Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Slashing v2 #1278

Merged
merged 147 commits into from
Jun 30, 2018
Merged

Slashing v2 #1278

merged 147 commits into from
Jun 30, 2018

Conversation

cwgoes
Copy link
Contributor

@cwgoes cwgoes commented Jun 16, 2018

Implement semifinal Gaia slashing spec (#1263), less #1348, #1378, and #1440 which are TBD.

Closes #1117
Mostly blocked on finalization of #1119 Merged!
Wants tendermint/tendermint#1803, but doesn't need to block merge

  • Updated all relevant documentation in docs
  • Updated all code comments where relevant
  • Wrote tests
  • Updated CHANGELOG.md
  • Updated Gaia/Examples
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

@cwgoes cwgoes added the wip label Jun 16, 2018
@cwgoes cwgoes dismissed rigelrozanski’s stale review June 29, 2018 23:53

Addressed comments & added an extra test in x/stake/handler_test.go

@cwgoes cwgoes force-pushed the cwgoes/slashing-version-two branch 2 times, most recently from d0a7017 to 68406dd Compare June 30, 2018 00:07
@cwgoes cwgoes force-pushed the cwgoes/slashing-version-two branch from 68406dd to c1987da Compare June 30, 2018 00:13
@cwgoes cwgoes force-pushed the cwgoes/slashing-version-two branch from 200a8b0 to 9bc99f1 Compare June 30, 2018 01:19
@cwgoes cwgoes force-pushed the cwgoes/slashing-version-two branch from b88f82c to 30d9d90 Compare June 30, 2018 01:38
Copy link
Contributor

@ValarDragon ValarDragon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WiP review, overall looks good, just want a bit more clarification in some of the comments!

defer cleanup()

signingInfo := getSigningInfo(t, port, pks[0].Address())
tests.WaitForHeight(4, port)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be better to use tests.WaitForNextNBlocksTM

@@ -38,6 +38,11 @@ func (v Validator) GetDelegatorShares() sdk.Rat {
return sdk.ZeroRat()
}

// Implements sdk.Validator
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this sdk.Validator, or x/stake/types.Validator?`

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is sdk.Validator (types/stake.go), to which GetRevoked() was added.

// Iterate over all the validators which *should* have signed this block
for _, signingValidator := range req.Validators {
present := signingValidator.SignedLastBlock
pubkey, err := tmtypes.PB2TM.PubKey(signingValidator.Validator.PubKey)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can there be a comment here regarding what the goal of this loop is? Is it just to figure out which validators signed the block? (wasn't clear to me) If so, is this for liveness slashing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes; for downtime slashing, added a comment.

// slash a validator
func (k Keeper) Slash(ctx sdk.Context, pubkey crypto.PubKey, height int64, fraction sdk.Rat) {
// slash an unbonding delegation and update the pool
func (k Keeper) slashUnbondingDelegation(ctx sdk.Context, unbondingDelegation types.UnbondingDelegation, infractionHeight int64, fraction sdk.Rat) (slashAmount sdk.Int) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can fraction be renamed to something more descriptive, perhaps slashFactor?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to slashFraction.

// Calculate slash amount proportional to stake contributing to infraction
slashAmount = sdk.NewRatFromInt(unbondingDelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt()

// Don't slash more tokens than held
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Write a note here, that this is a concern since this unbonding delegation may have already been slashed once, and we slash based on initial balance.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added comment, here and for the same check on redelegation.

}

// Calculate slash amount proportional to stake contributing to infraction
slashAmount = sdk.NewRatFromInt(unbondingDelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want a sanity check that this is a non-negative number? I think that would improve overall safety, and it shouldn't be an expensive check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a sanity check for the sign of slashFraction.

// Calculate slash amount proportional to stake contributing to infraction
slashAmount = sdk.NewRatFromInt(redelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt()

// Don't slash more tokens than held
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same two comments as above. (sanity check for positive slashAmount, indicate why slashing more tokens than held would be a concern)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added comment, added sanity check in the top-level Slash() function.

slashAmount = sdk.NewRatFromInt(redelegation.InitialBalance.Amount, sdk.OneInt()).Mul(fraction).EvaluateInt()

// Don't slash more tokens than held
redelegationSlashAmount := slashAmount
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can more indication be given as to the justification for this rename?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added comment.

}

// slash a redelegation and update the pool
func (k Keeper) slashRedelegation(ctx sdk.Context, validator types.Validator, redelegation types.Redelegation, infractionHeight int64, fraction sdk.Rat) (slashAmount sdk.Int) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can fraction be renamed to slashFactor

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to slashFraction.

// CONTRACT:
// Infraction committed at the current height or at a past height,
// not at a height in the future
func (k Keeper) Slash(ctx sdk.Context, pubkey crypto.PubKey, infractionHeight int64, power int64, fraction sdk.Rat) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this function be placed above the previous two? (Sorry for the extremely minor nitpick here. I think it would be useful structurally to see the contract first though)

Also can fraction be renamed to slashFactor

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved, now slashFactor.

logger.Info(fmt.Sprintf("Validator %s slashed by fraction %v, removed %v shares and burned %d tokens", pubkey.Address(), fraction, sharesToRemove, burned))

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can there be a sanity check that that the remaining slash amount = 0?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not necessarily zero; most of the stake may still be bonded.

@cwgoes cwgoes dismissed ValarDragon’s stale review June 30, 2018 03:18

Addressed (I think)

@cwgoes cwgoes force-pushed the cwgoes/slashing-version-two branch from bbe1ea2 to e46e687 Compare June 30, 2018 03:23
Copy link
Contributor

@ValarDragon ValarDragon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! slashFactor is so much cooler than fraction :)

@cwgoes cwgoes merged commit 3654579 into develop Jun 30, 2018
@cwgoes cwgoes deleted the cwgoes/slashing-version-two branch June 30, 2018 03:34
adrianbrink pushed a commit that referenced this pull request Jul 2, 2018
Implement semifinal Gaia slashing spec (#1263), less #1348, #1378, and #1440 which are TBD.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants