Unauthorized to sign block at reset level

[spalmer25]

Currently, the app cannot sign block at reset level.

Is this an expected behaviour ?

See: #18 (comment)

[spalmer25]

Accusing

Here is my understanding of when an operation/block can be accused:

Operations

If an accuser retrieves, at any time, from the same attester, two attestations (resp. two pre-attestations) with :

• the same chain_id, level and round and
• different payload_hash, slot or branch

Then the accuser can accuse the attester with a Double Attestation Evidence (resp. Double Pre-Attestation Evidence).

This happens no matter if the accuser retrieves the operation from the mempool or from a block.

Block

If an accuser retrieves, at any time, from the same baker, two block with :

• the same chain_id, level and round and
• different hash

Then the accuser can accuse the baker with a Double Baking Evidence.

In our app

We choose :

1. to only check chain_id, level and round :
   • this allowed to make fewer checks without authorizing non-valid operations/blocks.
   • but prevents to sign some valid operations/blocks from the same chain_id, level and round.
2. to only keep one chain_id : see Main/test chain behaviour #19.
3. from a same chain_id, to check if the level/round is not lower than the last level/round seen :
   • this allowed us to only retain one level/round without authorizing non-valid operations/blocks.
   • but prevents to sign older operations/blocks that are still valid.
4. from a same chain_id/level/round, to prevent :
   1. signing an attestation if another attestation has already been seen.
   2. signing a pre-attestation if another pre-attestation or an attestation has already been seen.
   3. signing a block.

See baking_auth.c

Each condition reduction, which we apply with 1., 2., 3. and 4., continues to prevent signing non-valid operations/blocks but also prevents signing valid operations/blocks.

The issue we encounter is because of the rules 4.i:
When we reset the level, we set the chain_id/level/round. So by the rule 4.iii, we can't sign a block to that same chain_id/level/round.

Do we want to stick with each of these condition reductions as they currently stand?

[spalmer25]

Proposal:
Change 4.iii into:

• prevent signing a block if another block or an attestation/pre-attestation has already been seen.

Implementation: #30

[spalmer25]

Proposal:
Keep the conditions as they are, but prevent signing at the same level as the reset (whatever the round).
This implicitly implies the previous proposal.

[spalmer25]

Final decision:
Do not change the current behaviour, as the baker most often resets at level 0 and does not bake at level 0.