Node approval voting behaviour when disabled (no-show vs explicit vote)

[Overkillus]

When an (honest) node gets disabled it has limited validator privileges. Even if it spots a truly malicious candidate there is not that much it can do since raising a dispute will not escalate into participation from others (unless confirmed / other non-disabled participated already). Should that node issue an explicit vote in the dispute or should it no-show to slightly escalate the issue? Then if this node sees the dispute for this candidate started it will actually participate.

* Above only concerns finding an invalid candidate. In the happy path of a valid candidate node should always definitely issue an explicit vote for validity.

No-showing might be safer and a better approach if the node truly believes something is wrong as it escalates the issue further than casting an invalid vote when disabled.

Using that approach is equivalent safety-wise to a DoS attack on honest approval votes to potentially silence them. We are fine because of the escalation bringing in even more honest validators on average.

The cost we're paying is that disabled validators will have some escalation tools. So they can still affect liveness if they really want to but this will require much greater numbers. Without disabling a single guy could trigger a dispute (absolute escalation) but with that strategy a single actor if he gets disabled can at most... create 1 no-show (miniscule escalation).

TODOs:

• Confirm design
• Adjust node behaviour when disabled

[eskimor]

Only participating once others raised it seems more or less equivalent to disputing immediately in that case.

[Overkillus]

Are you saying that

Only participating once others raised it

AKA no-show first and participate if someone escalates it is equivalent to

to disputing immediately in that case.

disputing immediately but getting ignored as it is in our current disabling spec / implementation?

Those two definitely don't seem equivalent to me.

Example:
All tranches are full of malicious validators but in the last tranche there is 1 honest but disabled validator.

In the current spec of issuing an explicit vote the other nodes will for sure ignore this one desperate node as it is disabled and will not participate further.

In case it just no-shows there is still hope that more tranches will bring some honest non-disabled dispute statements.

Am I understanding correctly?

[eskimor]

I am not following. In both cases the validator would no-show, triggering more tranches.

[Overkillus]

Not an issue.

Approval Checking statement is always implies a valid candidate. If checker finds an invalid candidate it emits a dispute statement instead and it goes directly to the Dispute Coordinator subsystem. So despite issuing a statement from the perspective of the Approval Checking subsystem it will register as a no-show if given enough time.

No-showing is the current behaviour and it is the preferred one because it leads to a soft escalation.