SebastianElvis
commented
5 months ago Agree that having the same Pk for staker / FP will incur this new attack vector launched by covenant committee. But in this case how will we support self delegation?
Closed KonradStaniec closed 5 months ago
SebastianElvis
commented
5 months ago Agree that having the same Pk for staker / FP will incur this new attack vector launched by covenant committee. But in this case how will we support self delegation?
KonradStaniec
commented
5 months ago Agree that having the same Pk for staker / FP will incur this new attack vector launched by covenant committee. But in this case how will we support self delegation?
I think we do not have defined how self-delegation will be supported.
In our pm epic https://github.com/babylonchain/pm/issues/41, we have this quick note in nice to have:
5. Self-Delegation of Finality Providers
Why nice to have: currently it is possible to self delegate but it requires jumping through some hops and there is no easy way to prove that delegation is really self delegation. So this is bad but not critical to launch initial version of mainnet.There is even a question, does the Babylon node/protocol need to support native self-delegation ? As I see it, self delegation is made when some entity control both StakerPK and FinalityProviderPK, this means it can be actually supported off chain . For example, some front end which receive proof of possession for both StakerPK and FinalityProviderPK.
If this is not enough and we would like to support it natively, maybe the option would be the have additional message for finality provider like ProveSelfDelegationMsg in which finality provider send transactions hashes which were self delegated.
Either way, we cannot do it by setting StakerPk == FinalityProviderPk as this is not secure.
KonradStaniec
commented
5 months ago @gitferry @SebastianElvis In last commit:
ErrDuplicatedKeyInScript which can be used by caller to discern this error. Imo some CLI tools can add more user friendly error message based on this errorprepareKeysForMultisigScript and added in doc there that It is up to the caller to ensure that the keys are unique . This function is private so it makes sense to move uniqness check higher up, and not do double checking.
Enforce that
StakerPKis never equal toFinalityProviderPkas this breaks our security with pre-signed slashing transactions.If
StakerPK == FinalityProviderPkin script, and Staker publishes pre-signed slashing transaction, then quorum of covenant committee member can collude to slash the staker by creating valid witness in which staker signature will be used in place of finality provider signature.