zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
Browse Source

update spec with the removal of phantom validator evidence (#126)

pull/7804/head
Callum Waters 4 years ago
committed by GitHub
parent
d46cd7f573
commit
31b182b7aa
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 13 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -0
      spec/consensus/light-client/accountability.md
  2. +1
    -13
      spec/core/data_structures.md

+ 6
- 0
spec/consensus/light-client/accountability.md View File

@ -310,6 +310,12 @@ Consequences:
**Remark.** We can have phantom-validator-based attacks as a follow up of equivocation or amnesia based attack where forked state contains validators that are not part of the validator set at the main chain. In this case, they keep signing messages contributed to a forked chain (the wrong branch) although they are not part of the validator set on the main chain. This attack can also be used to attack full node during a period of time it is eclipsed.
**Remark.** Phantom validator evidence has been removed from implementation as it was deemed, although possibly a plausible form of evidence, not relevant. Any attack on
the light client involving a phantom validator will have needed to be initiated by 1/3+ lunatic
validators that can forge a new validator set that includes the phantom validator. Only in
that case will the light client accept the phantom validators vote. We need only worry about
punishing the 1/3+ lunatic cabal, that is the root cause of the attack.
### Lunatic validator
Lunatic validator agrees to sign commit messages for arbitrary application state. It is used to attack light clients.


+ 1
- 13
spec/core/data_structures.md View File

@ -236,7 +236,7 @@ type DuplicateVoteEvidence struct {
`AmnesiaEvidence` represents a validator that has incorrectly voted for another block in a
different round to the the block that the validator was previously locked on. This form
of evidence is generated differently from the rest. See this
[ADR](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-056-proving-amnesia-attacks.md).
[ADR](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-056-proving-amnesia-attacks.md) for more information.
```go
type AmnesiaEvidence struct {
@ -256,18 +256,6 @@ type LunaticValidatorEvidence struct {
}
```
`PhantomValidatorEvidence` represents a validator that has signed for a block where it was not part of the validator set.
This attack also only applies to Light clients. Phantom validators must still be staked. `LastHeightValidatorWasInSet`
indicated the height that they last voted.
```go
type PhantomValidatorEvidence struct {
Vote *Vote
LastHeightValidatorWasInSet int64
}
```
## Validation
Here we describe the validation rules for every element in a block.


Write Preview
Loading…
Cancel
Save