Vigilante BTC staking tracker
Description
BTC staking tracker is a daemon program that relays information between Babylon and Bitcoin for facilitating the Bitcoin staking protocol. This includes three routines:
Staking Event Watcher↗. Upon observing an unbonding transaction of a BTC delegation on Bitcoin, the routine reports the transaction's signature from the staker to Babylon, such that Babylon will unbond the BTC delegation on its side. Will also monitor for delegations and include the eventual proof.
BTC slasher↗. Upon observing a slashable offense launched by a finality provider, the routine slashes the finality provider and its BTC delegations.
Atomic slasher↗. Upon observing a selective slashing offense where the finality provider maliciously signs and submits a BTC delegation's slashing transaction to Bitcoin, the routine reports the offense to BTC slasher and Babylon.
Invariants
The unbonding watcher, now named Stakingeventwatcher
, enforces several invariants:
It must wait for the BTC node to be ahead of the Babylon chain; otherwise, the blocks it reads are old.
It must send the relevant messages for delegations on the BTC chain & unbonding txs.
The slasher
is responsible for the catching validator equivocation, and must ensure that any double signing is caught.
The atomic slasher
is responsible for monitoring selective slashing, consequently slashing every single delegation of the relevant FP, it must ensuer that it can correctly parse and retry the slashing for every single delegation of the FP.
Test coverage
Cases covered
Fuzzing tests with various randomly generated checkpoints and data, then invariants, are checked to ensure that all the checkpoints are submitted in the correct order.
E2E tests of the
Staking event watcher
ensure that eventually the delegations were uploaded; if they were delegated, the relevantMsgAddBTCDelegationInclusionProof
is also sent. Another E2E test verifies the same condition however it also verifies the validity of staking/unbonding TXs in the same block.E2E test,
slasher
— general actions, shutdown, slashing finality-provider vote equivocationE2E test,
atomic slasher
— general tests on selective slashing for unbonding/slashing TXs
Attack surface
Due to the large amount of shared functionalities, all the slashers and event watchers have the same relevant possible issues. Any issue that could overload (pagination requests, parsing issues) the slasher could cause it to miss selective slashing, and that would allow selective slashing. It also includes any problem that could cause issues in slashing, especially the submission of relevant messages. Likewise would apply to the Staking Event Watcher
missing delegations/undelegations