github/prysm
1
1
Fork 0
mirror of https://github.com/OffchainLabs/prysm.git synced 2026-01-08 23:18:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Implement EIP-3076 minimal slashing protection, using a filesystem database (#13360)

Browse Source 
* `EpochFromString`: Use already defined `Uint64FromString` function.

* `Test_uint64FromString` => `Test_FromString`

This test function tests more functions than `Uint64FromString`.

* Slashing protection history: Remove unreachable code.

The function `NewKVStore` creates, via `kv.UpdatePublicKeysBuckets`,
a new item in the `proposal-history-bucket-interchange`.

IMO there is no real reason to prefer `proposal` than `attestation`
as a prefix for this bucket, but this is the way it is done right now
and renaming the bucket will probably be backward incompatible.

An `attestedPublicKey` cannot exist without
the corresponding `proposedPublicKey`.

Thus, the `else` portion of code removed in this commit is not reachable.
We raise an error if we get there.

This is also probably the reason why the removed `else` portion was not
tested.

* `NewKVStore`: Switch items in `createBuckets`.

So the order corresponds to `schema.go`

* `slashableAttestationCheck`: Fix comments and logs.

* `ValidatorClient.db`: Use `iface.ValidatorDB`.

* BoltDB database: Implement `GraffitiFileHash`.

* Filesystem database: Creates `db.go`.

This file defines the following structs:
- `Store`
- `Graffiti`
- `Configuration`
- `ValidatorSlashingProtection`

This files implements the following public functions:
- `NewStore`
- `Close`
- `Backup`
- `DatabasePath`
- `ClearDB`
- `UpdatePublicKeysBuckets`

This files implements the following private functions:
- `slashingProtectionDirPath`
- `configurationFilePath`
- `configuration`
- `saveConfiguration`
- `validatorSlashingProtection`
- `saveValidatorSlashingProtection`
- `publicKeys`

* Filesystem database: Creates `genesis.go`.

This file defines the following public functions:
- `GenesisValidatorsRoot`
- `SaveGenesisValidatorsRoot`

* Filesystem database: Creates `graffiti.go`.

This file defines the following public functions:
- `SaveGraffitiOrderedIndex`
- `GraffitiOrderedIndex`

* Filesystem database: Creates `migration.go`.

This file defines the following public functions:
- `RunUpMigrations`
- `RunDownMigrations`

* Filesystem database: Creates proposer_settings.go.

This file defines the following public functions:
- `ProposerSettings`
- `ProposerSettingsExists`
- `SaveProposerSettings`

* Filesystem database: Creates `attester_protection.go`.

This file defines the following public functions:
- `EIPImportBlacklistedPublicKeys`
- `SaveEIPImportBlacklistedPublicKeys`
- `SigningRootAtTargetEpoch`
- `LowestSignedTargetEpoch`
- `LowestSignedSourceEpoch`
- `AttestedPublicKeys`
- `CheckSlashableAttestation`
- `SaveAttestationForPubKey`
- `SaveAttestationsForPubKey`
- `AttestationHistoryForPubKey`

* Filesystem database: Creates `proposer_protection.go`.

This file defines the following public functions:
- `HighestSignedProposal`
- `LowestSignedProposal`
- `ProposalHistoryForPubKey`
- `ProposalHistoryForSlot`
- `ProposedPublicKeys`

* Ensure that the filesystem store implements the `ValidatorDB` interface.

* `slashableAttestationCheck`: Check the database type.

* `slashableProposalCheck`: Check the database type.

* `slashableAttestationCheck`: Allow usage of minimal slashing protection.

* `slashableProposalCheck`: Allow usage of minimal slashing protection.

* `ImportStandardProtectionJSON`: Check the database type.

* `ImportStandardProtectionJSON`: Allow usage of min slashing protection.

* Implement `RecursiveDirFind`.

* Implement minimal<->complete DB conversion.

3 public functions are implemented:
- `IsCompleteDatabaseExisting`
- `IsMinimalDatabaseExisting`
- `ConvertDatabase`

* `setupDB`: Add `isSlashingProtectionMinimal` argument.

The feature addition is located in `validator/node/node_test.go`.
The rest of this commit consists in minimal slashing protection testing.

* `setupWithKey`: Add `isSlashingProtectionMinimal` argument.

The feature addition is located in `validator/client/propose_test.go`.

The rest of this commit consists in tests wrapping.

* `setup`: Add `isSlashingProtectionMinimal` argument.

The added feature is located in the `validator/client/propose_test.go`
file.

The rest of this commit consists in tests wrapping.

* `initializeFromCLI` and `initializeForWeb`: Factorize db init.

* Add `convert-complete-to-minimal` command.

* Creates `--enable-minimal-slashing-protection` flag.

* `importSlashingProtectionJSON`: Check database type.

* `exportSlashingProtectionJSON`: Check database type.

* `TestClearDB`: Test with minimal slashing protection.

* KeyManager: Test with minimal slashing protection.

* RPC: KeyManager: Test with minimal slashing protection.

* `convert-complete-to-minimal`: Change option names.

Options were:
- `--source` (for source data directory), and
- `--target` (for target data directory)

However, since this command deals with slashing protection, which has
source (epochs) and target (epochs), the initial option names may confuse
the user.

In this commit:
`--source` ==> `--source-data-dir`
`--target` ==> `--target-data-dir`

* Set `SlashableAttestationCheck` as an iface method.

And delete `CheckSlashableAttestation` from iface.

* Move helpers functions in a more general directory.

No functional change.

* Extract common structs out of `kv`.

==> `filesystem` does not depend anymore on `kv`.
==> `iface` does not depend anymore on `kv`.
==> `slashing-protection` does not depend anymore on `kv`.

* Move `ValidateMetadata` in `validator/helpers`.

* `ValidateMetadata`: Test with mock.

This way, we can:
- Avoid any circular import for tests.
- Implement once for all `iface.ValidatorDB` implementations
  the `ValidateMetadata`function.
- Have tests (and coverage) of `ValidateMetadata`in
  its own package.

The ideal solution would have been to implement `ValidateMetadata` as
a method with the `iface.ValidatorDB`receiver.
Unfortunately, golang does not allow that.

* `iface.ValidatorDB`: Implement ImportStandardProtectionJSON.

The whole purpose of this commit is to avoid the `switch validatorDB.(type)`
in `ImportStandardProtectionJSON`.

* `iface.ValidatorDB`: Implement `SlashableProposalCheck`.

* Remove now useless `slashableProposalCheck`.

* Delete useless `ImportStandardProtectionJSON`.

* `file.Exists`: Detect directories and return an error.

Before, `Exists` was only able to detect if a file exists.
Now, this function takes an extra `File` or `Directory` argument.
It detects either if a file or a directory exists.

Before, if an error was returned by `os.Stat`, the the file was
considered as non existing.
Now, it is treated as a real error.

* Replace `os.Stat` by `file.Exists`.

* Remove `Is{Complete,Minimal}DatabaseExisting`.

* `publicKeys`: Add log if unexpected file found.

* Move `{Source,Target}DataDirFlag`in `db.go`.

* `failedAttLocalProtectionErr`: `var`==> `const`

* `signingRoot`: `32`==> `fieldparams.RootLength`.

* `validatorClientData`==> `validator-client-data`.

To be consistent with `slashing-protection`.

* Add progress bars for `import` and `convert`.

* `parseBlocksForUniquePublicKeys`: Move in `db/kv`.

* helpers: Remove unused `initializeProgressBar` function.
This commit is contained in:
Manu NALEPA
2024-03-05 16:27:15 +01:00
committed by GitHub
parent b6ce6c2eba
commit ef21d3adf8
105 changed files with 9816 additions and 4575 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
validator/rpc/BUILD.bazel
View File

@@ -129,6 +129,9 @@ go_test(
"//validator/accounts/testing:go_default_library",
"//validator/accounts/wallet:go_default_library",
"//validator/client:go_default_library",
"//validator/db/common:go_default_library",
"//validator/db/filesystem:go_default_library",
"//validator/db/iface:go_default_library",
"//validator/db/kv:go_default_library",
"//validator/db/testing:go_default_library",
"//validator/keymanager:go_default_library",

7
validator/rpc/auth_token.go
View File

@@ -51,7 +51,12 @@ func CreateAuthToken(walletDirPath, validatorWebAddr string) error {
// of the URL. This token is then used as the bearer token for jwt auth.
func (s *Server) initializeAuthToken(walletDir string) (string, error) {
authTokenFile := filepath.Join(walletDir, AuthTokenFileName)
if file.Exists(authTokenFile) {
exists, err := file.Exists(authTokenFile, file.Regular)
if err != nil {
return "", errors.Wrapf(err, "could not check if file exists: %s", authTokenFile)
}
if exists {
// #nosec G304
f, err := os.Open(authTokenFile)
if err != nil {

7
validator/rpc/handler_wallet.go
View File

@@ -366,7 +366,12 @@ func writeWalletPasswordToDisk(walletDir, password string) error {
return nil
}
passwordFilePath := filepath.Join(walletDir, wallet.DefaultWalletPasswordFile)
if file.Exists(passwordFilePath) {
exists, err := file.Exists(passwordFilePath, file.Regular)
if err != nil {
return errors.Wrapf(err, "could not check if file exists: %s", passwordFilePath)
}
if exists {
return fmt.Errorf("cannot write wallet password file as it already exists %s", passwordFilePath)
}
return file.WriteFile(passwordFilePath, []byte(password))

12
validator/rpc/handler_wallet_test.go
View File

@@ -268,7 +268,9 @@ func TestServer_RecoverWallet_Derived(t *testing.T) {
// Password File should have been written.
passwordFilePath := filepath.Join(localWalletDir, wallet.DefaultWalletPasswordFile)
assert.Equal(t, true, file.Exists(passwordFilePath))
exists, err := file.Exists(passwordFilePath, file.Regular)
require.NoError(t, err, "could not check if password file exists")
assert.Equal(t, true, exists)
// Attempting to write again should trigger an error.
err = writeWalletPasswordToDisk(localWalletDir, "somepassword")
@@ -474,7 +476,9 @@ func Test_writeWalletPasswordToDisk(t *testing.T) {
// Expected a silent failure if the feature flag is not enabled.
passwordFilePath := filepath.Join(walletDir, wallet.DefaultWalletPasswordFile)
assert.Equal(t, false, file.Exists(passwordFilePath))
exists, err := file.Exists(passwordFilePath, file.Regular)
require.NoError(t, err, "could not check if password file exists")
assert.Equal(t, false, exists, "password file should not exist")
resetCfg = features.InitWithReset(&features.Flags{
WriteWalletPasswordOnWebOnboarding: true,
})
@@ -483,7 +487,9 @@ func Test_writeWalletPasswordToDisk(t *testing.T) {
require.NoError(t, err)
// File should have been written.
assert.Equal(t, true, file.Exists(passwordFilePath))
exists, err = file.Exists(passwordFilePath, file.Regular)
require.NoError(t, err, "could not check if password file exists")
assert.Equal(t, true, exists, "password file should exist")
// Attempting to write again should trigger an error.
err = writeWalletPasswordToDisk(walletDir, "somepassword")

7
validator/rpc/handlers_auth.go
View File

@@ -21,8 +21,13 @@ func (s *Server) Initialize(w http.ResponseWriter, r *http.Request) {
return
}
authTokenPath := filepath.Join(s.walletDir, AuthTokenFileName)
exists, err := file.Exists(authTokenPath, file.Regular)
if err != nil {
httputil.HandleError(w, errors.Wrap(err, "Could not check if auth token exists").Error(), http.StatusInternalServerError)
return
}
httputil.WriteJson(w, &InitializeAuthResponse{
HasSignedUp: file.Exists(authTokenPath),
HasSignedUp: exists,
HasWallet: walletExists,
})
}

4
validator/rpc/handlers_keymanager.go
View File

@@ -131,9 +131,7 @@ func (s *Server) ImportKeystores(w http.ResponseWriter, r *http.Request) {
keystores[i] = k
}
if req.SlashingProtection != "" {
if err := slashingprotection.ImportStandardProtectionJSON(
ctx, s.valDB, bytes.NewBufferString(req.SlashingProtection),
); err != nil {
if s.valDB == nil || s.valDB.ImportStandardProtectionJSON(ctx, bytes.NewBufferString(req.SlashingProtection)) != nil {
statuses := make([]*keymanager.KeyStatus, len(req.Keystores))
for i := 0; i < len(req.Keystores); i++ {
statuses[i] = &keymanager.KeyStatus{

808
validator/rpc/handlers_keymanager_test.go
View File

@@ -29,6 +29,9 @@ import (
mock "github.com/prysmaticlabs/prysm/v5/validator/accounts/testing"
"github.com/prysmaticlabs/prysm/v5/validator/accounts/wallet"
"github.com/prysmaticlabs/prysm/v5/validator/client"
dbCommon "github.com/prysmaticlabs/prysm/v5/validator/db/common"
"github.com/prysmaticlabs/prysm/v5/validator/db/filesystem"
DBIface "github.com/prysmaticlabs/prysm/v5/validator/db/iface"
"github.com/prysmaticlabs/prysm/v5/validator/db/kv"
dbtest "github.com/prysmaticlabs/prysm/v5/validator/db/testing"
"github.com/prysmaticlabs/prysm/v5/validator/keymanager"
@@ -257,73 +260,83 @@ func TestServer_ImportKeystores(t *testing.T) {
require.Equal(t, keymanager.StatusError, st.Status)
}
})
t.Run("returns proper statuses for keystores in request", func(t *testing.T) {
numKeystores := 5
password := "12345678"
keystores := make([]*keymanager.Keystore, numKeystores)
passwords := make([]string, numKeystores)
publicKeys := make([][fieldparams.BLSPubkeyLength]byte, numKeystores)
for i := 0; i < numKeystores; i++ {
keystores[i] = createRandomKeystore(t, password)
pubKey, err := hexutil.Decode("0x" + keystores[i].Pubkey)
require.NoError(t, err)
publicKeys[i] = bytesutil.ToBytes48(pubKey)
passwords[i] = password
}
// Create a validator database.
validatorDB, err := kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: publicKeys,
for _, isSlashingProtectionMinimal := range []bool{false, true} {
t.Run(fmt.Sprintf("returns proper statuses for keystores in request/isSlashingProtectionMininal:%v", isSlashingProtectionMinimal), func(t *testing.T) {
numKeystores := 5
password := "12345678"
keystores := make([]*keymanager.Keystore, numKeystores)
passwords := make([]string, numKeystores)
publicKeys := make([][fieldparams.BLSPubkeyLength]byte, numKeystores)
for i := 0; i < numKeystores; i++ {
keystores[i] = createRandomKeystore(t, password)
pubKey, err := hexutil.Decode("0x" + keystores[i].Pubkey)
require.NoError(t, err)
publicKeys[i] = bytesutil.ToBytes48(pubKey)
passwords[i] = password
}
// Create a validator database.
var validatorDB DBIface.ValidatorDB
if isSlashingProtectionMinimal {
validatorDB, err = filesystem.NewStore(defaultWalletPath, &filesystem.Config{
PubKeys: publicKeys,
})
} else {
validatorDB, err = kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: publicKeys,
})
}
require.NoError(t, err)
s.valDB = validatorDB
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
encodedKeystores := make([]string, numKeystores)
for i := 0; i < numKeystores; i++ {
enc, err := json.Marshal(keystores[i])
require.NoError(t, err)
encodedKeystores[i] = string(enc)
}
// Generate mock slashing history.
attestingHistory := make([][]*dbCommon.AttestationRecord, 0)
proposalHistory := make([]dbCommon.ProposalHistoryForPubkey, len(publicKeys))
for i := 0; i < len(publicKeys); i++ {
proposalHistory[i].Proposals = make([]dbCommon.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(publicKeys, attestingHistory, proposalHistory)
require.NoError(t, err)
// JSON encode the protection JSON and save it.
encodedSlashingProtection, err := json.Marshal(mockJSON)
require.NoError(t, err)
request := &ImportKeystoresRequest{
Keystores: encodedKeystores,
Passwords: passwords,
SlashingProtection: string(encodedSlashingProtection),
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ImportKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &ImportKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, numKeystores, len(resp.Data))
for _, st := range resp.Data {
require.Equal(t, keymanager.StatusImported, st.Status)
}
})
require.NoError(t, err)
s.valDB = validatorDB
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
encodedKeystores := make([]string, numKeystores)
for i := 0; i < numKeystores; i++ {
enc, err := json.Marshal(keystores[i])
require.NoError(t, err)
encodedKeystores[i] = string(enc)
}
// Generate mock slashing history.
attestingHistory := make([][]*kv.AttestationRecord, 0)
proposalHistory := make([]kv.ProposalHistoryForPubkey, len(publicKeys))
for i := 0; i < len(publicKeys); i++ {
proposalHistory[i].Proposals = make([]kv.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(publicKeys, attestingHistory, proposalHistory)
require.NoError(t, err)
// JSON encode the protection JSON and save it.
encodedSlashingProtection, err := json.Marshal(mockJSON)
require.NoError(t, err)
request := &ImportKeystoresRequest{
Keystores: encodedKeystores,
Passwords: passwords,
SlashingProtection: string(encodedSlashingProtection),
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ImportKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &ImportKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, numKeystores, len(resp.Data))
for _, st := range resp.Data {
require.Equal(t, keymanager.StatusImported, st.Status)
}
})
}
}
func TestServer_ImportKeystores_WrongKeymanagerKind(t *testing.T) {
@@ -372,215 +385,236 @@ func TestServer_ImportKeystores_WrongKeymanagerKind(t *testing.T) {
}
func TestServer_DeleteKeystores(t *testing.T) {
ctx := context.Background()
srv := setupServerWithWallet(t)
for _, isSlashingProtectionMinimal := range []bool{false, true} {
ctx := context.Background()
srv := setupServerWithWallet(t)
// We recover 3 accounts from a test mnemonic.
numAccounts := 3
km, er := srv.validatorService.Keymanager()
require.NoError(t, er)
dr, ok := km.(*derived.Keymanager)
require.Equal(t, true, ok)
err := dr.RecoverAccountsFromMnemonic(ctx, mocks.TestMnemonic, derived.DefaultMnemonicLanguage, "", numAccounts)
require.NoError(t, err)
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// We recover 3 accounts from a test mnemonic.
numAccounts := 3
km, er := srv.validatorService.Keymanager()
require.NoError(t, er)
dr, ok := km.(*derived.Keymanager)
require.Equal(t, true, ok)
err := dr.RecoverAccountsFromMnemonic(ctx, mocks.TestMnemonic, derived.DefaultMnemonicLanguage, "", numAccounts)
require.NoError(t, err)
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// Create a validator database.
validatorDB, err := kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: publicKeys,
})
require.NoError(t, err)
srv.valDB = validatorDB
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
// Generate mock slashing history.
attestingHistory := make([][]*kv.AttestationRecord, 0)
proposalHistory := make([]kv.ProposalHistoryForPubkey, len(publicKeys))
for i := 0; i < len(publicKeys); i++ {
proposalHistory[i].Proposals = make([]kv.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(publicKeys, attestingHistory, proposalHistory)
require.NoError(t, err)
// JSON encode the protection JSON and save it.
encoded, err := json.Marshal(mockJSON)
require.NoError(t, err)
request := &ImportSlashingProtectionRequest{
SlashingProtectionJson: string(encoded),
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, "/v2/validator/slashing-protection/import", &buf)
wr := httptest.NewRecorder()
srv.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
t.Run("no slashing protection response if no keys in request even if we have a history in DB", func(t *testing.T) {
request := &DeleteKeystoresRequest{
Pubkeys: nil,
// Create a validator database.
var validatorDB DBIface.ValidatorDB
if isSlashingProtectionMinimal {
validatorDB, err = filesystem.NewStore(defaultWalletPath, &filesystem.Config{
PubKeys: publicKeys,
})
} else {
validatorDB, err = kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: publicKeys,
})
}
require.NoError(t, err)
srv.valDB = validatorDB
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
// Generate mock slashing history.
attestingHistory := make([][]*dbCommon.AttestationRecord, 0)
proposalHistory := make([]dbCommon.ProposalHistoryForPubkey, len(publicKeys))
for i := 0; i < len(publicKeys); i++ {
proposalHistory[i].Proposals = make([]dbCommon.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(publicKeys, attestingHistory, proposalHistory)
require.NoError(t, err)
// JSON encode the protection JSON and save it.
encoded, err := json.Marshal(mockJSON)
require.NoError(t, err)
request := &ImportSlashingProtectionRequest{
SlashingProtectionJson: string(encoded),
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/keystores"), &buf)
req := httptest.NewRequest(http.MethodPost, "/v2/validator/slashing-protection/import", &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
srv.DeleteKeystores(wr, req)
srv.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &DeleteKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, "", resp.SlashingProtection)
})
t.Run(fmt.Sprintf("no slashing protection response if no keys in request even if we have a history in DB/mininalSlaghinProtection:%v", isSlashingProtectionMinimal), func(t *testing.T) {
request := &DeleteKeystoresRequest{
Pubkeys: nil,
}
// For ease of test setup, we'll give each public key a string identifier.
publicKeysWithId := map[string][fieldparams.BLSPubkeyLength]byte{
"a": publicKeys[0],
"b": publicKeys[1],
"c": publicKeys[2],
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
srv.DeleteKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &DeleteKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, "", resp.SlashingProtection)
})
type keyCase struct {
id string
wantProtectionData bool
}
tests := []struct {
keys []*keyCase
wantStatuses []keymanager.KeyStatusType
}{
{
keys: []*keyCase{
{id: "a", wantProtectionData: true},
{id: "a", wantProtectionData: true},
{id: "d"},
{id: "c", wantProtectionData: true},
},
wantStatuses: []keymanager.KeyStatusType{
keymanager.StatusDeleted,
keymanager.StatusNotActive,
keymanager.StatusNotFound,
keymanager.StatusDeleted,
},
},
{
keys: []*keyCase{
{id: "a", wantProtectionData: true},
{id: "c", wantProtectionData: true},
},
wantStatuses: []keymanager.KeyStatusType{
keymanager.StatusNotActive,
keymanager.StatusNotActive,
},
},
{
keys: []*keyCase{
{id: "x"},
},
wantStatuses: []keymanager.KeyStatusType{
keymanager.StatusNotFound,
},
},
}
for _, tc := range tests {
keys := make([]string, len(tc.keys))
for i := 0; i < len(tc.keys); i++ {
pk := publicKeysWithId[tc.keys[i].id]
keys[i] = hexutil.Encode(pk[:])
}
request := &DeleteKeystoresRequest{
Pubkeys: keys,
// For ease of test setup, we'll give each public key a string identifier.
publicKeysWithId := map[string][fieldparams.BLSPubkeyLength]byte{
"a": publicKeys[0],
"b": publicKeys[1],
"c": publicKeys[2],
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
srv.DeleteKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &DeleteKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, len(keys), len(resp.Data))
slashingProtectionData := &format.EIPSlashingProtectionFormat{}
require.NoError(t, json.Unmarshal([]byte(resp.SlashingProtection), slashingProtectionData))
require.Equal(t, true, len(slashingProtectionData.Data) > 0)
type keyCase struct {
id string
wantProtectionData bool
}
tests := []struct {
keys []*keyCase
wantStatuses []keymanager.KeyStatusType
}{
{
keys: []*keyCase{
{id: "a", wantProtectionData: true},
{id: "a", wantProtectionData: true},
{id: "d"},
{id: "c", wantProtectionData: true},
},
wantStatuses: []keymanager.KeyStatusType{
keymanager.StatusDeleted,
keymanager.StatusNotActive,
keymanager.StatusNotFound,
keymanager.StatusDeleted,
},
},
{
keys: []*keyCase{
{id: "a", wantProtectionData: true},
{id: "c", wantProtectionData: true},
},
wantStatuses: []keymanager.KeyStatusType{
keymanager.StatusNotActive,
keymanager.StatusNotActive,
},
},
{
keys: []*keyCase{
{id: "x"},
},
wantStatuses: []keymanager.KeyStatusType{
keymanager.StatusNotFound,
},
},
}
for _, tc := range tests {
keys := make([]string, len(tc.keys))
for i := 0; i < len(tc.keys); i++ {
pk := publicKeysWithId[tc.keys[i].id]
keys[i] = hexutil.Encode(pk[:])
}
request := &DeleteKeystoresRequest{
Pubkeys: keys,
}
for i := 0; i < len(tc.keys); i++ {
require.Equal(
t,
tc.wantStatuses[i],
resp.Data[i].Status,
fmt.Sprintf("Checking status for key %s", tc.keys[i].id),
)
if tc.keys[i].wantProtectionData {
// We check that we can find the key in the slashing protection data.
var found bool
for _, dt := range slashingProtectionData.Data {
if dt.Pubkey == keys[i] {
found = true
break
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
srv.DeleteKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &DeleteKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, len(keys), len(resp.Data))
slashingProtectionData := &format.EIPSlashingProtectionFormat{}
require.NoError(t, json.Unmarshal([]byte(resp.SlashingProtection), slashingProtectionData))
require.Equal(t, true, len(slashingProtectionData.Data) > 0)
for i := 0; i < len(tc.keys); i++ {
require.Equal(
t,
tc.wantStatuses[i],
resp.Data[i].Status,
fmt.Sprintf("Checking status for key %s", tc.keys[i].id),
)
if tc.keys[i].wantProtectionData {
// We check that we can find the key in the slashing protection data.
var found bool
for _, dt := range slashingProtectionData.Data {
if dt.Pubkey == keys[i] {
found = true
break
}
}
require.Equal(t, true, found)
}
require.Equal(t, true, found)
}
}
}
}
func TestServer_DeleteKeystores_FailedSlashingProtectionExport(t *testing.T) {
ctx := context.Background()
srv := setupServerWithWallet(t)
for _, isSlashingProtectionMinimal := range []bool{false, true} {
t.Run(fmt.Sprintf("minimalSlashingProtection:%v", isSlashingProtectionMinimal), func(t *testing.T) {
ctx := context.Background()
srv := setupServerWithWallet(t)
// We recover 3 accounts from a test mnemonic.
numAccounts := 3
km, er := srv.validatorService.Keymanager()
require.NoError(t, er)
dr, ok := km.(*derived.Keymanager)
require.Equal(t, true, ok)
err := dr.RecoverAccountsFromMnemonic(ctx, mocks.TestMnemonic, derived.DefaultMnemonicLanguage, "", numAccounts)
require.NoError(t, err)
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// We recover 3 accounts from a test mnemonic.
numAccounts := 3
km, er := srv.validatorService.Keymanager()
require.NoError(t, er)
dr, ok := km.(*derived.Keymanager)
require.Equal(t, true, ok)
err := dr.RecoverAccountsFromMnemonic(ctx, mocks.TestMnemonic, derived.DefaultMnemonicLanguage, "", numAccounts)
require.NoError(t, err)
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// Create a validator database.
validatorDB, err := kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: publicKeys,
})
require.NoError(t, err)
err = validatorDB.SaveGenesisValidatorsRoot(ctx, make([]byte, fieldparams.RootLength))
require.NoError(t, err)
srv.valDB = validatorDB
// Create a validator database.
var validatorDB DBIface.ValidatorDB
if isSlashingProtectionMinimal {
validatorDB, err = filesystem.NewStore(defaultWalletPath, &filesystem.Config{
PubKeys: publicKeys,
})
} else {
validatorDB, err = kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: publicKeys,
})
}
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
require.NoError(t, err)
err = validatorDB.SaveGenesisValidatorsRoot(ctx, make([]byte, fieldparams.RootLength))
require.NoError(t, err)
srv.valDB = validatorDB
request := &DeleteKeystoresRequest{
Pubkeys: []string{"0xaf2e7ba294e03438ea819bd4033c6c1bf6b04320ee2075b77273c08d02f8a61bcc303c2c06bd3713cb442072ae591494"},
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
request := &DeleteKeystoresRequest{
Pubkeys: []string{"0xaf2e7ba294e03438ea819bd4033c6c1bf6b04320ee2075b77273c08d02f8a61bcc303c2c06bd3713cb442072ae591494"},
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
srv.DeleteKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &DeleteKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, 1, len(resp.Data))
require.Equal(t, keymanager.StatusError, resp.Data[0].Status)
require.Equal(t, "Could not export slashing protection history as existing non duplicate keys were deleted",
resp.Data[0].Message,
)
})
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/keystores"), &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
srv.DeleteKeystores(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
resp := &DeleteKeystoresResponse{}
require.NoError(t, json.Unmarshal(wr.Body.Bytes(), resp))
require.Equal(t, 1, len(resp.Data))
require.Equal(t, keymanager.StatusError, resp.Data[0].Status)
require.Equal(t, "Could not export slashing protection history as existing non duplicate keys were deleted",
resp.Data[0].Message,
)
}
func TestServer_DeleteKeystores_WrongKeymanagerKind(t *testing.T) {
@@ -1047,56 +1081,58 @@ func TestServer_SetGasLimit(t *testing.T) {
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{})
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
})
require.NoError(t, err)
for _, isSlashingProtectionMinimal := range [...]bool{false, true} {
for _, tt := range tests {
t.Run(fmt.Sprintf("%s/isSlashingProtectionMinimal:%v", tt.name, isSlashingProtectionMinimal), func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{}, isSlashingProtectionMinimal)
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
beaconNodeValidatorClient: beaconClient,
valDB: validatorDB,
}
if tt.beaconReturn != nil {
beaconClient.EXPECT().GetFeeRecipientByPubKey(
gomock.Any(),
gomock.Any(),
).Return(tt.beaconReturn.resp, tt.beaconReturn.error)
}
request := &SetGasLimitRequest{
GasLimit: fmt.Sprintf("%d", tt.newGasLimit),
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/eth/v1/validator/{pubkey}/gas_limit"), &buf)
req = mux.SetURLVars(req, map[string]string{"pubkey": hexutil.Encode(tt.pubkey)})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.SetGasLimit(w, req)
if tt.wantErr != "" {
assert.NotEqual(t, http.StatusOK, w.Code)
require.StringContains(t, tt.wantErr, w.Body.String())
} else {
assert.Equal(t, http.StatusAccepted, w.Code)
for _, wantObj := range tt.w {
assert.Equal(t, wantObj.gaslimit, uint64(s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(wantObj.pubkey)].BuilderConfig.GasLimit))
s := &Server{
validatorService: vs,
beaconNodeValidatorClient: beaconClient,
valDB: validatorDB,
}
}
})
if tt.beaconReturn != nil {
beaconClient.EXPECT().GetFeeRecipientByPubKey(
gomock.Any(),
gomock.Any(),
).Return(tt.beaconReturn.resp, tt.beaconReturn.error)
}
request := &SetGasLimitRequest{
GasLimit: fmt.Sprintf("%d", tt.newGasLimit),
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/eth/v1/validator/{pubkey}/gas_limit"), &buf)
req = mux.SetURLVars(req, map[string]string{"pubkey": hexutil.Encode(tt.pubkey)})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.SetGasLimit(w, req)
if tt.wantErr != "" {
assert.NotEqual(t, http.StatusOK, w.Code)
require.StringContains(t, tt.wantErr, w.Body.String())
} else {
assert.Equal(t, http.StatusAccepted, w.Code)
for _, wantObj := range tt.w {
assert.Equal(t, wantObj.gaslimit, uint64(s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(wantObj.pubkey)].BuilderConfig.GasLimit))
}
}
})
}
}
}
@@ -1234,40 +1270,42 @@ func TestServer_DeleteGasLimit(t *testing.T) {
w: []want{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{})
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
for _, isSlashingProtectionMinimal := range [...]bool{false, true} {
for _, tt := range tests {
t.Run(fmt.Sprintf("%s/isSlashingProtectionMinimal:%v", tt.name, isSlashingProtectionMinimal), func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{}, isSlashingProtectionMinimal)
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
valDB: validatorDB,
}
// Set up global default value for builder gas limit.
params.BeaconConfig().DefaultBuilderGasLimit = uint64(globalDefaultGasLimit)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/validator/{pubkey}/gas_limit"), nil)
req = mux.SetURLVars(req, map[string]string{"pubkey": hexutil.Encode(tt.pubkey)})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.DeleteGasLimit(w, req)
if tt.wantError != nil {
assert.StringContains(t, tt.wantError.Error(), w.Body.String())
} else {
assert.Equal(t, http.StatusNoContent, w.Code)
}
for _, wantedObj := range tt.w {
assert.Equal(t, wantedObj.gaslimit, s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(wantedObj.pubkey)].BuilderConfig.GasLimit)
}
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
valDB: validatorDB,
}
// Set up global default value for builder gas limit.
params.BeaconConfig().DefaultBuilderGasLimit = uint64(globalDefaultGasLimit)
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/validator/{pubkey}/gas_limit"), nil)
req = mux.SetURLVars(req, map[string]string{"pubkey": hexutil.Encode(tt.pubkey)})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.DeleteGasLimit(w, req)
if tt.wantError != nil {
assert.StringContains(t, tt.wantError.Error(), w.Body.String())
} else {
assert.Equal(t, http.StatusNoContent, w.Code)
}
for _, wantedObj := range tt.w {
assert.Equal(t, wantedObj.gaslimit, s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(wantedObj.pubkey)].BuilderConfig.GasLimit)
}
})
}
}
}
@@ -1693,41 +1731,43 @@ func TestServer_FeeRecipientByPubkey(t *testing.T) {
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{})
for _, isSlashingProtectionMinimal := range [...]bool{false, true} {
for _, tt := range tests {
t.Run(fmt.Sprintf("%s/isSlashingProtectionMinimal:%v", tt.name, isSlashingProtectionMinimal), func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{}, isSlashingProtectionMinimal)
// save a default here
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
// save a default here
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
beaconNodeValidatorClient: beaconClient,
valDB: validatorDB,
}
request := &SetFeeRecipientByPubkeyRequest{
Ethaddress: tt.args,
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/eth/v1/validator/{pubkey}/feerecipient"), &buf)
req = mux.SetURLVars(req, map[string]string{"pubkey": pubkey})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.SetFeeRecipientByPubkey(w, req)
assert.Equal(t, http.StatusAccepted, w.Code)
assert.Equal(t, tt.want.valEthAddress, s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(byteval)].FeeRecipientConfig.FeeRecipient.Hex())
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
beaconNodeValidatorClient: beaconClient,
valDB: validatorDB,
}
request := &SetFeeRecipientByPubkeyRequest{
Ethaddress: tt.args,
}
var buf bytes.Buffer
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, fmt.Sprintf("/eth/v1/validator/{pubkey}/feerecipient"), &buf)
req = mux.SetURLVars(req, map[string]string{"pubkey": pubkey})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.SetFeeRecipientByPubkey(w, req)
assert.Equal(t, http.StatusAccepted, w.Code)
assert.Equal(t, tt.want.valEthAddress, s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(byteval)].FeeRecipientConfig.FeeRecipient.Hex())
})
}
}
}
@@ -1803,29 +1843,31 @@ func TestServer_DeleteFeeRecipientByPubkey(t *testing.T) {
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{})
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
for _, isSlashingProtectionMinimal := range [...]bool{false, true} {
for _, tt := range tests {
t.Run(fmt.Sprintf("%s/isSlashingProtectionMinimal:%v", tt.name, isSlashingProtectionMinimal), func(t *testing.T) {
m := &mock.Validator{}
err := m.SetProposerSettings(ctx, tt.proposerSettings)
require.NoError(t, err)
validatorDB := dbtest.SetupDB(t, [][fieldparams.BLSPubkeyLength]byte{}, isSlashingProtectionMinimal)
vs, err := client.NewValidatorService(ctx, &client.Config{
Validator: m,
ValDB: validatorDB,
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
valDB: validatorDB,
}
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/validator/{pubkey}/feerecipient"), nil)
req = mux.SetURLVars(req, map[string]string{"pubkey": pubkey})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.DeleteFeeRecipientByPubkey(w, req)
assert.Equal(t, http.StatusNoContent, w.Code)
assert.Equal(t, true, s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(byteval)].FeeRecipientConfig == nil)
})
require.NoError(t, err)
s := &Server{
validatorService: vs,
valDB: validatorDB,
}
req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/eth/v1/validator/{pubkey}/feerecipient"), nil)
req = mux.SetURLVars(req, map[string]string{"pubkey": pubkey})
w := httptest.NewRecorder()
w.Body = &bytes.Buffer{}
s.DeleteFeeRecipientByPubkey(w, req)
assert.Equal(t, http.StatusNoContent, w.Code)
assert.Equal(t, true, s.validatorService.ProposerSettings().ProposeConfig[bytesutil.ToBytes48(byteval)].FeeRecipientConfig == nil)
})
}
}
}

2
validator/rpc/handlers_slashing.go
View File

@@ -76,7 +76,7 @@ func (s *Server) ImportSlashingProtection(w http.ResponseWriter, r *http.Request
}
enc := []byte(req.SlashingProtectionJson)
buf := bytes.NewBuffer(enc)
if err := slashing.ImportStandardProtectionJSON(ctx, s.valDB, buf); err != nil {
if err := s.valDB.ImportStandardProtectionJSON(ctx, buf); err != nil {
httputil.HandleError(w, errors.Wrap(err, "could not import slashing protection history").Error(), http.StatusInternalServerError)
return
}

266
validator/rpc/handlers_slashing_test.go
View File

@@ -4,12 +4,16 @@ import (
"bytes"
"context"
"encoding/json"
"fmt"
"net/http"
"net/http/httptest"
"testing"
"github.com/prysmaticlabs/prysm/v5/testing/require"
"github.com/prysmaticlabs/prysm/v5/validator/accounts"
"github.com/prysmaticlabs/prysm/v5/validator/db/common"
"github.com/prysmaticlabs/prysm/v5/validator/db/filesystem"
"github.com/prysmaticlabs/prysm/v5/validator/db/iface"
"github.com/prysmaticlabs/prysm/v5/validator/db/kv"
"github.com/prysmaticlabs/prysm/v5/validator/keymanager"
"github.com/prysmaticlabs/prysm/v5/validator/slashing-protection-history/format"
@@ -17,132 +21,156 @@ import (
)
func TestImportSlashingProtection_Preconditions(t *testing.T) {
ctx := context.Background()
localWalletDir := setupWalletDir(t)
defaultWalletPath = localWalletDir
for _, isSlashingProtectionMinimal := range []bool{false, true} {
t.Run(fmt.Sprintf("slashing protection minimal: %v", isSlashingProtectionMinimal), func(t *testing.T) {
ctx := context.Background()
localWalletDir := setupWalletDir(t)
defaultWalletPath = localWalletDir
// Empty JSON.
s := &Server{
walletDir: defaultWalletPath,
// Empty JSON.
s := &Server{
walletDir: defaultWalletPath,
}
request := &ImportSlashingProtectionRequest{
SlashingProtectionJson: "",
}
var buf bytes.Buffer
err := json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, "/v2/validator/slashing-protection/import", &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
// No validator DB provided.
s.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusInternalServerError, wr.Code)
require.StringContains(t, "could not find validator database", wr.Body.String())
// Create Wallet and add to server for more realistic testing.
opts := []accounts.Option{
accounts.WithWalletDir(defaultWalletPath),
accounts.WithKeymanagerType(keymanager.Local),
accounts.WithWalletPassword(strongPass),
accounts.WithSkipMnemonicConfirm(true),
}
acc, err := accounts.NewCLIManager(opts...)
require.NoError(t, err)
w, err := acc.WalletCreate(ctx)
require.NoError(t, err)
s.wallet = w
numValidators := 1
// Create public keys for the mock validator DB.
pubKeys, err := mocks.CreateRandomPubKeys(numValidators)
require.NoError(t, err)
// Create a validator database.
var validatorDB iface.ValidatorDB
if isSlashingProtectionMinimal {
validatorDB, err = filesystem.NewStore(defaultWalletPath, &filesystem.Config{
PubKeys: pubKeys,
})
} else {
validatorDB, err = kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: pubKeys,
})
}
require.NoError(t, err)
s.valDB = validatorDB
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
// Test empty JSON.
wr = httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusBadRequest, wr.Code)
require.StringContains(t, "empty slashing_protection_json specified", wr.Body.String())
// Generate mock slashing history.
attestingHistory := make([][]*common.AttestationRecord, 0)
proposalHistory := make([]common.ProposalHistoryForPubkey, len(pubKeys))
for i := 0; i < len(pubKeys); i++ {
proposalHistory[i].Proposals = make([]common.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(pubKeys, attestingHistory, proposalHistory)
require.NoError(t, err)
// JSON encode the protection JSON and save it in rpc req.
encoded, err := json.Marshal(mockJSON)
require.NoError(t, err)
request.SlashingProtectionJson = string(encoded)
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req = httptest.NewRequest(http.MethodPost, "/v2/validator/slashing-protection/import", &buf)
wr = httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
})
}
request := &ImportSlashingProtectionRequest{
SlashingProtectionJson: "",
}
var buf bytes.Buffer
err := json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req := httptest.NewRequest(http.MethodPost, "/v2/validator/slashing-protection/import", &buf)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
// No validator DB provided.
s.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusInternalServerError, wr.Code)
require.StringContains(t, "could not find validator database", wr.Body.String())
// Create Wallet and add to server for more realistic testing.
opts := []accounts.Option{
accounts.WithWalletDir(defaultWalletPath),
accounts.WithKeymanagerType(keymanager.Local),
accounts.WithWalletPassword(strongPass),
accounts.WithSkipMnemonicConfirm(true),
}
acc, err := accounts.NewCLIManager(opts...)
require.NoError(t, err)
w, err := acc.WalletCreate(ctx)
require.NoError(t, err)
s.wallet = w
numValidators := 1
// Create public keys for the mock validator DB.
pubKeys, err := mocks.CreateRandomPubKeys(numValidators)
