solana-foundation · Benhawkins18 · Feb 27, 2025 · Oct 3, 2024 · Oct 3, 2024 · Feb 5, 2025
diff --git a/proposals/0180-vote-account-leader-schedule.md b/proposals/0180-vote-account-leader-schedule.md
@@ -0,0 +1,106 @@
+---
+simd: '0180'
+title: Vote Account Address Keyed Leader Schedule
+authors: Justin Starry (Anza)
+category: Standard
+type: Core
+status: Review
+created: 2024-10-03
+feature: (fill in with feature tracking issues once accepted)
+---
+
+## Summary
+
+The epoch leader schedule for block production will be migrated from being keyed
+by validator identity addresses to being keyed by vote account addresses. The
+expected block signer for a given slot will be determined by the vote account's 
+designated validator identity.
+
+## Motivation
+
+Using validator identity addresses in the leader schedule means there is no
+straightforward way to map a block producer to a particular vote account and its
+delegated stake. This is because the same validator identity could be designated
+by multiple vote accounts. By migrating the leader schedule to being keyed by
+vote account addresses, we know exactly what delegated stake led to a
+validator's leader schedule slot allocation. This will make certain protocol
+improvements much easier to design like how to distribute block rewards and how
+to slash validators that produce duplicate blocks.
+
+## New Terminology
+
+NA
+
+## Detailed Design
+
+### Leader Schedule Generation
+
+The leader schedule MUST continue to be generated at epoch boundaries with the
+existing stake weighted randomized leader schedule algorithm. However, the stake
+weights used in this algorithm MUST be adjusted to be accumulated by delegated
+vote account address rather than accumulating all stake by validator identity
+address. As before, delegated vote accounts MUST be valid to be included in the
+leader schedule generation algorithm.
+
+### Valid Vote Accounts
+
+For reference, valid vote accounts are defined as accounts with the following
+requirements:
+
+- non-zero lamport balance
+- owned by the vote program (`Vote111111111111111111111111111111111111111`)
+- either:
+  - data size of 3731 bytes and `data[4..86] != [0; 82]`
+  - data size of 3762 bytes and `data[4..118] != [0; 114]`
+
+### Validator Identity Address Lookup
+
+Block shreds MUST still be signed by the validator identity private key and
+block rewards MUST still be collected into the validator identity account (also
+known as fee collection account).
+
+Once the leader schedule is keyed by vote account addresses, validator identity
+pubkey's will need to be looked up by loading the vote account state for the
+designated vote account address for a particular leader slot. Since the vote
+program allows updating the validator identity address at any time after leader
+schedule generation, the vote account state from the beginning of the previous
+epoch MUST be used.
+
+Since only valid vote accounts are used during leader schedule generation, a
+valid vote account is guaranteed to exist in epoch stakes and its validator
+identity address can be fetched from its account state.
+
+### RPC Migration
+
+Existing leader schedule and slot leader RPC endpoints SHOULD continue returning
+the resolved validator identity address to avoid breaking downstream users of
+these endpoints that expect the leader schedule to use validator identity.
+However, new RPC endpoints for fetching the new leader schedule keyed by vote
+account addresses SHOULD be added.
+
+## Alternatives Considered
+
+Alternatively, the protocol could create a strict one-to-one mapping between
+validator identity addresses and vote account addresses. However this would
+require quite a lot of onchain program and account state changes to be able to
+enforce this mapping. And migrating existing one-to-many relationships is not
+very straightforward and would likely require validators to manually migrate
+which could take a long time.
+
+## Impact
+
+Negligible impact expected. There will be some extra overhead to looking up /
+caching the validator identity address for each vote account address.
+
+## Security Considerations
+
+NA
+
+## Drawbacks *(Optional)*
+
+NA
+
+## Backwards Compatibility *(Optional)*
+
+Feature gate will be required to enable this migration since leader schedule
+generation will be different.