如果提议者提议区块的时间晚了，会对见证有何影响？

PANews · 2024-08-30T14:03:05.000Z

原文标题：《On Attestations, Block Propagation, and Timing Games》撰文：Nero_eth 编译：Tia，Techub News 如今，提议者的时序博弈已经很常见了，很多研究也都在分析这一现象。本篇文章将带大家了解提议者时序博弈的演变，并分析其对见证者的影响。通过对 Lido、Coinbase 和 Kiln 的节点运营商的案例研究，我们将深入探讨区块提议的时序博弈及其对以太坊共识的影响。截至 2024 年 8 月，区块构建市场在很大程度上被外包处理，其中约 90% 的区块是由 mevboost 区块构建者构建的。其中， Titan Builder 和 Beaverbuild 构建了大约 80% 的区块。 Kiln 是推动时序博弈的主要实体之一，在单个 slot 内，其将区块提议推迟了 3-3.5 秒。在当前的 mevboost 环境中，区块传播主要通过中继器完成。虽然提议者在从中继器接收到区块后仍会传播它，但中继器通常具有更好的网络连接，因此可以更快地完成传播。然而，时序仍然由提议者控制，他们可以延迟其「getHeader」调用以进行时序博弈。这张图表展示了时序博弈的演变。我们可以看到，随着时间的推移，Kiln 验证者提议的区块在 slot 内是相对滞后的。这会对网络产生影响：由 Kiln 提议者提出的区块，错过/错误的区块头投票率显著更高。之前的分析显示，等待时间越长，错过区块头投票的预期数量越高（「80% 的见证发生在 slot 中的第 5 秒」）。Kiln 在非常晚的时候提议区块，导致一些见证者错过它们，并且反而投票给父区块。每个 slot 大约会分配 32,000 个验证者，这将导致约 10% 错误的区块投票率。让我们来看看三个大型节点运营商的见证行为，并比较它们如何对不同时间内提议的区块做出反应。下图显示了 slot 内正确和及时的区块头投票分布秒数。对于早期区块，我们观察到 Lido 和 Coinbase 在投票模式上呈现出一种特有的「U」形，这可能是由于不同的地理位置或客户端软件造成的。相比之下， Kiln 显示出一个明显的峰值，比 Coinbase 和 Lido 的第一个峰值略有滞后。然而，对于较晚的区块，Kiln 的见证者也显示出「U」形模式。当区块在 slot 中第 4 秒首次出现时（由于是 P2P 网络，每个节点接收到区块的时间不同），Lido 见证者比 Kiln 或 Coinbase 见证者提前最多 2 秒进行见证。这种模式并不一定表明 Kiln 在执行「个人策略」。相反，这可能归因于客户端的不同或地理位置的不同。到底是谁影响了谁？在下图中，我们比较了不同提议者下节点运营商的表现。例如，y=1 上方的绿色部分表明，当 Kiln 作为提议者提议区块时，Lido 见证者将更容易错过区块头投票。然而，当 Lido 作为提议者时，Lido 见证者在见证区块最及时。虚线 1 表示所有实体作为提议者时错过区块头投票的平均份额。低于 1 的柱状图意味着与平均值相比，特定实体与各自提议者联合时错过的区块头投票较少。值得注意的是，节点运营商在处理其自己提议的区块时表现最好。快速总结一下我们看到的内容：在其他运营商作为提议者提议区块时，大多数运营商表现都相对稳定。在 Kiln 作为提议者提议区块时，Figment、Lido、Kraken 和 EtherFi 表现较差。在 Kiln 作为提议者提议区块时，只有 Kiln 和 Binance 表现更好。 