search

penumbra-zone / penumbra

Penumbra is a fully private proof-of-stake network and decentralized exchange for the Cosmos ecosystem.
https://penumbra.zone
Apache License 2.0
381 stars 296 forks source link

Change to time-based mechanisms #2182

Closed avahowell closed 4 months ago

avahowell commented 1 year ago

The final step of #2070 is to repair the mechanism design to account for the dynamic epoch changes, moving to time-based mechanisms.

hdevalence commented 1 year ago

Removed the latter two points in the original list to "promote" them into the top-level tracking issue #2070

hdevalence commented 1 year ago

Requires #1934 as a place to put the new code.

erwanor commented 1 year ago

Deprioritized in order to move on the IBC front, still in-progress

erwanor commented 8 months ago

Something I have noticed while doing an unbonding delay rework is that since epoch duration is dynamic, subject to events triggering epoch-changes, if we want the unbonding mechanism to coincide with "a long enough period of time for penalties to be applied to a stack of delegated stake" we need to make that unbonding period a function of time.

x-ref: #3694

erwanor commented 8 months ago

To elaborate on the point above, since an active validator can trigger early epoch changes it can attempt to evade slashing by accelerating the effective unbonding period to attempt to evade byzantine slashing.

erwanor commented 8 months ago

x-ref: https://github.com/penumbra-zone/penumbra/issues/3738

conorsch commented 6 months ago

Discussed in sprint planning today. We've decided not to implement this for v1, so updating the labels to v2 accordingly.

hdevalence commented 6 months ago

This needs to be done as part of V1, it's crucial for security.

hdevalence commented 6 months ago

We could defer specific things like the synchrony check (not sure if we should do that at all) but we need our mechanisms to be independent of the epoch length, as we recently painfully discovered with swap claims

erwanor commented 6 months ago

@hdevalence what part needs to be done for V1? I suggested we bump it down because we decided to not add the BFT time synchrony check, and the unbonding mechanism we discussed has been implemented

hdevalence commented 6 months ago

The part we need to do for V1 is "Change to time-based mechanisms", in other words if we want to do stuff later we need to move it out of this scope (and have a story of why it's not necessary for the change)

erwanor commented 6 months ago

It's pretty confusing to call this "time-based mechanisms" if what we want to do is make sure that the protocol is equipped to deal with dynamic epochs...

aubrika commented 4 months ago

Closed as complete