Downtime slash acknowledgements never sent to consumer if validator tombstoned

[danwt]

In the code if the validator is tombstoned the downtime slash acknowledgement is never sent. The question, is what is intended by the acknowledgement? If the ack is supposed to mean that the slash happened then the code is correct. If the ack is supposed to mean that the slash request was received then the code is wrong. Either way there is a divergence from the spec but this is already covered by these issues

• Divergence spec and impl: slashing after tombstoning. #220
• Decide slashing behavior for downtime and double signing #234

interchain-security/x/ccv/provider/keeper/relay.go

Lines 232 to 249 in e265d43

	if k.slashingKeeper.IsTombstoned(ctx, consAddr) {
	return false, nil
	}
	// slash and jail validator according to their infraction type
	// and using the provider chain parameters
	var (
	jailTime time.Time
	slashFraction sdk.Dec
	)
	switch data.Infraction {
	case stakingtypes.Downtime:
	// set the downtime slash fraction and duration
	// then append the validator address to the slash ack for its chain id
	slashFraction = k.slashingKeeper.SlashFractionDowntime(ctx)
	jailTime = ctx.BlockTime().Add(k.slashingKeeper.DowntimeJailDuration(ctx))
	k.AppendSlashAck(ctx, chainID, consAddr.String())

[danwt]

Do you have any thoughts on this @sainoe?

[sainoe]

The consumer module keeps track of the SlashPackets sent for downtime infraction in OutstandingDowntime which is a mapping from validator addressees to boolean value.

The SlashAcks field in VSCPacketData entails consumer chains to update this mapping and avoid them to send SlashPacket multiple times for the same downtime infraction.

Therefore the acknowledgement is meant to inform a consumer chain that it has successfully slashed a validator for downtime on the provider chain.

[danwt]

I understand the outstanding downtime part, but do we definitely want this to mean that the validator was not slashed, or simply that the slash packet was not received?

Because if the validator is tombstoned, the ack will never arrive, even though the slash request did arrive. Maybe this is OK.

[sainoe]

I understand the outstanding downtime part, but do we definitely want this to mean that the validator was not slashed, or simply that the slash packet was not received?

It means not slashed yet.

Because if the validator is tombstoned, the ack will never arrive, even though the slash request did arrive. Maybe this is OK.

For the tombstoning there isn't the issue of sending the same infraction twice and anyway validators can't be slashed for double-sign multiple time. AFAIU if the slash packet is never received the ordered channel will
time-out on the next VSCMaturePacket.

[danwt]

Ok it sounds good. Thanks.