dig-slashing 0.1.0

Validator slashing, attestation participation, inactivity accounting, and fraud-proof appeals for the DIG Network L2 blockchain.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

//! Appeal verdict types.
//!
//! Traces to: [SPEC.md §3.9](../../../docs/resources/SPEC.md).
//!
//! # Role
//!
//! Every appeal verifier returns an [`AppealVerdict`]. Sustained →
//! slash reversed (DSL-064..070); Rejected → slash persists,
//! appeal_count increments (DSL-072).

use chia_sha2::Sha256;
use dig_protocol::Bytes32;
use serde::{Deserialize, Serialize};

use crate::pending::AppealOutcome;

/// Reasons an appeal was sustained.
///
/// Mirrors the ground variants — each sustain reason corresponds to
/// a ground being proven true.
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub enum AppealSustainReason {
    // ── Proposer ────────────────────────────────────────────────
    /// DSL-034.
    HeadersIdentical,
    /// DSL-035.
    ProposerIndexMismatch,
    /// DSL-036.
    SignatureAInvalid,
    /// DSL-037.
    SignatureBInvalid,
    /// DSL-038.
    SlotMismatch,
    /// DSL-039.
    ValidatorNotActiveAtEpoch,
    // ── Attester ────────────────────────────────────────────────
    /// DSL-041.
    AttestationsIdentical,
    /// DSL-042.
    NotSlashableByPredicate,
    /// DSL-043.
    EmptyIntersection,
    /// DSL-044.
    AttesterSignatureAInvalid,
    /// DSL-045.
    AttesterSignatureBInvalid,
    /// DSL-046.
    InvalidIndexedAttestationStructure,
    /// DSL-047.
    ValidatorNotInIntersection,
    // ── Invalid-block ───────────────────────────────────────────
    /// DSL-049.
    BlockActuallyValid,
    /// DSL-050.
    ProposerSignatureInvalid,
    /// DSL-051.
    FailureReasonMismatch,
    /// DSL-052.
    EvidenceEpochMismatch,
}

/// Reasons an appeal was rejected.
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub enum AppealRejectReason {
    /// Caller supplied a ground but the predicate does not hold —
    /// the evidence is genuine. Default rejection path for DSL-040,
    /// DSL-048, DSL-054.
    GroundDoesNotHold,
    /// Witness bytes malformed or insufficient.
    MalformedWitness,
    /// Appeal requires an oracle but none was supplied (DSL-053).
    MissingOracle,
}

/// Outcome of a single appeal adjudication.
///
/// Traces to [SPEC §3.9](../../../docs/resources/SPEC.md).
#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, Hash)]
pub enum AppealVerdict {
    /// Appeal proves the slash was in error → slash MUST be reverted.
    Sustained {
        /// Categorical reason. Mirrors the appeal ground.
        reason: AppealSustainReason,
    },
    /// Appeal rejected → slash persists; appeal_count increments.
    Rejected {
        /// Categorical reason.
        reason: AppealRejectReason,
    },
}

impl AppealVerdict {
    /// Convert this producer-side verdict into the recorded-side
    /// [`AppealOutcome`] carried on `AppealAttempt` +
    /// `AppealAdjudicationResult`.
    ///
    /// Implements [DSL-171](../../../docs/requirements/domains/appeal/specs/DSL-171.md).
    /// Traces to SPEC §3.8, §6.5.
    ///
    /// # Mapping
    ///
    /// - `Sustained { .. }` → `AppealOutcome::Won`.
    /// - `Rejected { reason }` → `AppealOutcome::Lost { reason_hash }`
    ///   where `reason_hash = SHA-256(bincode::serialize(reason))`.
    ///
    /// The hash is deterministic (bincode canonical encoding + SHA-256)
    /// and domain-agnostic — the enum discriminant contributes via
    /// bincode's variant-tag bytes. Distinct `AppealRejectReason`
    /// variants therefore produce distinct `reason_hash` values,
    /// verified by DSL-171 row 4.
    ///
    /// # Never Pending
    ///
    /// `AppealOutcome::Pending` is a transient state used in
    /// `AppealAttempt::outcome` BEFORE adjudication runs. Since
    /// this conversion is only meaningful after a verdict exists,
    /// the output is always terminal.
    ///
    /// # Panics
    ///
    /// `bincode::serialize` on a closed-enum-of-unit-variants cannot
    /// fail in practice; `.expect` surfaces the invariant rather
    /// than silently coercing.
    #[must_use]
    pub fn to_appeal_outcome(&self) -> AppealOutcome {
        match self {
            AppealVerdict::Sustained { .. } => AppealOutcome::Won,
            AppealVerdict::Rejected { reason } => {
                let mut h = Sha256::new();
                let encoded =
                    bincode::serialize(reason).expect("AppealRejectReason bincode must not fail");
                h.update(&encoded);
                let out: [u8; 32] = h.finalize();
                AppealOutcome::Lost {
                    reason_hash: Bytes32::new(out),
                }
            }
        }
    }
}