/slash.go
Outdated
// Calculate slash amount proportional to stake contributing to infraction | ||
slashAmount = sdk.NewRatFromInt(redelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt() | ||
|
||
// Don't slash more tokens than held |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same two comments as above. (sanity check for positive slashAmount, indicate why slashing more tokens than held would be a concern)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comment, added sanity check in the top-level Slash()
function.
x/stake/keeper/slash.go
Outdated
slashAmount = sdk.NewRatFromInt(redelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt() | ||
|
||
// Don't slash more tokens than held | ||
redelegationSlashAmount := slashAmount |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can more indication be given as to the justification for this rename?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comment.
x/stake/keeper/slash.go
Outdated
} | ||
|
||
// slash a redelegation and update the pool | ||
func (k Keeper) slashRedelegation(ctx sdk.Context, validator types.Validator, redelegation types.Redelegation, infractionHeight int64, fraction sdk.Rat) (slashAmount sdk.Int) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can fraction be renamed to slashFactor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to slashFraction
.
x/stake/keeper/slash.go
Outdated
// CONTRACT: | ||
// Infraction committed at the current height or at a past height, | ||
// not at a height in the future | ||
func (k Keeper) Slash(ctx sdk.Context, pubkey crypto.PubKey, infractionHeight int64, power int64, fraction sdk.Rat) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this function be placed above the previous two? (Sorry for the extremely minor nitpick here. I think it would be useful structurally to see the contract first though)
Also can fraction be renamed to slashFactor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved, now slashFactor
.
x/stake/keeper/slash.go
Outdated
logger.Info(fmt.Sprintf("Validator %s slashed by fraction %v, removed %v shares and burned %d tokens", pubkey.Address(), fraction, sharesToRemove, burned)) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can there be a sanity check that that the remaining slash amount = 0?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not necessarily zero; most of the stake may still be bonded.
bbe1ea2
to
e46e687
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm! slashFactor
is so much cooler than fraction
:)
Implement semifinal Gaia slashing spec (#1263), less #1348, #1378, and #1440 which are TBD.
Closes #1117
Mostly blocked on finalization of #1119Merged!Wants tendermint/tendermint#1803, but doesn't need to block merge