Report Aura Equivocations to runtime #70
Assignees
Labels
I1-security
The node fails to follow expected, security-sensitive, behaviour.
Comments
21 tasks
|
Neither Kusama nor Polkadot use AuRa. Can we close this? |
claravanstaden
referenced
this issue
in Snowfork/polkadot-sdk
Dec 8, 2023
jonathanudd
pushed a commit
to jonathanudd/polkadot-sdk
that referenced
this issue
Apr 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Following paritytech/substrate#911, we have an Aura consensus engine embedded in substrate. And while its verifier rejects unverified blocks, it does not issue misbehavior checks on the wire nor chain yet. Unlike with other block production mechanisms, these aren't happening in messages between one another but at the level where the new block would be attempted to be imported.
The main type of misbehavior to check for is equivocating, or signing multiple blocks in the same slot. Other types of misbehavior, like signing a bad block or signing a block out-of-turn have intrinsic economic penalties associated with them, either by skipping out on rewards or losing reliability with peers in the p2p network.
A proof-of-equivocation is just two headers (the body may be valid or invalid), both signed by the same voter, with seal mentioning the same slot. A runtime module should be created for checking equivocations.
This can be tracked by keeping track of the last N ( = 1000) slots we've seen blocks for per author. We add to this after checking the header. If there is ever one in that position already, we will issue a report to the runtime with our proof. See paritytech/substrate#2181 for a rough outline on how to do such reports.
The text was updated successfully, but these errors were encountered: