[REQUEST FOR INFORMATION] Deployment of attacknet

[MatthiasEgli]

Is it possible to share the way in which the attacknet has been deployed, including scripts to conveniently deploy private identical/similar test networks? We want to clone the full network to better try certain cases and have more insights into the behavior and debug messages of the validator nodes.

[protolambda]

Hey, that sounds great! I am happy to help you set up a similar network, but sadly the original approach how we set up the current attacknets is not so convenient. To change this, and scale to bigger multi-client attacknets, I started refactoring the ansible roles, vars, playbooks etc. into a new public repository, built to work more as a library. This way everyone should be able to spin up a testnet with their own ansible inventory definition. (if you are unfamiliar with Ansible, have a look at this great tutorial: https://www.youtube.com/watch?v=MfoAb50Br94)

Work in progress here: https://github.com/protolambda/ansible_eth2/

The set up, used in attacknets now, generally looks like:

• define ansible hosts, attach client metadata to them with ansible group-vars
• roles to get docker containers running, and put them on the host network:
  • beacon runs an Eth2 beacon node. Publicly exposed on TCP and UDP port 9000
  • validator run an Eth2 validator, communicating with the beacon node on port 4000 (and 4001 for GRPC, prysm client)
• multi-client validator key deployment, with a lot of keys, is complex. But automated with ansible, and https://github.com/protolambda/eth2-val-tools
• a permissioned deposit contract was used, so we keep attacks limited to the nodes themselves for now, and not something like a sudden 1000+ new validators. (The mainnet spec has things to avoid sudden chain take-overs, but at small validator counts it doesn't work)

The process looks like:

• Create validator seeds (two mnemonics)
• Define a fork-version for your testnet
• Deploy some deposit contract. Public (see specs repo), or permissioned (see https://github.com/protolambda/testnet-dep-contract/). Use an Eth1 testnet. You can use the public goerli testnetwork. With the permissioned deposit contract, you don't need any goerli eth, except for gas fees.
• Create validator deposits, for a range of derived keys
• Spin up a few machines
• Make sure to get configuration for a specific client right. They have different options to load it. The fork version, deposit contract address, and genesis conditions, need to match for a successful network launch
• Deploy beacon nodes to the machines (the beacon docker container on each machine)
• If not running the Teku client (which has a validator client built into the beacon node itself), deploy validator clients (the validator docker container on each machine)
• Now that your things are running, submit the deposits to the testnet.
• The nodes will start processing the deposits, and schedule genesis!
• Genesis happens, the network should be running, and validators are proposing blocks and attesting things.

Have you tried running a single beacon node and validator already, on e.g. Altona testnet? I would recommend getting familiar first.

[protolambda]

Also, something to add: you can run a beacon node without a validator, and still join the attacknet. That would be a good, easy, start to become familiar with things. And at the same time, you will have some attacknet data at hand by syncing the network (the API of the client you are running may be useful).

You could then maybe use trace logs or a debugger to find interesting things in the client, to then try and exploit in the other attacknet nodes.

If you want to avoid other attacknet users from accidentally finding your node, you can disable the "discv5" part of the client (this is the discovery part where node records are advertised).