Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

eventhandler: implement handleOperatorRemoved #1796

Open
wants to merge 13 commits into
base: stage
Choose a base branch
from

Conversation

nkryuchkov
Copy link
Contributor

Closes #1786

@nkryuchkov nkryuchkov changed the title eventhandler: allow creating removed operator eventhandler: implement handleOperatorRemoved Oct 17, 2024
@nkryuchkov nkryuchkov marked this pull request as ready for review October 18, 2024 00:10
Copy link
Contributor

@iurii-ssv iurii-ssv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just minor suggestions

Comment on lines 91 to 93
if !share.Liquidated {
continue
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand code correctly, !share.Liquidated must never be true here because it would mean we couldn't successfully finish (commit) delete transaction ? If so, would be better to log an error here instead of silently skipping.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also have the ClusterLiquidated event which may make a share Liquidated, so it can be both true and false

Copy link
Contributor

@iurii-ssv iurii-ssv Oct 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, perhaps leaving a comment noting that wouldn't hurt :)

But then I wonder what happens to validator in the following scenario (consider all of these events apply sequentially):

  • 4 operators are running validator
  • at some point validator(all his shares) gets liquidated because he couldn't pay his bills
  • then those 4 operators themselves get de-registered from SSV network
  • then those 4 operators re-register again - also reviving this validator (that shouldn't ever get revived in that manner) they previously managed shares for ?

well, actually the whole validator won't get revived ^ if I'm reading the code correctly, only the share belonging to the operator referenced in the event will be revived (unliquidated) ... which also means (again, if I got that right) this whole algorithm will only work as expected to handle just 1 operator at a time de-regestering -> re-regestering (won't work in scenario where 2 operators out of N total in cluster de-register, and only then after that try to re-register again in any order they like)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iurii-ssv I agree about the comment. But I'm not sure I understand your concern about the re-registering logic. We process events one by one, so if 2 operators exist and 2 are trying to re-register, then after processing the first one there would be 3 active operators, so registering the second operator would lead to 4 active operators and share reactivation. If I didn't catch your thought correctly, please follow-up

Copy link
Contributor

@iurii-ssv iurii-ssv Nov 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well yeah, this operator/share management logic is a bit more involved than I expected ... so I decided to write a test or two to verify whether I understand it correctly ... and got a bit stuck.

There seems to be no "combined" tests for interactions between operator and shares written yet - but rather these aspects are tested in isolation. Here is my sketch for how it could look like (essentially turning my comment from above into code, and adding some more) - a branch with 1 commit on top of what you have in this PR's branch - see diff. Note also, there are 2 minor fixes in there too, namely (so I recommend to "take as is and adjust it as you see fit"):

why did I get stuck ... well, first of all I don't really know what behavior we want to have (to define proper expectations in tests), I did it best I could and encountered that we increment operatorId (in smart contract) even for operators who are re-registering (using same pubkey - they end up with different operatorId)

  • as the result ^ we can't utilize operatorId for certain things, for example when checking whether share belongs to operator or not - meaning, re-registered operator can't find/recognize his "old" share
  • hence the tests I've added cannot digest that, but I don't think they are the problem; rather it seems we should either not increment operatorId in smart contract or not rely/use it like we do
  • also, less relevant, but I'm not sure why we only have a part of solidity code but not the rest (the rest I guess is pre-compiled and used in tests ?), and hence can't quite understand how these events relate/compare to what we have in main smart contract

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iurii-ssv I think that contract is just for simulator, the actual contract is likely this one https://github.com/ssvlabs/ssv-network/blob/583b7b7cb1c1abc5d4c3b13bafca59bf315113b6/contracts/modules/SSVOperators.sol#L26

Can you please create a PR for your changes?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please create a PR for your changes?

Yup, why not - #1842

eth/eventhandler/event_handler_test.go Show resolved Hide resolved
Comment on lines +1316 to +1320
// Now start the OperatorRemoved event handling
// Call the contract method
_, err = boundContract.SimcontractTransactor.RemoveOperator(auth, 4)
require.NoError(t, err)
sim.Commit()
Copy link
Contributor

@iurii-ssv iurii-ssv Nov 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are removing the wrong operator here (wrong ID - not the one this test added) - this is because createOperators starts numerating operators with 1 (not 0) - not a big deal this being the last test ... but still better adjust it to use op[0].id instead

Copy link
Contributor

@iurii-ssv iurii-ssv Nov 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, don't bother changing it just yet - I'm preparing a change (see #1796 (comment)) you'll probably wanna use (and will include this too).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in #1842

@y0sher
Copy link
Contributor

y0sher commented Dec 16, 2024

@nkryuchkov @moshe-blox
This solution works, but IMO its kinda hacky, I think we should at least describe in comments why we chose marking removed operators as Liquidated, I know for lack of a better option (checking if there's a share each time is much more costly).
but lets leave some description behind to rationalize this decision.

Comment on lines 165 to 167
for _, share := range eh.nodeStorage.Shares().List(txn, registrystorage.ByOperatorID(event.OperatorId)) {
share.Liquidated = true
modifiedShares = append(modifiedShares, share)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will liquidate the validator even if only one operator was removed.

Copy link
Contributor

@y0sher y0sher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can't use liquidated

@Tom-ssvlabs Tom-ssvlabs removed the request for review from AKorpusenko December 24, 2024 16:21
y0sher

This comment was marked as outdated.

@y0sher y0sher dismissed their stale review December 24, 2024 17:51

mistake

Copy link
Contributor

@y0sher y0sher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After internal discussions, this is the current conclusion -

  • we don't want to stop the whole committee ( current pr with liquidated ) because of a single removed operator.
  • we do want to encourage validators to move to full committees without removed operators.
  • We don't want to accept messages from removed operators.

Hence the way we want to approach this PR is to check to remove the operator data and check the operator data store in msg validation then ignore their messages.

# Conflicts:
#	eth/eventhandler/event_handler.go
#	eth/eventhandler/event_handler_test.go
Copy link

codecov bot commented Dec 28, 2024

Codecov Report

Attention: Patch coverage is 16.04938% with 68 lines in your changes missing coverage. Please review.

Project coverage is 46.4%. Comparing base (4db9639) to head (8b8abee).

Files with missing lines Patch % Lines
eth/eventhandler/handlers.go 20.4% 30 Missing and 5 partials ⚠️
registry/storage/operators.go 0.0% 19 Missing ⚠️
message/validation/validation.go 20.0% 6 Missing and 2 partials ⚠️
network/peers/connections/mock/mock_storage.go 0.0% 3 Missing ⚠️
operator/storage/storage.go 0.0% 2 Missing ⚠️
cli/operator/node.go 0.0% 1 Missing ⚠️
Additional details and impacted files

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@nkryuchkov nkryuchkov requested a review from y0sher December 28, 2024 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants