Separate type for unaggregated network attestations

[rkapka]

What type of PR is this?

Feature

What does this PR do? Why is it needed?

Implements ethereum/consensus-specs#3900

New changes after initial reviews

• I created new signed and unsigned AggregateAndProof types that hold SingleAttestation, which is needed to be able to save single attestations into pending atts, and simplified GetCommitteeIndex so that it doesn't return an error. Returning errors on getters is always very annoying to deal with, and we shouldn't get into the error scenario in the first place (most, if not all, potential errors are already handled in gossip checks).
• I save the new SignedAggregateAttestationAndProofSingle type to pending atts and convert the underlying attestation into an AttestationElectra when processing this attestation. This is after validateUnaggregatedAttWithState.
  validateUnaggregatedAttWithState returns the committee so that we can convert the attestation.
• I removed the validateBitLength helper because I need the committee outside of this function too, and it's already available before the function call. So calling VerifyBitfieldLength directly is simpler.
• I renamed validateCommitteeIndexAndCount to validateCommitteeIndex as that's how it was called before Electra changes. We don't need the Electra validateCommitteeIndex and validateCommitteeIndexElectra functions because their main purpose was to validate the Electra version, and it's no longer needed with single attestation (there is validateAttestingIndex instead)

Original description

The above consensus change introduces a new SingleAttestation type for unaggregated attestations. AttestationElectra will still be used for aggregated atts. Using the single version in all of our code would be a huge undertaking because many components, such as the attestation pool and attestation caches, require attestations to be of the old format. Modifying these components to work both with pre-Electra attestations and the single attestation is risky and too much work for Pectra.

The main reason why SingleAttestation was introduced is to prevent a DoS attack, which means it's main value is at the level of gossip. Once we pass gossip validation checks, there is no downside to using the AttestationElectra for unaggregated attestations too. This allows us to leave most attestation-related code untouched. To have the best of both worlds, we convert the single attestation to an Electra attestation as quickly as possible and use the latter from that point on.

When converting from SingleAttestation to ElectraAttestation we need to find the index within the committee of the attester_index from the single attestation, because attester_index is the validator index within the whole state. To give an example:

Validator 9999 is an attester and the committee index to which it is assigned is 5. Within committee number 5, the attester's position/index is 7. SingleAttestation's values will be attester_index = 9999 and committee_index = 5. When converting to an ElectraAttestation, we need to set bit number 7 in attestation_bits. We need to obtain the number 7 somehow as it is not present in the SingleAttestation.

The way it's done is by using the AttestationStateFetcher to get the attestation's target state, then get the appropriate committee from that state and lastly call ToAttestationElectra on the SingleAttestation, passing the committee to the function.

Other notes for review

• Obtaining the target state, getting the committee and converting takes less than 1ms. I presume it's because both the state and committee are cached.
• Tested on Kurtosis with Prysm-only nodes and and Prysm+Lodestar.
• The same "convert quickly to Electra attestation" design is what other clients are doing too to minimize disruption.

Acknowledgements

• I have read CONTRIBUTING.md.
• I have made an appropriate entry to CHANGELOG.md.
• I have added a description to this PR with sufficient context for reviewers to understand this PR.

[terencechain]

Is there a DOS vector for calling AttestationTargetState and BeaconCommitteeFromState this early?

[terencechain]

Why nil signature test removed?

[rkapka]

I removed it because we had two functions in the codebase checking if an attestation is nil. One is helpers.ValidateNilAttestation and the other one is validateNilAttestation on the VC side. The only difference between them was signature validation which is missing in the helpers package. I decided it's better to just have a single implementation and I expect the one in helpers to be more accurate. I am not exactly sure what happens though when the BN receives an attestation without a signature if the function in helpers doesn't fail (most likely signature validation fails in some other place).

[terencechain]

This is the biggest additional performance penalty as far as I can see. For a node that subscribe to several subnets. Is this a concern? We will call this 10-30k times per slot

[nisdas]

Why are we calling this here ? There must be strong justification for

• fetching a state
• fetching the committee from it

As these are additional bottlenecks on our highest traffic gossip path

[nisdas]

Also why is this being called before the current gossip checks

[nisdas]

Same here, why is validateBitLength removed

[nisdas]

Executing all these methods before we have validated data.BeaconBlockRoot is wrong. As we might have not processed the block yet (and it has to be inserted into our pending queue)

[nisdas]

Same here and for the rest of the methods that follow it. If it is difficult enough, you should just stream the attestations after

[potuz]

First pass, will continue in 30 minutes

[potuz]

Suggested change

	if !attestation.IsSingle() && attestation.GetAggregationBits() == nil {
	return errors.New("attestation's bitfield can't be nil")
	}
	return nil
	if attestation.IsSingle() {
	return nil
	}
	if attestation.GetAggregationBits() == nil {
	return errors.New("attestation's bitfield can't be nil")
	}
	return nil

[potuz]

I think attestation.IsNil should handle this check and this function ValidateNilAttestation should not even exist.

