# Fork Choice Bugfix Disclosure ## Brief description Starting in April 2022, EF researchers and client teams began investigating a class of fork choice attacks that were able to cause long reorgs. In general, these attacks exploited the fact that FFG information is processed on-chain only at epoch boundaries. Two types of attacks were found: **unrealized justification reorgs** & **justification withholding reorgs** (description in changelog below). The fixes for these attacks were proposed by June 2022, and the security analysis was conducted over the next ~7 months. Subsequently, the specification, client implementation, and testing was conducted in early 2023. Notably, the merge-ready releases of all clients implemented a version of the fixes that addressed **unrealized justification reorgs**. In addition to the efforts of CL client teams and various EF researchers, ConsenSys' Dependable Distributed Systems team (led by @saltiniroberto) was engaged for research, specification, and security analysis of the fixes. ## Changelog - **Bugfixes**: - **Unrealized justification reorgs**: A detailed explanation of the issue is attached [here](https://notes.ethereum.org/@adiasg/unrealized-justification), and we are implementing [this](https://notes.ethereum.org/@adiasg/unrealized-justification#On-time-UJF) bugfix. - **Justification withholding reorgs**: A detailed explanation of the issue & bugfix by @potuz is attached [here](https://hackmd.io/a8vbgF6YR0-j6T9LpcYB3g). Additionally, some more notes on the attack by @djrtwo [here](https://notes.ethereum.org/VH_B3kEVQFav4roEgYuCjA) and @potuz [here](https://hackmd.io/o9tGPQL2Q4iH3Mg7Mma9wQ). - **Attestation deadlocks (aka, self-slashabilty)**: A detailed explanation of the issue & bugfix by @saltiniroberto is attached [here](https://docs.google.com/document/d/1DltBHQ_-jEi0N4qu5Pu5LtSaBruTj_Uqq_z47E1LelQ/edit#heading=h.jcfbxyanm40a). - **Clean-up**: - **Removing [bouncing attack fix](https://ethresear.ch/t/prevention-of-bouncing-attack-on-ffg/6114)**: Mitigations to the bouncing attack still allow for an attacker to split views around the `SAFE_SLOTS_TO_UPDATE_JUSTIFIED` mark. A detailed explanation of the issue by @fradamt is attached [here](https://notes.ethereum.org/@fradamt/Sy6PzcRdt). We remove the earlier fix, i.e., `Store.best_justified_checkpoint` and `SAFE_SLOTS_TO_UPDATE_JUSTIFIED`, leading to a massive simplification of the fork choice spec. - **Strengthening equivocation discarding**: Equivocation discarding previously only censored those validators for whom an `AttesterSlashing` is received. We strengthen this by also censoring validators who are slashed in the state of the `Store.justified_checkpoint`. ## Acknowledgements This release marks the culmination of R&D around a lineage of bugs, which have been worked on for the past ~1 year. A lot of time & effort has been spent on this release by many people, and we thank you for your hard work! - **Research**: @adiasg @saltiniroberto @djrtwo @potuz @paulhauner - **Proofs**: @saltiniroberto @czhang-fm @luca-zanolini @fradamt - **Testing**: @adiasg @potuz @etan-status @hwwhww @parithosh ## Appendix ### Proofs For increased confidence in the bugfixes, we provide these [attached proofs](https://docs.google.com/document/d/1PnhDMij6w_fjLGicSF-I9sQcSWgaj5fjtGlRPIgYnVA) describing the safety properties of the spec changes.