Problem Statement / Feature Objective
When the validator set is dynamically reorganized mid-epoch (triggered by an irregular exit or a late-inclusion activation), the committee root computed from get_beacon_committee() diverges between the pre-reorg and post-reorg view. This causes attestation verification to fail spuriously for validators assigned to different shard committees before and after the boundary.
Technical Invariants & Bounds
- Epoch length: 32 slots (SHARD_COMMITTEE_PERIOD = 256 epochs).
- Validator set size: bounded by 2^19 (~524k) entries.
- Committee root is SHA-256 over the sorted list of validator indices.
- Reorg window: slots where state.slot % SLOTS_PER_EPOCH < 4.
- Cross-reorg attestations must be verifiable under both pre and post committee root.
Codebase Navigation Guide
- src/validator/committee-assignment.rs - get_beacon_committee() and committee root derivation.
- src/validator/validator-set.rs - reorg_validator_set() entry point for dynamic changes.
- src/attestation/verifier.rs - attestation verification that consumes committee root.
- src/state/epoch-transition.rs - epoch boundary state recalculation.
- src/db/committee-cache.rs - cached committee root store.
Implementation Blueprint
- In src/validator/validator-set.rs, introduce a PendingReorg struct that records the slot range during which a reorg is active.
- Modify get_beacon_committee() to check the PendingReorg - if the current slot falls in the reorg window, compute the committee root from both the old and new set and return a CommitteeView::Ambiguous(old_root, new_root).
- In src/attestation/verifier.rs, accept an Ambiguous committee view and verify the attestation against either root; if one matches, accept.
- After the reorg window closes (slot >= reorg_end), finalize to the new committee root and evict the old cache entry.
- Write integration tests that simulate a mid-epoch exit and verify cross-boundary attestations still pass.
Problem Statement / Feature Objective
When the validator set is dynamically reorganized mid-epoch (triggered by an irregular exit or a late-inclusion activation), the committee root computed from get_beacon_committee() diverges between the pre-reorg and post-reorg view. This causes attestation verification to fail spuriously for validators assigned to different shard committees before and after the boundary.
Technical Invariants & Bounds
Codebase Navigation Guide
Implementation Blueprint