[rkapka]

I will add this comment to my follow-up list

[potuz]

A case with a ethpb.SingleAttestation and nil failures is missing.

[rkapka]

Yes, but this is because there is no additional logic for single attestations. I can still add these tests if you feel strongly about it, but I don't see that much value in copy-pasting tests for different types when the logic is exactly the same

[potuz]

Do we still need the structure AttestationElectra? shouldn't this be removed? I understand that we still need it in consensus, but how about in the API here?

[terencechain]

I think AttestationElectra is still part of beacon block so it's needed for block related api end points right?

[potuz]

Not part of this PR but the bad design here is that we can only access the beacon committee while holding the state, when most of the time this committee is already cached. We should have a method to access the beacon committee from the checkpoint and only handle the failure withing that method, that is, the function would be BeaconCommitteeFromCheckpoint(cp, committeeId) and within that function we should check the committee cache, if it fails, then it should request a state and try to get it from the state.

[potuz]

This check is useless, the structure SingleAttestation always returns false here.

[potuz]

The conversion to ToAttestationElectra happens unconditionally above, I would keep this object and reuse it here.

[potuz]

Same here.

[potuz]

The whole block reads better as follows

        root, err := att.GetData().HashTreeRoot()
		if err != nil {
			return nil, errors.Wrap(err, "could not get attestation data root")
		}
		if !bytes.Equal(root[:], attDataRoot) {
			continue
		}
        if att.Version() < version.Electra || (postElectra && att.GetCommitteeIndex()  == index) {
			result = append(result, att)
        }

[rkapka]

Agreed, but we need to have (!postElectra && att.Version() < version.Electra) || ...

[potuz]

that should be covered for att.Version() < version.Electra since we should clean the pool at the fork, but anyway you can change the first side of the || to include the check

        if (!postElectra && att.Version() < version.Electra) || (postElectra && att.GetCommitteeIndex()  == index) {

[terencechain]

Unrelated to this PR but calling s.HeadFetcher.HeadValidatorsIndices(ctx, wantedEpoch) in the event of a cache miss will allocate a new slice of active validator indices, it's expensive to just get the active validator count. ActiveValidatorCount is more suitable for this

[rkapka]

I will add this comment to my follow-up list

[terencechain]

may be able to reuse att.ToAttestationElectra(committee) here

[terencechain]

I don't understand as to why committee is needed here.
ProposeAttestationElectra calls this function and is already passing in SingleAttestation
BroadcastAttestation doesn't require committee

[potuz]

you need the committee to convert the attestation to an electra attestation to send the feed... perhaps that can be taken away

[terencechain]

That's what I thought initially, but after looking closer, the feed takes ethpb.Att, which a single attestation already satisfies. It should theoretically work if I just pass in SingleAttestation to the feed, unless there's something on the receiver side that specifically requires electra attestation and not single attestation. In that case, I would argue that the receiver should fix that.

Example, this will build:

func (vs *Server) proposeAtt(
	ctx context.Context,
	att ethpb.Att,
	committeeIndex primitives.CommitteeIndex,
) (*ethpb.AttestResponse, error) {

	vs.OperationNotifier.OperationFeed().Send(&feed.Event{
		Type: operation.UnaggregatedAttReceived,
		Data: &operation.UnAggregatedAttReceivedData{
			Attestation: att,
		},
	})

	subnet := helpers.ComputeSubnetFromCommitteeAndSlot(uint64(len(vals)), committeeIndex, att.GetData().Slot)
	if err := vs.P2P.BroadcastAttestation(ctx, subnet, att); err != nil {
		return nil, status.Errorf(codes.Internal, "Could not broadcast attestation: %v", err)
	}
}

[terencechain]

Discussed offline, we'll take the internal type to track a bit field such that we wont have to be passing committee around

[terencechain]

My understanding is that this is required because of the savePendingAtt API. It seems annoying to define new proto types just to satisfy an API for the cache savePendingAtt. I wonder if there's something we can do to fix the cache for the API; probably a subsequent PR is okay

[rkapka]

The pending atts queue would have to be redesigned so that you don't have to save AggregateAttestationAndProof objects. We currently construct dummy objects just to satisfy the interface. I will add this to my todo list.

[potuz]

I have a question on this path. According to the Electra spec AggregateAndProof here contains an Attestation object inside which is never a SingleAttestation according to this definition in the Electra spec

[potuz]

Have a concern in the pending attestation queue

[potuz]

Another quick pass, logic looks good to me except some nasty hacks to deal with the pending queue

[potuz]

Document this hack please

[potuz]

Perhaps this whole block can be extracted from this function

[potuz]

Suggested change

	result, err := validateAttestingIndex(ctx, singleAtt.AttesterIndex, committee)
	return validateAttestingIndex(ctx, singleAtt.AttesterIndex, committee)

And then remove the else branch