babylonchain / babylon

Main repo for Babylon full node
https://babylonchain.io
Other
240 stars 170 forks source link

Slashable FP offence won't be slashed #715

Open maurolacy opened 4 months ago

maurolacy commented 4 months ago

Summary of Bug

Taking a look at the slashing logic in

https://github.com/babylonchain/babylon/blob/fe247dd38a83ccbf940dabed5dafaa69698b9eb0/x/finality/keeper/msg_server.go#L132-L140

noticed that a given FP will be slashed only when signing the canonical (i.e. indexed) block, and an alternative (fork) block at the same height.

This implies that a malicious FP could sign and submit any number of non-canonical block signatures for a given height. As long as he doesn’t sign and submit the canonical block signature as well, he won’t be slashed.

This is because slashing currently depends on a FP signing both, an offending / fork block, AND the canonical (i.e. indexed) block.

Perhaps the code / logic can be changed here. If a given FP signs two different blocks at any given height (independently of if one is the canonical or not), he’s slashed.

So, slash when signing both the canonical and other block, and also when signing two other blocks.

This seems easy to fix: If Evidence already exists in the store for this FP at that height, this is a double sign.

Update: Just noticed that the detection of double signing of forks is slightly below in the code

https://github.com/babylonchain/babylon/blob/fe247dd38a83ccbf940dabed5dafaa69698b9eb0/x/finality/keeper/msg_server.go#L153-L172

The bug is then that, since neither fork is the canonical block, this code is never reached (the if above always returns without error).

Version

Latest.

Steps to Reproduce

N/A.