Merge pull request #169 from stader-labs/enable-doppleganger-protecti…

…on-for-teku

Enable doppleganger protection for teku + version update

go.mod

@@ -35,8 +35,8 @@ require (
 	github.com/rivo/tview v0.0.0-20230621164836-6cc0565babaf // indirect
 	github.com/sethvargo/go-password v0.2.0
 	github.com/shirou/gopsutil/v3 v3.23.1
-	github.com/stader-labs/ethcli-ui/configuration v0.0.0-20231101111158-6c1993b3d9ae
-	github.com/stader-labs/ethcli-ui/wizard v0.0.0-20231101111158-6c1993b3d9ae
+	github.com/stader-labs/ethcli-ui/configuration v0.0.0-20231220054540-83f130b78833
+	github.com/stader-labs/ethcli-ui/wizard v0.0.0-20231220054540-83f130b78833
 	github.com/tyler-smith/go-bip39 v1.1.0
 	github.com/urfave/cli v1.22.10
 	github.com/wealdtech/go-eth2-types/v2 v2.7.0

go.sum

@@ -1231,10 +1231,10 @@ github.com/spf13/viper v1.0.0/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7Sr
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/src-d/envconfig v1.0.0/go.mod h1:Q9YQZ7BKITldTBnoxsE5gOeB5y66RyPXeue/R4aaNBc=
-github.com/stader-labs/ethcli-ui/configuration v0.0.0-20231101111158-6c1993b3d9ae h1:ryMYcnorBrjYme+1y+f0b7Jdh3rLpkprC+60mfN8tZM=
-github.com/stader-labs/ethcli-ui/configuration v0.0.0-20231101111158-6c1993b3d9ae/go.mod h1:gZcnx3O0sm+mEO2INhKDHw+iUzJH5tPaX4cv5SN5tsQ=
-github.com/stader-labs/ethcli-ui/wizard v0.0.0-20231101111158-6c1993b3d9ae h1:4NMIuQQyqLisG7cJoYU8E8tRq6mz1yKvCOdGc0h2EF4=
-github.com/stader-labs/ethcli-ui/wizard v0.0.0-20231101111158-6c1993b3d9ae/go.mod h1:5ojn2lxD9wd5sF0KYaHBDcpUC3ACFgqr0XG1atCIeAs=
+github.com/stader-labs/ethcli-ui/configuration v0.0.0-20231220054540-83f130b78833 h1:fdNP6MpGikpxIMTEtdnWVfvNg8yYyXZpx2+pXQd84pg=
+github.com/stader-labs/ethcli-ui/configuration v0.0.0-20231220054540-83f130b78833/go.mod h1:gZcnx3O0sm+mEO2INhKDHw+iUzJH5tPaX4cv5SN5tsQ=
+github.com/stader-labs/ethcli-ui/wizard v0.0.0-20231220054540-83f130b78833 h1:TgwSpUj+rdPQzmHUuQesGm648hRRERzaptISCfoIOUQ=
+github.com/stader-labs/ethcli-ui/wizard v0.0.0-20231220054540-83f130b78833/go.mod h1:5ojn2lxD9wd5sF0KYaHBDcpUC3ACFgqr0XG1atCIeAs=
 github.com/status-im/keycard-go v0.0.0-20190316090335-8537d3370df4/go.mod h1:RZLeN1LMWmRsyYjvAu+I6Dm9QmlDaIIt+Y+4Kd7Tp+Q=
 github.com/status-im/keycard-go v0.0.0-20200402102358-957c09536969 h1:Oo2KZNP70KE0+IUJSidPj/BFS/RXNHmKIJOdckzml2E=
 github.com/status-im/keycard-go v0.0.0-20200402102358-957c09536969/go.mod h1:RZLeN1LMWmRsyYjvAu+I6Dm9QmlDaIIt+Y+4Kd7Tp+Q=

install/scripts/start-bn.sh

@@ -318,6 +318,7 @@ if [ "$CC_CLIENT" = "teku" ]; then
         --eth1-deposit-contract-max-request-size=150 \
         --log-destination=CONSOLE \
         --ee-jwt-secret-file=/secrets/jwtsecret \
+        --beacon-liveness-tracking-enabled \
         $BN_ADDITIONAL_FLAGS"
 
     if [ "$TEKU_ARCHIVE_MODE" = "true" ]; then
@@ -337,7 +338,7 @@ if [ "$CC_CLIENT" = "teku" ]; then
     fi
 
