Gossipsub backoff latencies may result in punishment

[blacktemplar]

Consider the following scenario:

1. Peer A sends a PRUNE to peer B with a backoff time of 60 seconds. It stores the 60 second backoff time in its internal data structure.
2. Peer B receives the PRUNE message after a short delay of lets say one second and stores the 60 second backoff in its internal data structure.
3. Exactly 60 seconds after peer A sent the PRUNE it might decide to GRAFT to peer B again and sends a GRAFT.
4. This time the message gets received and processed by peer B in less than a second and therefore for peer B the backoff is still active and it declines the GRAFT and punishes peer A.

To circumvent such punishments peer A should consider some slack time before it sends a GRAFT to peer B. So I propose adding some slack times to backoffs after sending a PRUNE. Note that this slack time should only be considered for sending GRAFTs and not for checking if an incoming GRAFT is allowed (in this case we consider the real backoff time without the additional slack).

[vyzo]

There is some slack time already; the backoffs are cleared every few ticks, so we won't try to send a GRAFT immediately after expiration.

[blacktemplar]

That is not a real slack in my opinion. In the extreme case it might happen that the next tick that clears the backoffs gets executed directly after the 60 seconds are over in which case again peer B would punish peer A.

[vyzo]

Fair enough, we could add an explicit slack of 1s or something before attempting the next GRAFT.

[vyzo]

You also need to consider the time it gets for the GRAFT to get there, which should roughly match the time it takes for the backoff to expire in the other side if we initiated the PRUNE. But RTTs can be variable, so agreed this could be problematic in the edge case.

[vyzo]

fix in #374.