Kiln 作为见证者表现很好。早期分析表明，在涉及到高性能验证者时，Kiln 表现优异。有关 Kiln 见证表现的更多详细信息，请参阅这篇分析。但 Kiln 引发了压力。现在我们知道，Kiln 提议的区块给其他见证者带来了压力，但并未给 Kiln 的见证者带来压力。目前，很难对「How」作出解释。一个可能的解释是 Kiln 的验证者高度集中，共址运行，或者具有非常密集的对等连接。另一种原因可能是通过定制的对等网络/私人网络或通过其他额外的通信层连接它们的验证者进行协调行为。后一种被认为更具中心化特性，因为它更加强调规模经济。当我们观查 Lido 和 Coinbase 在各自作为提议者提议区块时的（正确且及时的）见证时间时，我们可以观察到类似的模式。有趣的是，Kiln 开发了一种从 3.8 秒到 6.1 秒的「U」形分布用于它们自己的晚期区块，而Lido在4.2秒出现一个峰值，Coinbase在 slot 中的第4秒开始出现一个高原，并在第6秒出现一个小的峰值。防止自己的提议的区块被重组让我们将注意力转向被重组的区块。从节点运营商的角度来看，一个策略可能是永远不为重组自己的区块投票。简单地说，「如果提议者是我，永远不要将父区块投票为区块头」。在接下来的部分中，我将使用「本地区块」来代表「自己提议的区块」。下图是为重组区块投票的见证者与为父区块投票的见证者的百分比。红色部分显示了该实体投票给重组区块的见证者的百分比。 Kiln 表现出了异常行为。当大多数节点运营商的见证者诚实地为正确的区块头投票而不是本地区块时，Kiln 的见证者却并不这么做。超过 10% 的 Kiln 见证者试图通过为本地区块投票来将其保持在链上。如果采用这样的策略，它们可能会由于为错误的区块头投票而产生损失。然而，这些策略通常在以太坊社区中受到鄙视：「不要玩弄共识」。该图表使用了365天的数据。因此，如果在过去一年内实施了一些复杂的策略，红色部分的比例会相应较小。但我们如何看待其他层面的协作？关于见证的协作，作为社区，我们似乎接受了运行在同一节点上的验证者为相同的 checkpoints 投票的事实。我们可能不希望采取任何跨越物理机器边界的努力来提高验证者之间的协作。这应当是每个人都可以构建的。这种协作可能有不同的形式：级别1 - 回退机制与静态对等连接：为多个物理机器提供一个中央备用/备份节点。这也可以是一个断路器，一些特别容错的机器，作为信息的私人中继器。具有改进对等连接、私人网络或类似设置的设置也可能属于此类别。级别2 - 如果-否则规则：在某些 slot 中等待更长时间的硬编码规则。那些将安装在多个物理机器上，允许它们基于预定义规则「协作」。级别3 - 僵尸网络：有一个中心化的预言机与所有验证者通信，并提供投票的 checkpoints 以及它们应在何时发布的时间戳。在我看来，后两种形式的协作（级别2和3）是有问题的，节点运营商应当承担责任。最后，对于涉及静态对等连接和私人网络的策略可能存在灰色地带。这样的设置可能会被用于运行（恶意）策略，例如：确保跨多个物理机器从不对不同的 checkpoints 投票。确保永远不会对重组自己提议的区块投票。基于连续的提议者进行协作（诚实重组客户端（y/n））。审查某个方的见证。不为某方的区块投票。其他。在讨论协作时，区分两种类型是重要的：协作行为发生在从同一物理机器运行的验证者之间。协作行为源于运行相同的修改后的客户端软件或依赖于相同的中心化预言机。反对复杂协作验证者行为的潜在解决方案是 EIP-7716：反相关处罚，该提案建议根据验证者之间的相关性来调整处罚。

Original title: On Attestations, Block Propagation, and Timing Games
Written by: Nero_eth
Compiled by: Tia, Techub News
Nowadays, proposer timing games are very common, and many studies have analyzed this phenomenon.
This article will take you through the evolution of the proposer timing game and analyze its impact on witnesses. Through case studies of node operators from Lido, Coinbase, and Kiln, we will delve into the timing game of block proposals and its impact on Ethereum consensus.
As of August 2024, the block building market is largely outsourced, with approximately 90% of blocks being built by mevboost block builders. Of these, Titan Builder and Beaverbuild build approximately 80% of blocks.
Kiln was one of the main entities driving the timing game, delaying block proposals by 3-3.5 seconds within a single slot.
In the current mevboost environment, block propagation is primarily done through relayers. While proposers still propagate a block after receiving it from a relayer, relayers typically have better network connections and can therefore complete propagation faster. However, the timing is still controlled by the proposer, who can delay their "getHeader" call to game the timing.
This chart shows the evolution of the timing game. We can see that over time, the blocks proposed by Kiln validators are relatively lagging within the slot.
This has an impact on the network: blocks proposed by Kiln proposers have significantly higher missed/wrong block header votes.
Previous analysis showed that the longer the wait time, the higher the expected number of missed header votes ("80% of witnesses happen at 5 seconds into the slot"). Kiln proposes blocks very late, causing some witnesses to miss them and vote for the parent block instead. With approximately 32,000 validators assigned to each slot, this would result in a ~10% incorrect block vote rate.
Let’s look at the witness behavior of three large node operators and compare how they react to blocks proposed at different times. The following graph shows the distribution of correct and timely block header votes within slot seconds.
For early blocks, we observe that Lido and Coinbase exhibit a characteristic “U” shape in voting patterns, which may be due to different geographical locations or client software. In contrast, Kiln shows a clear peak that lags slightly behind the first peak of Coinbase and Lido. However, for later blocks, Kiln witnesses also show a “U” shaped pattern.
When the block first appears at 4 seconds in the slot (due to the P2P network, each node receives the block at a different time), the Lido witness witnesses up to 2 seconds earlier than the Kiln or Coinbase witnesses. This pattern does not necessarily indicate that Kiln is executing a "personal strategy". Instead, it may be attributed to different clients or different geographical locations.
Who influenced whom?
In the figure below, we compare the performance of node operators under different proposers. For example, the green part above y=1 shows that when Kiln is the proposer, Lido witnesses will miss block header votes more easily. However, when Lido is the proposer, Lido witnesses are the most timely in witnessing blocks. The dashed line 1 represents the average share of missed block header votes when all entities are proposers. The bars below 1 mean that the specific entity missed fewer block header votes when it was associated with the respective proposer compared to the average.
Notably, node operators perform best when processing blocks that they themselves proposed.
A quick summary of what we saw:
When other operators proposed blocks as proposers, most operators performed relatively stably.
Figment, Lido, Kraken, and EtherFi performed poorly when Kiln proposed blocks as the proposer.
Only Kiln and Binance performed better when Kiln was the proposer.
Kiln performs well as a witness. Early analysis shows that Kiln excels when it comes to high-performance validators. For more details on Kiln's witness performance, see this analysis.
But Kiln caused the pressure. Now we know that Kiln's proposed blocks caused pressure on other witnesses, but not on Kiln's witnesses.
At this point, it is difficult to explain the “how”. One possible explanation is that Kiln’s validators are highly centralized, co-located, or have very dense peer-to-peer connections. Another reason could be that validators connecting them via a custom peer-to-peer network/private network or through other additional communication layers coordinate their behavior. The latter is considered more centralized because it places more emphasis on economies of scale.
We can observe similar patterns when we look at the (correct and timely) witness times for Lido and Coinbase when they each proposed a block.
Interestingly, Kiln develops a “U” shaped distribution from 3.8 seconds to 6.1 seconds for their own late blocks, while Lido sees a peak at 4.2 seconds and Coinbase sees a plateau starting at 4 seconds in the slot and a small peak at 6 seconds.
Prevent your proposed blocks from being reorganized
Let's turn our attention to the reorganized blocks. From the perspective of a node operator, a strategy might be to never vote for a block that reorganizes itself. Simply put, "If the proposer is me, never vote the parent block as the block header."
In the following sections, I will use "local block" to represent "self-proposed block".
The following graph shows the percentage of witnesses that voted for the reorg block compared to the witnesses that voted for the parent block. The red portion shows the percentage of witnesses that voted for the reorg block.
Kiln exhibited unusual behavior. While most witnesses from node operators honestly voted for the correct block header instead of their own block, Kiln witnesses did not do so. More than 10% of Kiln witnesses tried to keep it on-chain by voting for their own block. If such a strategy was adopted, they could incur losses by voting for the wrong block header. However, these strategies are generally despised in the Ethereum community: "Don't game the consensus."
The chart uses 365 days of data. Therefore, if some complex strategies were implemented in the past year, the red portion would be smaller.
But how do we think about collaboration at other levels?
Regarding witness coordination, as a community we seem to have accepted the fact that validators running on the same node vote for the same checkpoints.
We probably don’t want to take any efforts across physical machine boundaries to improve collaboration between validators. This should be something that everyone can build. This collaboration could take different forms:
Level 1 - Fallback mechanism with static peer connections: Provide a central standby/backup node for multiple physical machines. This could also be a circuit breaker, some particularly fault-tolerant machines that act as a private relay of information. Setups with improved peer connections, private networks or similar could also fall into this category.
Level 2 - If-else rules: Hardcoded rules to wait longer in certain slots. Those will be installed on multiple physical machines, allowing them to "collaborate" based on predefined rules.
Level 3 — Botnet: There is a centralized oracle that communicates with all validators and provides checkpoints of votes and timestamps of when they should be published.
In my opinion, the latter two forms of collaboration (levels 2 and 3) are problematic and node operators should be held accountable. Finally, there may be a grey area regarding policies involving static peer connections and private networks.
Such a setup could potentially be used to run (malicious) policies such as:
Make sure to never vote on different checkpoints across multiple physical machines.
Make sure to never vote on a reorg's own proposed block.
Collaborate based on successive proposers (honest reorganization client (y/n)).
Review a party's testimony.
Do not vote for a certain party's blocks.
other.
When discussing collaboration, it is important to distinguish between two types:
Collaborative behavior occurs between validators running from the same physical machine.
Collaborative behavior stems from running the same modified client software or relying on the same centralized oracle.
A potential solution to combat complex collaborative validator behavior is EIP-7716: Anti-correlation Penalties, which proposes adjusting penalties based on correlation between validators.

Explore More From Creator

Latest News

Explore More From Creator

Latest News

Trending Articles