     if [ ! -z "$CHECKPOINT_SYNC_URL" ]; then
-        CMD="$CMD --initial-state=$CHECKPOINT_SYNC_URL/eth/v2/debug/beacon/states/finalized"
+        CMD="$CMD --checkpoint-sync-url=$CHECKPOINT_SYNC_URL"
     elif [ "$NETWORK" = "zhejiang" ]; then
         CMD="$CMD --initial-state=/zhejiang/genesis.ssz"
     fi

install/scripts/start-vc.sh

@@ -265,6 +265,10 @@ if [ "$CC_CLIENT" = "teku" ]; then
         CMD="$CMD --metrics-publish-endpoint=$BITFLY_NODE_METRICS_ENDPOINT?apikey=$BITFLY_NODE_METRICS_SECRET&machine=$BITFLY_NODE_METRICS_MACHINE_NAME"
     fi
 
+    if [ "$DOPPELGANGER_DETECTION" = "true" ]; then
+        CMD="$CMD --doppelganger-detection-enabled"
+    fi
+
     exec ${CMD} --validators-graffiti="$GRAFFITI"
 
 fi

shared/services/config/besu-params.go

@@ -25,8 +25,8 @@ import (
 
 // Constants
 const (
-	besuTagTest          string = "hyperledger/besu:23.10.0"
-	besuTagProd          string = "hyperledger/besu:23.10.0"
+	besuTagTest          string = "hyperledger/besu:23.10.2"
+	besuTagProd          string = "hyperledger/besu:23.10.2"
 	besuEventLogInterval int    = 1000
 	besuMaxPeers         uint16 = 25
 	besuStopSignal       string = "SIGTERM"

shared/services/config/external-configs.go

@@ -112,6 +112,9 @@ type ExternalTekuConfig struct {
 
 	// Custom command line flags for the VC
 	AdditionalVcFlags config.Parameter `yaml:"additionalVcFlags,omitempty"`
+
+	// Toggle for enabling doppelganger detection
+	DoppelgangerDetection config.Parameter `yaml:"doppelgangerDetection,omitempty"`
 }
 
 type ExternalLodestarConfig struct {
@@ -454,6 +457,17 @@ func NewExternalTekuConfig(cfg *StaderConfig) *ExternalTekuConfig {
 			CanBeBlank:           true,
 			OverwriteOnUpgrade:   false,
 		},
+		DoppelgangerDetection: config.Parameter{
+			ID:                   DoppelgangerDetectionID,
+			Name:                 "Enable Doppelgänger Detection",
+			Description:          "If enabled, your client will *intentionally* miss 1 or 2 attestations on startup to check if validator keys are already running elsewhere. If they are, it will disable validation duties for them to prevent you from being slashed.",
+			Type:                 config.ParameterType_Bool,
+			Default:              map[config.Network]interface{}{config.Network_All: defaultDoppelgangerDetection},
+			AffectsContainers:    []config.ContainerID{config.ContainerID_Validator},
+			EnvironmentVariables: []string{"DOPPELGANGER_DETECTION"},
+			CanBeBlank:           false,
+			OverwriteOnUpgrade:   false,
+		},
 	}
 }
 
@@ -578,6 +592,7 @@ func (cfg *ExternalTekuConfig) GetParameters() []*config.Parameter {
 		&cfg.Graffiti,
 		&cfg.ContainerTag,
 		&cfg.AdditionalVcFlags,
+		&cfg.DoppelgangerDetection,
 	}
 }
 

shared/services/config/geth-params.go

@@ -28,8 +28,8 @@ import (
 
 // Constants
 const (
-	gethTagProd          string = "ethereum/client-go:v1.13.4"
-	gethTagTest          string = "ethereum/client-go:v1.13.4"
+	gethTagProd          string = "ethereum/client-go:v1.13.7"
+	gethTagTest          string = "ethereum/client-go:v1.13.7"
 	gethEventLogInterval int    = 1000
 	gethStopSignal       string = "SIGTERM"
 )

shared/services/config/grafana-config.go

@@ -24,7 +24,7 @@ import (
 )
 
 // Constants
-const grafanaTag string = "grafana/grafana:9.4.13"
+const grafanaTag string = "grafana/grafana:9.4.15"
 
