Skip mandatory commitment when beefy authorities not changed #1215
Conversation
Changes the validator set successions to still be sequential, but non-consecutive. For bridge security against collusion by validators, it's important that these validators are still bonded, but the timing of the signature itself is secondary. As such, even if some validators have rotated out, this change permits keeping the bridge alive so long as 2/3rds of the `currentValidatorSet` are still bonded and sign the commitment. Co-authored-by: bhargavbh <[email protected]> Co-authored-by: Alistair Stewart <[email protected]>
Co-authored-by: bhargavbh <[email protected]>
…eases-in-validator-set' into ron/skip-mandatory-commitment-when-authorities-not-changed
|
Sync beefy checkpoint from Log as follows shows all handover commitments from 20919030 to 20926196(range of 3 sessions) are skipped since no authorities changes. Based upon the analysis #1137 (comment) will decrease the maintainance cost about 4 times less. |
| @@ -260,7 +260,7 @@ contract BeefyClient { | |||
| signatureUsageCount = currentValidatorSet.usageCounters.get(proof.index); | |||
| currentValidatorSet.usageCounters.set(proof.index, signatureUsageCount.saturatingAdd(1)); | |||
| vset = currentValidatorSet; | |||
| } else if (commitment.validatorSetID == nextValidatorSet.id) { | |||
| } else if (commitment.validatorSetID >= nextValidatorSet.id) { | |||
There was a problem hiding this comment.
We need some tests in the solidity that skips a mandatory commitment.
Example scenario:
We are in validator set id 6 (next validator set 7), we skip 7 and 8 and then import 9. After importing 9 the current validator set will be 7 and the next validator set will be 10.
We also need to make sure that a future commit does not commit to a block number in the past and a test that covers it.
Context:
#1137 (comment)
#1137 (comment)
There was a problem hiding this comment.
Good catch Alistair, yeah, we need more unit tests for this work.
There was a problem hiding this comment.
Yeah, so in this case the current&next validatorId pair will be (7,10) and latestBeefyBlock is in session 9.
I would expect a minor change here
snowbridge/contracts/src/BeefyClient.sol
Line 259 in 40f9592
from
if (commitment.validatorSetID == currentValidatorSet.id) to if (commitment.validatorSetID == currentValidatorSet.id) || commitment.validatorSetID == nextValidatorSet.id - 1 will just work but I'll definetely do more tests.
|
@yrong @alistair-singh One thing to consider in the greater scheme of things: This optimization will greatly reduce costs for long-range catch up if the relayer is out of action for a few days. However, if my thinking is correct, it won't actually reduce costs if the relayer is caught up, and users are actively sending messages to Ethereum, because, we still need to update the MMR root so that the Gateway can verify user messages. And in order to update the MMR root, we need to sync a signed commitment that can be used to verify the new MMR root. I still think its a worthwhile change to include, but we need more testing to be certain. |
This PR is not only for long-range catch up case, it's supposed to work together with #1217 to furthurly decrease the cost. Here is my test flow based on polkadot relaychain.
As we can see the sync is success because the authorities in validatorSetID 619 are the same as 618 so it's possible to use the keys in validatorSetID 618 to verify the commitment in validatorSetID 619, and after that the current&next validatorSetID pair is still (618,620).
As we can see after that the current&next validatorSetID pair becomes (620,621) which is back to normal as before. |
…owfork/snowbridge into ron/skip-mandatory-commitment
* Sync beefy commitment on demand * Minor fix * More comments * More refactoring * Fix for skip mandatory commitment * Some refactoring * Find for next beefy block * Improve log * Remove check unrelated
More context in #1137 authored by @Lederstrumpf and @bhargavbh, many thanks.
Revamp the relayer to skip mandatory commitment when beefy authorities not changed.