require.NoError(t, err)
// Create a validator database.
validatorDB, err := kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: pubKeys,
})
require.NoError(t, err)
s.valDB = validatorDB
// Have to close it after import is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
// Test empty JSON.
wr = httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusBadRequest, wr.Code)
require.StringContains(t, "empty slashing_protection_json specified", wr.Body.String())
// Generate mock slashing history.
attestingHistory := make([][]*kv.AttestationRecord, 0)
proposalHistory := make([]kv.ProposalHistoryForPubkey, len(pubKeys))
for i := 0; i < len(pubKeys); i++ {
proposalHistory[i].Proposals = make([]kv.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(pubKeys, attestingHistory, proposalHistory)
require.NoError(t, err)
// JSON encode the protection JSON and save it in rpc req.
encoded, err := json.Marshal(mockJSON)
require.NoError(t, err)
request.SlashingProtectionJson = string(encoded)
err = json.NewEncoder(&buf).Encode(request)
require.NoError(t, err)
req = httptest.NewRequest(http.MethodPost, "/v2/validator/slashing-protection/import", &buf)
wr = httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ImportSlashingProtection(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
}
func TestExportSlashingProtection_Preconditions(t *testing.T) {
ctx := context.Background()
localWalletDir := setupWalletDir(t)
defaultWalletPath = localWalletDir
for _, isSlashingProtectionMinimal := range []bool{false, true} {
t.Run(fmt.Sprintf("slashing protection minimal: %v", isSlashingProtectionMinimal), func(t *testing.T) {
ctx := context.Background()
localWalletDir := setupWalletDir(t)
defaultWalletPath = localWalletDir
s := &Server{
walletDir: defaultWalletPath,
s := &Server{
walletDir: defaultWalletPath,
}
req := httptest.NewRequest(http.MethodGet, "/v2/validator/slashing-protection/export", nil)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
// No validator DB provided.
s.ExportSlashingProtection(wr, req)
require.Equal(t, http.StatusInternalServerError, wr.Code)
require.StringContains(t, "could not find validator database", wr.Body.String())
numValidators := 10
// Create public keys for the mock validator DB.
pubKeys, err := mocks.CreateRandomPubKeys(numValidators)
require.NoError(t, err)
// We create a validator database.
var validatorDB iface.ValidatorDB
if isSlashingProtectionMinimal {
validatorDB, err = filesystem.NewStore(t.TempDir(), &filesystem.Config{
PubKeys: pubKeys,
})
} else {
validatorDB, err = kv.NewKVStore(context.Background(), t.TempDir(), &kv.Config{
PubKeys: pubKeys,
})
}
require.NoError(t, err)
s.valDB = validatorDB
// Have to close it after export is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
genesisValidatorsRoot := [32]byte{1}
err = validatorDB.SaveGenesisValidatorsRoot(ctx, genesisValidatorsRoot[:])
require.NoError(t, err)
wr = httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ExportSlashingProtection(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
})
}
req := httptest.NewRequest(http.MethodGet, "/v2/validator/slashing-protection/export", nil)
wr := httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
// No validator DB provided.
s.ExportSlashingProtection(wr, req)
require.Equal(t, http.StatusInternalServerError, wr.Code)
require.StringContains(t, "could not find validator database", wr.Body.String())
numValidators := 10
// Create public keys for the mock validator DB.
pubKeys, err := mocks.CreateRandomPubKeys(numValidators)
require.NoError(t, err)
// We create a validator database.
validatorDB, err := kv.NewKVStore(ctx, defaultWalletPath, &kv.Config{
PubKeys: pubKeys,
})
require.NoError(t, err)
s.valDB = validatorDB
// Have to close it after export is done otherwise it complains db is not open.
defer func() {
require.NoError(t, validatorDB.Close())
}()
genesisValidatorsRoot := [32]byte{1}
err = validatorDB.SaveGenesisValidatorsRoot(ctx, genesisValidatorsRoot[:])
require.NoError(t, err)
wr = httptest.NewRecorder()
wr.Body = &bytes.Buffer{}
s.ExportSlashingProtection(wr, req)
require.Equal(t, http.StatusOK, wr.Code)
}
func TestImportExportSlashingProtection_RoundTrip(t *testing.T) {
// Round trip is only suitable with complete slashing protection, since
// minimal slashing protections only keep latest attestation and proposal.
ctx := context.Background()
localWalletDir := setupWalletDir(t)
defaultWalletPath = localWalletDir
@@ -169,10 +197,10 @@ func TestImportExportSlashingProtection_RoundTrip(t *testing.T) {
}()
// Generate mock slashing history.
attestingHistory := make([][]*kv.AttestationRecord, 0)
proposalHistory := make([]kv.ProposalHistoryForPubkey, len(pubKeys))
attestingHistory := make([][]*common.AttestationRecord, 0)
proposalHistory := make([]common.ProposalHistoryForPubkey, len(pubKeys))
for i := 0; i < len(pubKeys); i++ {
proposalHistory[i].Proposals = make([]kv.Proposal, 0)
proposalHistory[i].Proposals = make([]common.Proposal, 0)
}
mockJSON, err := mocks.MockSlashingProtectionJSON(pubKeys, attestingHistory, proposalHistory)
require.NoError(t, err)