Skip to content

Operator Doppelgänger Protection #627

@dknopik

Description

@dknopik

A operator doppelgänger is the duplicate use of a single operator key in multiple SSV client instances.

This causes equivocation in QBFT instances, which will be punished by message validation and can cause general mayhem in the P2P layer.

In the worst case, when there are multiple doppelgängers in a committee, this can even lead to slashing of the validators associated with it.

We should introduce a feature that lets Anchor listen to the P2P layer for a configurable while (e.g. for one epoch) before commencing duties, and quit if it finds a signature that originates from its own private key.

This can e.g. implemented by await-ing something during startup, or by extending the is_synced mechanism:

info!("Waiting for sync to complete before starting services...");
is_synced
.clone()
.wait_for(|&is_synced| is_synced)
.await
.map_err(|_| "Sync watch channel closed")?;
info!("Sync complete, starting services...");

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions