github.com/onflow/flow-go@v0.35.7-crescendo-preview.23-atree-inlining/network/alsp/model/params.go

github.com/onflow/flow-go@v0.35.7-crescendo-preview.23-atree-inlining/network/alsp/model/params.go (about)

     1  package model
     2  
     3  // To give a summary with the default value:
     4  //  1. The penalty of each misbehavior is 0.01 * DisallowListingThreshold = -864
     5  //  2. The penalty of each misbehavior is decayed by a decay value at each decay interval. The default decay value is 1000.
     6  //     This means that by default if a node misbehaves 100 times in a second, it gets disallow-listed, and takes 86.4 seconds to recover.
     7  //     We emphasize on the default penalty value can be amplified by the engine that reports the misbehavior.
     8  //  3. Each time a node is disallow-listed, its decay speed is decreased by 90%. This means that if a node is disallow-listed
     9  //     for the first time, it takes 86.4 seconds to recover. If the node is disallow-listed for the second time, its decay
    10  //     speed is decreased by 90% from 1000 to 100, and it takes around 15 minutes to recover. If the node is disallow-listed
    11  //     for the third time, its decay speed is decreased by 90% from 100 to 10, and it takes around 2.5 hours to recover.
    12  //     If the node is disallow-listed for the fourth time, its decay speed is decreased by 90% from 10 to 1, and it takes
    13  //     around a day to recover. From this point on, the decay speed is 1, and it takes around a day to recover from each
    14  //     disallow-listing.
    15  const (
    16  	// DisallowListingThreshold is the threshold for concluding a node behavior is malicious and disallow-listing the node.
    17  	// If the overall penalty of this node drops below this threshold, the node is reported to be disallow-listed by
    18  	// the networking layer, i.e., existing connections to the node are closed and the node is no longer allowed to connect till
    19  	// its penalty is decayed back to zero.
    20  	// maximum block-list period is 1 day
    21  	DisallowListingThreshold = -24 * 60 * 60 // (Don't change this value)
    22  
    23  	// DefaultPenaltyValue is the default penalty value for misbehaving nodes.
    24  	// By default, each reported infringement will be penalized by this value. However, the penalty can be amplified
    25  	// by the engine that reports the misbehavior. The penalty system is designed in a way that more than 100 misbehaviors/sec
    26  	// at the default penalty value will result in disallow-listing the node. By amplifying the penalty, the engine can
    27  	// decrease the number of misbehaviors/sec that will result in disallow-listing the node. For example, if the engine
    28  	// amplifies the penalty by 10, the number of misbehaviors/sec that will result in disallow-listing the node will be
    29  	// 10 times less than the default penalty value and the node will be disallow-listed after 10 misbehaviors/sec.
    30  	DefaultPenaltyValue = 0.01 * DisallowListingThreshold // (Don't change this value)
    31  
    32  	// InitialDecaySpeed is the initial decay speed of the penalty of a misbehaving node.
    33  	// The decay speed is applied on an arithmetic progression. The penalty value of the node is the first term of the
    34  	// progression and the decay speed is the common difference of the progression, i.e., p(n) = p(0) + n * d, where
    35  	// p(n) is the penalty value of the node after n decay intervals, p(0) is the initial penalty value of the node, and
    36  	// d is the decay speed. Decay intervals are set to 1 second (protocol invariant). Hence, with the initial decay speed
    37  	// of 1000, the penalty value of the node will be decreased by 1000 every second. This means that if a node misbehaves
    38  	// 100 times in a second, it gets disallow-listed, and takes 86.4 seconds to recover.
    39  	// In mature implementation of the protocol, the decay speed of a node is decreased by 90% each time the node is
    40  	// disallow-listed. This means that if a node is disallow-listed for the first time, it takes 86.4 seconds to recover.
    41  	// If the node is disallow-listed for the second time, its decay speed is decreased by 90% from 1000 to 100, and it
    42  	// takes around 15 minutes to recover. If the node is disallow-listed for the third time, its decay speed is decreased
    43  	// by 90% from 100 to 10, and it takes around 2.5 hours to recover. If the node is disallow-listed for the fourth time,
    44  	// its decay speed is decreased by 90% from 10 to 1, and it takes around a day to recover. From this point on, the decay
    45  	// speed is 1, and it takes around a day to recover from each disallow-listing.
    46  	InitialDecaySpeed = 1000 // (Don't change this value)
    47  )