 // Defaults
 const defaultGrafanaPort uint16 = 3100

shared/services/config/lodestar-config.go

@@ -24,8 +24,8 @@ import (
 )
 
 const (
-	lodestarTagTest         string = "chainsafe/lodestar:v1.11.3"
-	lodestarTagProd         string = "chainsafe/lodestar:v1.11.3"
+	lodestarTagTest         string = "chainsafe/lodestar:v1.12.1"
+	lodestarTagProd         string = "chainsafe/lodestar:v1.12.1"
 	defaultLodestarMaxPeers uint16 = 50
 )
 

shared/services/config/nethermind-params.go

@@ -28,8 +28,8 @@ import (
 
 // Constants
 const (
-	nethermindTagProd          string = "nethermind/nethermind:1.21.0"
-	nethermindTagTest          string = "nethermind/nethermind:1.21.0"
+	nethermindTagProd          string = "nethermind/nethermind:1.24.0"
+	nethermindTagTest          string = "nethermind/nethermind:1.24.0"
 	nethermindEventLogInterval int    = 1000
 	nethermindStopSignal       string = "SIGTERM"
 )

shared/services/config/nimbus-config.go

@@ -27,12 +27,12 @@ import (
 
 const (
 	// Testnet
-	nimbusBnTagTest string = "statusim/nimbus-eth2:multiarch-v23.9.1"
-	nimbusVcTagTest string = "statusim/nimbus-validator-client:multiarch-v23.9.1"
+	nimbusBnTagTest string = "statusim/nimbus-eth2:multiarch-v23.11.0"
+	nimbusVcTagTest string = "statusim/nimbus-validator-client:multiarch-v23.11.0"
 
 	// Mainnet
-	nimbusBnTagProd string = "statusim/nimbus-eth2:multiarch-v23.9.1"
-	nimbusVcTagProd string = "statusim/nimbus-validator-client:multiarch-v23.9.1"
+	nimbusBnTagProd string = "statusim/nimbus-eth2:multiarch-v23.11.0"
+	nimbusVcTagProd string = "statusim/nimbus-validator-client:multiarch-v23.11.0"
 
 	defaultNimbusMaxPeersArm uint16 = 100
 	defaultNimbusMaxPeersAmd uint16 = 160

shared/services/config/prometheus-config.go

@@ -24,7 +24,7 @@ import (
 )
 
 // Constants
-const prometheusTag string = "prom/prometheus:v2.45.0"
+const prometheusTag string = "prom/prometheus:v2.47.1"
 
 // Defaults
 const defaultPrometheusPort uint16 = 9091

shared/services/config/prysm-config.go

@@ -27,11 +27,11 @@ import (
 )
 
 const (
-	prysmBnTagTest string = "nethermindeth/prysm-beacon-chain:v4.0.7"
-	prysmVcTagTest string = "nethermindeth/prysm-validator:v4.0.7"
+	prysmBnTagTest string = "nethermindeth/prysm-beacon-chain:v4.1.1"
+	prysmVcTagTest string = "nethermindeth/prysm-validator:v4.1.1"
 
-	prysmBnTagProd string = "nethermindeth/prysm-beacon-chain:v4.0.7"
-	prysmVcTagProd string = "nethermindeth/prysm-validator:v4.0.7"
+	prysmBnTagProd string = "nethermindeth/prysm-beacon-chain:v4.1.1"
+	prysmVcTagProd string = "nethermindeth/prysm-validator:v4.1.1"
 
 	defaultPrysmRpcPort     uint16 = 5053
 	defaultPrysmOpenRpcPort bool   = false

shared/services/config/stader-config.go

@@ -711,10 +711,8 @@ func (cfg *StaderConfig) IsDoppelgangerEnabled() (bool, error) {
 	case config.Mode_Local:
 		client := cfg.ConsensusClient.Value.(config.ConsensusClient)
 		switch client {
-		case config.ConsensusClient_Lighthouse, config.ConsensusClient_Lodestar, config.ConsensusClient_Nimbus, config.ConsensusClient_Prysm:
+		case config.ConsensusClient_Lighthouse, config.ConsensusClient_Lodestar, config.ConsensusClient_Nimbus, config.ConsensusClient_Prysm, config.ConsensusClient_Teku:
 			return cfg.ConsensusCommon.DoppelgangerDetection.Value.(bool), nil
-		case config.ConsensusClient_Teku:
-			return false, nil
 		default:
 			return false, fmt.Errorf("unknown consensus client [%v] selected", client)
 		}
@@ -729,7 +727,7 @@ func (cfg *StaderConfig) IsDoppelgangerEnabled() (bool, error) {
 		case config.ConsensusClient_Prysm:
 			return cfg.ExternalPrysm.DoppelgangerDetection.Value.(bool), nil
 		case config.ConsensusClient_Teku:
-			return false, nil
+			return cfg.ExternalTeku.DoppelgangerDetection.Value.(bool), nil
 		case config.ConsensusClient_Lodestar:
 			return cfg.ExternalLodestar.DoppelgangerDetection.Value.(bool), nil
 		default:

shared/services/config/teku-config.go

@@ -25,8 +25,8 @@ import (
 )
 
 const (
-	tekuTagTest         string = "consensys/teku:23.10.0"
-	tekuTagProd         string = "consensys/teku:23.10.0"
+	tekuTagTest         string = "consensys/teku:23.12.1"
+	tekuTagProd         string = "consensys/teku:23.12.1"
 	defaultTekuMaxPeers uint16 = 100
 )
 
@@ -61,9 +61,7 @@ func NewTekuConfig(cfg *StaderConfig) *TekuConfig {
 	return &TekuConfig{
 		Title: "Teku Settings",
 
-		UnsupportedCommonParams: []string{
-			DoppelgangerDetectionID,
-		},
+		UnsupportedCommonParams: []string{},
 
 		JvmHeapSize: config.Parameter{
 			ID:                   "jvmHeapSize",

shared/version.go

@@ -21,7 +21,7 @@ package shared
 
 const BinaryBucket string = "/stader-node-build/permissionless"
 const DockerAccount string = "staderlabs"
-const StaderVersion string = "1.4.3"
+const StaderVersion string = "1.4.4"
 
 const Logo string = ` 
   _____ _            _             _           _       𝅺 	

stader-cli/service/configConsensus.go

@@ -39,6 +39,8 @@ func setUIConsensusClient(cfg *stdCf.StaderConfig, newSettings map[string]interf
 	newSettings[keys.E2cc_em_http_teku] = cfg.ExternalTeku.HttpUrl.Value
 	newSettings[keys.E2cc_em_container_tag_teku] = cfg.ExternalTeku.ContainerTag.Value
 	newSettings[keys.E2cc_em_additional_client_flags_teku] = cfg.ExternalTeku.AdditionalVcFlags.Value
+	newSettings[keys.E2cc_em_doppelganger_detection_teku] = cfg.ExternalTeku.DoppelgangerDetection.Value.(bool)
+
 	newSettings[keys.E2cc_lc_enable_archive_mode_teku] = cfg.Teku.ArchiveMode.Value.(bool)
 
 	// Lighthouse:
@@ -139,6 +141,7 @@ func updateExternalConsensusClient(cfg *stdCf.StaderConfig, newSettings map[stri
 	cfg.ExternalTeku.HttpUrl.Value = newSettings[keys.E2cc_em_http_teku]
 	cfg.ExternalTeku.ContainerTag.Value = newSettings[keys.E2cc_em_container_tag_teku]
 	cfg.ExternalTeku.AdditionalVcFlags.Value = newSettings[keys.E2cc_em_additional_client_flags_teku]
+	cfg.ExternalTeku.DoppelgangerDetection.Value = newSettings[keys.E2cc_em_doppelganger_detection_teku]
 
 	// case cfgtypes.ConsensusClient_Lighthouse:
 	cfg.ExternalLighthouse.Graffiti.Value = newSettings[keys.E2cc_em_custom_graffiti_lighthouse]

stader-cli/service/migration.go

@@ -49,6 +49,11 @@ func migrate(c *cli.Context) (runBeforeUpgrades, rundAfterUpgrades []ConfigUpgra
 		return nil, nil, err
 	}
 
+	v144, err := parseVersion("1.4.4")
+	if err != nil {
+		return nil, nil, err
+	}
+
 	// Create the collection of upgraders
 	upgraders := []ConfigUpgrader{
 		{
@@ -70,6 +75,11 @@ func migrate(c *cli.Context) (runBeforeUpgrades, rundAfterUpgrades []ConfigUpgra
 			upgradeFunc: func(c *cli.Context) error { return nil },
 			needInstall: true,
 		},
+		{
+			version:     v144,
+			upgradeFunc: func(c *cli.Context) error { return nil },
+			needInstall: true,
+		},
 	}
 
 	staderClient, err := stader.NewClientFromCtx(c)