2018-08-13 07:04:35 -07:00
# Begin-Block
2018-05-25 15:52:34 -07:00
2018-08-13 07:12:59 -07:00
## Evidence handling
2018-05-25 15:52:34 -07:00
2018-06-15 23:26:09 -07:00
Tendermint blocks can include
[Evidence ](https://github.com/tendermint/tendermint/blob/develop/docs/spec/blockchain/blockchain.md#evidence ), which indicates that a validator
2018-08-20 06:07:23 -07:00
committed malicious behavior. The relevant information is forwarded to the
2018-06-15 23:26:09 -07:00
application as [ABCI
2018-08-13 07:04:35 -07:00
Evidence](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto#L259) in `abci.RequestBeginBlock`
so that the validator an be accordingly punished.
2018-05-25 15:52:34 -07:00
2018-06-29 13:02:45 -07:00
For some `evidence` to be valid, it must satisfy:
2018-05-25 15:52:34 -07:00
`evidence.Timestamp >= block.Timestamp - MAX_EVIDENCE_AGE`
where `evidence.Timestamp` is the timestamp in the block at height
`evidence.Height` and `block.Timestamp` is the current block timestamp.
2018-06-29 20:34:55 -07:00
If valid evidence is included in a block, the validator's stake is reduced by `SLASH_PROPORTION` of
what their stake was when the infraction occurred (rather than when the evidence was discovered).
We want to "follow the stake": the stake which contributed to the infraction should be
slashed, even if it has since been redelegated or started unbonding.
2018-05-25 15:52:34 -07:00
2018-06-29 20:34:55 -07:00
We first need to loop through the unbondings and redelegations from the slashed validator
and track how much stake has since moved:
2018-06-14 20:26:21 -07:00
2018-05-25 15:52:34 -07:00
```
2018-06-29 20:34:55 -07:00
slashAmountUnbondings := 0
slashAmountRedelegations := 0
2018-05-25 15:52:34 -07:00
2018-06-14 20:26:21 -07:00
unbondings := getUnbondings(validator.Address)
for unbond in unbondings {
2018-06-29 20:34:55 -07:00
if was not bonded before evidence.Height or started unbonding before unbonding period ago {
2018-06-14 20:26:21 -07:00
continue
}
2018-06-29 20:34:55 -07:00
2018-06-14 20:26:21 -07:00
burn := unbond.InitialTokens * SLASH_PROPORTION
2018-06-29 20:34:55 -07:00
slashAmountUnbondings += burn
2018-06-15 14:26:14 -07:00
unbond.Tokens = max(0, unbond.Tokens - burn)
2018-06-14 20:26:21 -07:00
}
// only care if source gets slashed because we're already bonded to destination
// so if destination validator gets slashed our delegation just has same shares
// of smaller pool.
redels := getRedelegationsBySource(validator.Address)
for redel in redels {
2018-06-29 20:34:55 -07:00
if was not bonded before evidence.Height or started redelegating before unbonding period ago {
2018-06-14 20:26:21 -07:00
continue
}
burn := redel.InitialTokens * SLASH_PROPORTION
2018-06-29 20:34:55 -07:00
slashAmountRedelegations += burn
2018-06-14 20:26:21 -07:00
amount := unbondFromValidator(redel.Destination, burn)
destroy(amount)
}
```
2018-05-25 15:52:34 -07:00
2018-06-29 20:34:55 -07:00
We then slash the validator:
```
curVal := validator
oldVal := loadValidator(evidence.Height, evidence.Address)
slashAmount := SLASH_PROPORTION * oldVal.Shares
slashAmount -= slashAmountUnbondings
slashAmount -= slashAmountRedelegations
curVal.Shares = max(0, curVal.Shares - slashAmount)
```
This ensures that offending validators are punished the same amount whether they
act as a single validator with X stake or as N validators with collectively X
stake.
2018-08-23 04:43:01 -07:00
The amount slashed for all double signature infractions committed within a single slashing period is capped as described in [state-machine.md ](state-machine.md ).
2018-08-20 09:37:16 -07:00
2018-08-13 07:12:59 -07:00
## Uptime tracking
2018-05-25 15:52:34 -07:00
At the beginning of each block, we update the signing info for each validator and check if they should be automatically unbonded:
```
2018-05-30 15:54:46 -07:00
height := block.Height
2018-05-25 15:52:34 -07:00
for val in block.Validators:
2018-06-15 03:22:06 -07:00
signInfo = SigningInfo.Get(val.Address)
2018-06-14 20:26:21 -07:00
if signInfo == nil{
signInfo.StartHeight = height
}
2018-05-30 15:54:46 -07:00
index := signInfo.IndexOffset % SIGNED_BLOCKS_WINDOW
signInfo.IndexOffset++
2018-06-15 03:22:06 -07:00
previous = SigningBitArray.Get(val.Address, index)
2018-05-30 15:54:46 -07:00
// update counter if array has changed
if previous and val in block.AbsentValidators:
2018-06-15 03:22:06 -07:00
SigningBitArray.Set(val.Address, index, false)
2018-05-30 15:54:46 -07:00
signInfo.SignedBlocksCounter--
else if !previous and val not in block.AbsentValidators:
2018-06-15 03:22:06 -07:00
SigningBitArray.Set(val.Address, index, true)
2018-05-30 15:54:46 -07:00
signInfo.SignedBlocksCounter++
// else previous == val not in block.AbsentValidators, no change
// validator must be active for at least SIGNED_BLOCKS_WINDOW
2018-06-29 13:02:45 -07:00
// before they can be automatically unbonded for failing to be
2018-05-30 15:54:46 -07:00
// included in 50% of the recent LastCommits
minHeight = signInfo.StartHeight + SIGNED_BLOCKS_WINDOW
minSigned = SIGNED_BLOCKS_WINDOW / 2
if height > minHeight AND signInfo.SignedBlocksCounter < minSigned:
signInfo.JailedUntil = block.Time + DOWNTIME_UNBOND_DURATION
2018-06-14 20:26:21 -07:00
2018-05-30 15:54:46 -07:00
slash & unbond the validator
2018-06-14 20:26:21 -07:00
2018-06-15 03:22:06 -07:00
SigningInfo.Set(val.Address, signInfo)
2018-05-25 15:52:34 -07:00
```
2018-08-20 09:37:16 -07:00
2018-08-23 04:43:01 -07:00
The amount slashed for downtime slashes is *not* capped by the slashing period in which they are committed, although they do reset it (since the validator is unbonded).
