From 23122712cb73003b9ab21e96c6eb001f46068f97 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Thu, 9 Jan 2025 19:50:20 -0500
Subject: [PATCH] Document validator jailing upon participation failures and
 slash report determination

These are TODOs. I just wanted to ensure this was written down and each seemed
too small for GH issues.
---
 coordinator/src/tributary/db.rs   | 14 +++++++++++++-
 coordinator/src/tributary/scan.rs | 12 +++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/coordinator/src/tributary/db.rs b/coordinator/src/tributary/db.rs
index fbcfcc01..0d85110d 100644
--- a/coordinator/src/tributary/db.rs
+++ b/coordinator/src/tributary/db.rs
@@ -272,7 +272,19 @@ impl TributaryDb {
 
   pub(crate) fn start_of_block(txn: &mut impl DbTxn, set: ValidatorSet, block_number: u64) {
     for topic in Reattempt::take(txn, set, block_number).unwrap_or(vec![]) {
-      // TODO: Slash all people who preprocessed but didn't share
+      /*
+        TODO: Slash all people who preprocessed but didn't share, and add a delay to their
+        participations in future protocols. When we call accumulate, if the participant has no
+        delay, their accumulation occurs immediately. Else, the accumulation occurs after the
+        specified delay.
+
+        This means even if faulty validators are first to preprocess, they won't be selected for
+        the signing set unless there's a lack of less faulty validators available.
+
+        We need to decrease this delay upon successful partipations, and set it to the maximum upon
+        `f + 1` validators voting to fatally slash the validator in question. This won't issue the
+        fatal slash but should still be effective.
+      */
       Self::recognize_topic(txn, set, topic);
       if let Some(id) = topic.sign_id(set) {
         Self::send_message(txn, set, messages::sign::CoordinatorMessage::Reattempt { id });
diff --git a/coordinator/src/tributary/scan.rs b/coordinator/src/tributary/scan.rs
index 2c39cd13..fec89f28 100644
--- a/coordinator/src/tributary/scan.rs
+++ b/coordinator/src/tributary/scan.rs
@@ -201,7 +201,17 @@ impl<'a, D: Db, DT: DbTxn, TD: Db, P: P2p> ScanBlock<'a, D, DT, TD, P> {
           DataSet::None => {}
           DataSet::Participating(data_set) => {
             // Find the median reported slashes for this validator
-            // TODO: This lets 34% perform a fatal slash. Should that be allowed?
+            /*
+              TODO: This lets 34% perform a fatal slash. That shouldn't be allowed. We need
+              to accept slash reports for a period past the threshold, and only fatally slash if we
+              have a supermajority agree the slash should be fatal. If there isn't a supermajority,
+              but the median believe the slash should be fatal, we need to fallback to a large
+              constant.
+
+              Also, TODO, each slash point should probably be considered as
+              `MAX_KEY_SHARES_PER_SET * BLOCK_TIME` seconds of downtime. As this time crosses
+              various thresholds (1 day, 3 days, etc), a multiplier should be attached.
+            */
             let mut median_slash_report = Vec::with_capacity(self.validators.len());
             for i in 0 .. self.validators.len() {
               let mut this_validator =