attestantio / vouch

Apache License 2.0
112 stars 28 forks source link

[Feature Request] Support web3signer as an account manager #97

Closed ThomasDalla closed 1 year ago

ThomasDalla commented 1 year ago

In a world where most of the existing validators have been created with hd wallets, this is currently impossible to migrate them to Vouch with slashing protection. We can migrate them to local wallet accounts in Vouch, and under normal operations Vouch does not produce slashing events, but having a robust slashing protection would be better (especially if we benefit from it with the current validator client we are running and want to migrate to Vouch).

Supporting web3signer as an account manager would make it possible to migrate existing non-ditributed validators to Vouch while retaining slashing protection. It would help increase Vouch's adoption.

mcdee commented 1 year ago

If you have an HD seed you can create an HD wallet with the relevant accounts using ethdo and serve it using dirk to provide slashing protection. Does this address the issue?

ThomasDalla commented 1 year ago

Not exactly because web3signer can run in a resilient fashion, having multiple instances on different machines, using a highly available, distributed PostgreSQL database for the slashing protection. You can then have multiple identical pairs of (validator-client, web3signer) on different machines, and even if they were to run at the same time on more than one machine, there would be no risk of being slashed (only one web3signer successfully signing back to one of them).

In more practical terms, you can have a cold standby VC+Web3signer on a separate machine (different network) that takes over if the main one goes offline. When the backup pair starts, we could assert the same slots and get slashed. Same issue if there is a bug in our leader election and both of them run at the same time. The shared database slashing protection of web3signer protects us from that and allows us to be highly available without the risk of being slashed.

Migrating to an HD wallet in dirk only allows for a single instance of Dirk to exist. Having 2 instances of Dirk with the same HD wallet can lead to slashing (unlike two instances of web3signer backed by the same slashing database). I have migrated to hd wallets in dirk on Goërli and it works as a charm, but for Mainnet the slashing protection being resilient to multiple instances is a must.

An alternative to get the shared slashing protection benefits would be to support a shared slashing database between multiple instances of dirk (for HD wallets, not needed for distributed wallets), similarly to web3signer. In that case, web3signer would have no advantages over dirk and I would be happily migrating my "legacy" validators to Vouch+Dirk on Mainnet as well.

mcdee commented 1 year ago

I spent some time looking at the web3signer, and think that rather than supporting it a better way to go will be to provide the ability to shard an existing private key. This would leverage Dirk's slashing protection and not require shared infrastructure.

ThomasDalla commented 1 year ago

That would be even better! Worth a separate ticket?

For reference:

SSV https://docs.ssv.network/developers/tools/ssv-key-distributor Obol https://github.com/ObolNetwork/charon-distributed-validator-cluster#import-existing-validator-keys

ThomasDalla commented 1 year ago

Raised under Dirk's Issue Tracker: https://github.com/attestantio/dirk/issues/30

Happy to close this ticket.

ThomasDalla commented 1 year ago

Superseded by https://github.com/attestantio/dirk/issues/30

ybstaked commented 1 year ago

Great discussion, very interested in this feature being available!