Signers should capitulate on allowing a reorg on badly timed block #5820
Comments
Did you mean signers instead of miners here? |
Yes, fixed. Thanks! |
|
Additional comments from @kantai:
|
These codes provide more insight into why a signer rejected a block and will be used for implementing the changes in #5820.
These codes provide more insight into why a signer rejected a block and will be used for implementing the changes in #5820.
This test verifies that a signer will mark a miner as invalid if it initially accepts a reorg from the miner, but after seeing that >30% of other signers reject the reorg, it will mark it as invalid. See #5820
Currently, a tenure can be reorged when the next Bitcoin block arrives within
first_proposal_burn_block_timing_secsof the first block proposal in that tenure. This ensures that an honest miner is not punished because of bad timing of the previous miner and the next Bitcoin block.This can lead to a standstill scenario when some of the signers, more than 30% but less than 70%, saw the timing which would allow the reorg and the rest of the signers, also more than 30% but less than 70%, saw the timing which would not allow the reorg. In this case, the miner of block N-1 would be rejected when it attempts to tenure extend and the miner of block N would be rejected when it attempts to reorg. This tie will never be broken until the next Bitcoin block arrives, meaning the chain is stalled.
A solution to this problem would be to have the signers that are attempting to allow the reorg to capitulate, and allow the tenure extend if it determines that the reorg will not be accepted by the network.
My initial, simple proposal is to accept the reorg from miner N on the first proposal, but if that reorg attempt is rejected by the network, then they should accept the next attempt to tenure extend from miner N-1 and reject any further attempts to reorg from miner N.
The text was updated successfully, but these errors were encountered: