Paul's Doppelganger Protection Updates

.github/workflows/test-suite.yml

@@ -146,8 +146,8 @@ jobs:
         run: sudo npm install -g ganache-cli
       - name: Run the syncing simulator
         run: cargo run --release --bin simulator syncing-sim
-  doppelganger-detection-test:
-      name: doppelganger-detection-test
+  doppelganger-protection-test:
+      name: doppelganger-protection-test
       runs-on: ubuntu-latest
       needs: cargo-fmt
       steps:
@@ -160,10 +160,14 @@ jobs:
             run: |
                 make
                 make install-lcli
-          - name: Run the doppelganger detection test script
+          - name: Run the doppelganger protection success test script
             run: |
                 cd scripts/tests
-                ./doppelganger_detection.sh
+                ./doppelganger_protection.sh success
+          - name: Run the doppelganger protection failure test script
+            run: |
+                cd scripts/tests
+                ./doppelganger_protection.sh failure
   check-benchmarks:
     name: check-benchmarks
     runs-on: ubuntu-latest

beacon_node/http_api/tests/tests.rs

@@ -2152,13 +2152,13 @@ impl ApiTester {
     pub async fn test_post_lighthouse_liveness(self) -> Self {
         let epoch = self.chain.epoch().unwrap();
         let head_state = self.chain.head_beacon_state().unwrap();
-        let indices = (0..head_state.validators.len())
+        let indices = (0..head_state.validators().len())
             .map(|i| i as u64)
             .collect::<Vec<_>>();
 
         // Construct the expected response
         let expected: Vec<LivenessResponseData> = head_state
-            .validators
+            .validators()
             .iter()
             .enumerate()
             .map(|(index, _)| LivenessResponseData {

book/src/api-vc-endpoints.md

@@ -9,6 +9,7 @@ HTTP Path | Description |
 [`GET /lighthouse/spec`](#get-lighthousespec) | Get the Eth2 specification used by the validator
 [`GET /lighthouse/validators`](#get-lighthousevalidators) | List all validators
 [`GET /lighthouse/validators/:voting_pubkey`](#get-lighthousevalidatorsvoting_pubkey) | Get a specific validator
+[`GET /lighthouse/validators/doppelganger_status`](#get-lighthousevalidatorsdoppelganger_status) | Check the doppelganger protection check status of all validators.
 [`PATCH /lighthouse/validators/:voting_pubkey`](#patch-lighthousevalidatorsvoting_pubkey) | Update a specific validator
 [`POST /lighthouse/validators`](#post-lighthousevalidators) | Create a new validator and mnemonic.
 [`POST /lighthouse/validators/keystore`](#post-lighthousevalidatorskeystore) | Import a keystore.
@@ -220,6 +221,49 @@ localhost:5062/lighthouse/validators/0xb0148e6348264131bf47bcd1829590e870c836dc8
 }
 ```
 
+## `GET /lighthouse/validators/doppelganger_status`
+
+Get the doppelganger protection check status of all validators managed by this validator client.
+
+If doppelganger protection is disabled, this endpoint will return an empty array.
+
+### HTTP Specification
+
+| Property | Specification |
+| --- |--- |
+Path | `/lighthouse/validators/doppelganger_status`
+Method | GET
+Required Headers | [`Authorization`](./api-vc-auth-header.md)
+Typical Responses | 200, 400
+
+### Example Path
+
+```
+localhost:5062/lighthouse/validators/doppelganger_status
+```
+
+### Example Response Body
+
+```json
+{
+    "data":
+    [
+      {
+        "pubkey": "0xb0148e6348264131bf47bcd1829590e870c836dc893050fd0dadc7a28949f9d0a72f2805d027521b45441101f0cc1cde",
+        "status": "signing_enabled"
+      },
+      {
+        "pubkey": "0xb0148e6348264131bf47bcd1829590e870c836dc893050fd0dadc7a28949f9d0a72f2805d027521b45441101f0cc1cde",
+        "status": "signing_disabled"
+      },
+      {
+        "pubkey": "0xb0148e6348264131bf47bcd1829590e870c836dc893050fd0dadc7a28949f9d0a72f2805d027521b45441101f0cc1cde",
+        "status": "unknown"
+      }
+    ]
+}
+```
+
 ## `PATCH /lighthouse/validators/:voting_pubkey`
 
 Update some values for the validator with `voting_pubkey`.
@@ -351,7 +395,7 @@ Typical Responses | 200
       "checksum": {
         "function": "sha256",
         "params": {
-          
+
         },
         "message": "abadc1285fd38b24a98ac586bda5b17a8f93fc1ff0778803dc32049578981236"
       },

common/eth2/src/lib.rs

@@ -83,6 +83,7 @@ impl fmt::Display for Error {
 pub struct Timeouts {
     pub attestation: Duration,
     pub attester_duties: Duration,
+    pub liveness: Duration,
     pub proposal: Duration,
     pub proposer_duties: Duration,
 }
@@ -92,6 +93,7 @@ impl Timeouts {
         Timeouts {
             attestation: timeout,
             attester_duties: timeout,
+            liveness: timeout,
             proposal: timeout,
             proposer_duties: timeout,
         }
@@ -1116,12 +1118,13 @@ impl BeaconNodeHttpClient {
             .push("lighthouse")
             .push("liveness");
 
-        self.post_with_response(
+        self.post_with_timeout_and_response(
             path,
             &LivenessRequestData {
                 indices: ids.to_vec(),
                 epoch,
             },
+            self.timeouts.liveness,
         )
         .await
     }

common/eth2/src/lighthouse_vc/http_client.rs

@@ -252,6 +252,21 @@ impl ValidatorClientHttpClient {
         self.get_opt(path).await
     }
 
+    /// `GET lighthouse/validators/doppelganger_status`
+    pub async fn get_lighthouse_validators_doppelganger(
+        &self,
+    ) -> Result<GenericResponse<Vec<DoppelgangerData>>, Error> {
+        let mut path = self.server.full.clone();
+
+        path.path_segments_mut()
+            .map_err(|()| Error::InvalidUrl(self.server.clone()))?
+            .push("lighthouse")
+            .push("validators")
+            .push("doppelganger_status");
+
+        self.get(path).await
+    }
+
     /// `POST lighthouse/validators`
     pub async fn post_lighthouse_validators(
         &self,

common/eth2/src/lighthouse_vc/types.rs

@@ -64,3 +64,17 @@ pub struct KeystoreValidatorsPostRequest {
     pub keystore: Keystore,
     pub graffiti: Option<GraffitiString>,
 }
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub struct DoppelgangerData {
+    pub pubkey: PublicKeyBytes,
+    pub status: DoppelgangerStatus,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum DoppelgangerStatus {
+    SigningEnabled,
+    SigningDisabled,
+    Unknown,
+}

scripts/tests/doppelganger_protection.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+
+BEHAVIOR=$1
+
+if [[ "$BEHAVIOR" != "success" ]] && [[ "$BEHAVIOR" != "failure" ]]; then
+    echo "Usage: doppelganger_protection.sh [success|failure]"
+    exit 1
+fi
+
+cp ./vars_$BEHAVIOR.env ./vars.env
+
+../local_testnet/clean.sh
+
+echo "Starting ganache"
+
+../local_testnet/ganache_test_node.sh &> /dev/null &
+GANACHE_PID=$!
+
+# wait for ganache to start
+sleep 5
+
+echo "Setting up local testnet"
+
+../local_testnet/setup.sh
+
+# Duplicate this directory so slashing protection doesn't keep us from re-using validator keys
+cp -R $HOME/.lighthouse/local-testnet/node_1 $HOME/.lighthouse/local-testnet/node_1_doppelganger
+
+echo "Starting bootnode"
+
+../local_testnet/bootnode.sh &> /dev/null &
+BOOT_PID=$!
+
+# wait for the bootnode to start
+sleep 5
+
+echo "Starting local beacon nodes"
+
+../local_testnet/beacon_node.sh $HOME/.lighthouse/local-testnet/node_1 9000 8000 &> /dev/null &
+BEACON_PID=$!
+../local_testnet/beacon_node.sh $HOME/.lighthouse/local-testnet/node_2 9100 8100 &> /dev/null &
+BEACON2_PID=$!
+../local_testnet/beacon_node.sh $HOME/.lighthouse/local-testnet/node_3 9200 8200 &> /dev/null &
+BEACON3_PID=$!
+
+echo "Starting local validator clients"
+
+../local_testnet/validator_client.sh $HOME/.lighthouse/local-testnet/node_1 http://localhost:8000 &> /dev/null &
+VALIDATOR_1_PID=$!
+../local_testnet/validator_client.sh $HOME/.lighthouse/local-testnet/node_2 http://localhost:8100 &> /dev/null &
+VALIDATOR_2_PID=$!
+../local_testnet/validator_client.sh $HOME/.lighthouse/local-testnet/node_3 http://localhost:8200 &> /dev/null &
+VALIDATOR_3_PID=$!
+
+echo "Waiting an epoch before starting the next validator client"
+sleep 64
+
+if [ "$BEHAVIOR" == "failure" ]; then
+
+    echo "Starting the doppelganger validator client"
+
+    # Use same keys as keys from VC1, but connect to BN2
+    # This process should not last longer than 2 epochs
+    timeout 128 ../local_testnet/validator_client.sh $HOME/.lighthouse/local-testnet/node_1_doppelganger http://localhost:8100
+    DOPPELGANGER_EXIT=$?
+
+    echo "Shutting down"
+
+    # Cleanup
+    kill $BOOT_PID $BEACON_PID $BEACON2_PID $GANACHE_PID $VALIDATOR_1_PID $VALIDATOR_2_PID $VALIDATOR_3_PID $BEACON3_PID
+    rm ./vars.env
+
+    echo "Done"
+
+    if [ $DOPPELGANGER_EXIT -eq 124 ]; then
+        exit 1
+    fi
+fi
+
+if [ "$BEHAVIOR" == "success" ]; then
+
+    echo "Starting the last validator client"
+
+    # This process should last longer than 3 epochs
+    timeout 192 ../local_testnet/validator_client.sh $HOME/.lighthouse/local-testnet/node_4 http://localhost:8100
+
+    DOPPELGANGER_EXIT=$?
+
+    echo "Shutting down"
+
+    # Cleanup
+    kill $BOOT_PID $BEACON_PID $BEACON2_PID $GANACHE_PID $VALIDATOR_1_PID $VALIDATOR_2_PID $VALIDATOR_3_PID $BEACON3_PID
+    rm ./vars.env
+
+    echo "Done"
+
+    if [ $DOPPELGANGER_EXIT -ne 124 ]; then
+        exit 1
+    fi
+fi
+
+exit 0

scripts/tests/vars.env → scripts/tests/vars_failure.env

@@ -26,8 +26,11 @@ BOOTNODE_PORT=4242
 # Network ID and Chain ID of local eth1 test network
 NETWORK_ID=4242
 
+# Hard fork configuration
+ALTAIR_FORK_EPOCH=18446744073709551615
+
 SECONDS_PER_SLOT=2
 SECONDS_PER_ETH1_BLOCK=1
 
 # Enable doppelganger detection
-VC_ARGS=
+VC_ARGS=" --enable-doppelganger-protection "