Document validator jailing upon participation failures and slash report determination

These are TODOs. I just wanted to ensure this was written down and each seemed too small for GH issues.
2025-12-08 04:09:23 +00:00 · 2025-01-09 19:50:20 -05:00
parent 47eb793ce9
commit 23122712cb
2 changed files with 24 additions and 2 deletions
--- a/coordinator/src/tributary/db.rs
+++ b/coordinator/src/tributary/db.rs
@@ -272,7 +272,19 @@ impl TributaryDb {

  pub(crate) fn start_of_block(txn: &mut impl DbTxn, set: ValidatorSet, block_number: u64) {
    for topic in Reattempt::take(txn, set, block_number).unwrap_or(vec![]) {
-      // TODO: Slash all people who preprocessed but didn't share
+      /*
+        TODO: Slash all people who preprocessed but didn't share, and add a delay to their
+        participations in future protocols. When we call accumulate, if the participant has no
+        delay, their accumulation occurs immediately. Else, the accumulation occurs after the
+        specified delay.
+
+        This means even if faulty validators are first to preprocess, they won't be selected for
+        the signing set unless there's a lack of less faulty validators available.
+
+        We need to decrease this delay upon successful partipations, and set it to the maximum upon
+        `f + 1` validators voting to fatally slash the validator in question. This won't issue the
+        fatal slash but should still be effective.
+      */
      Self::recognize_topic(txn, set, topic);
      if let Some(id) = topic.sign_id(set) {
        Self::send_message(txn, set, messages::sign::CoordinatorMessage::Reattempt { id });
--- a/coordinator/src/tributary/scan.rs
+++ b/coordinator/src/tributary/scan.rs
@@ -201,7 +201,17 @@ impl<'a, D: Db, DT: DbTxn, TD: Db, P: P2p> ScanBlock<'a, D, DT, TD, P> {
          DataSet::None => {}
          DataSet::Participating(data_set) => {
            // Find the median reported slashes for this validator
-            // TODO: This lets 34% perform a fatal slash. Should that be allowed?
+            /*
+              TODO: This lets 34% perform a fatal slash. That shouldn't be allowed. We need
+              to accept slash reports for a period past the threshold, and only fatally slash if we
+              have a supermajority agree the slash should be fatal. If there isn't a supermajority,
+              but the median believe the slash should be fatal, we need to fallback to a large
+              constant.
+
+              Also, TODO, each slash point should probably be considered as
+              `MAX_KEY_SHARES_PER_SET * BLOCK_TIME` seconds of downtime. As this time crosses
+              various thresholds (1 day, 3 days, etc), a multiplier should be attached.
+            */
            let mut median_slash_report = Vec::with_capacity(self.validators.len());
            for i in 0 .. self.validators.len() {
              let mut this_validator =