Problem Statement / Feature Objective
Running the same validator key on two machines simultaneously (doppelganger) causes attestation conflicts, slashing, and potential exit. Operators need an automated detection subsystem that cross-references their validator public keys against beacon chain observed participation and flags any key that appears active from a different IP/Node-ID than expected.
Technical Invariants & Bounds
- Detection window: scan the last 2 epochs (≈12.8 min) of attestation data for each monitored key
- Cross-reference sources: (1) beacon node peer ID map, (2) local validator client logs, (3) attestation gossip metadata if available
- Alert confidence scoring: 0.6 × (unrecognized_peer_ids_count) + 0.4 × (duty_slot_miss_rate_on_expected_node)
- False positive suppression: skip detection if the expected node is undergoing a scheduled reboot (maintenance window flag)
- Alert deduplication: same doppelganger event not re-alerted within 24 hours
- Must handle 10,000+ keys with batch processing; each batch of 1,000 keys processed in a web worker
Codebase Navigation Guide
src/hooks/useDoppelgangerDetection.ts – detection hook
src/workers/doppelgangerScannerWorker.ts – web worker for batch key scanning
src/components/alerts/DoppelgangerAlertPanel.tsx – alert display component
src/services/beaconChainService.ts – extend with peer ID query methods
src/utils/alertDeduplicator.ts – deduplication utility with 24h window
src/store/alertSlice.ts – alert state management
Implementation Blueprint
- Create
src/utils/doppelgangerDetector.ts – core logic: for each key, query recent attestation slots, compare observed signing peer IDs against expected, compute confidence score
- Build
src/workers/doppelgangerScannerWorker.ts – processes keys in batches of 1,000 using chunked ArrayBuffer transfer for zero-copy
- Implement
src/utils/alertDeduplicator.ts – bloom filter-based deduplication with 24h TTL, persists to localStorage
- Create
src/hooks/useDoppelgangerDetection.ts – orchestrates worker, applies maintenance window suppression, manages alert lifecycle
- Build
src/components/alerts/DoppelgangerAlertPanel.tsx – renders alert list with confidence score bar, affected key, detected peer IDs, and "Acknowledge" / "Suppress" actions
- Integrate into global alert system in
src/components/layout/AlertBanner.tsx
Problem Statement / Feature Objective
Running the same validator key on two machines simultaneously (doppelganger) causes attestation conflicts, slashing, and potential exit. Operators need an automated detection subsystem that cross-references their validator public keys against beacon chain observed participation and flags any key that appears active from a different IP/Node-ID than expected.
Technical Invariants & Bounds
Codebase Navigation Guide
src/hooks/useDoppelgangerDetection.ts– detection hooksrc/workers/doppelgangerScannerWorker.ts– web worker for batch key scanningsrc/components/alerts/DoppelgangerAlertPanel.tsx– alert display componentsrc/services/beaconChainService.ts– extend with peer ID query methodssrc/utils/alertDeduplicator.ts– deduplication utility with 24h windowsrc/store/alertSlice.ts– alert state managementImplementation Blueprint
src/utils/doppelgangerDetector.ts– core logic: for each key, query recent attestation slots, compare observed signing peer IDs against expected, compute confidence scoresrc/workers/doppelgangerScannerWorker.ts– processes keys in batches of 1,000 using chunked ArrayBuffer transfer for zero-copysrc/utils/alertDeduplicator.ts– bloom filter-based deduplication with 24h TTL, persists to localStoragesrc/hooks/useDoppelgangerDetection.ts– orchestrates worker, applies maintenance window suppression, manages alert lifecyclesrc/components/alerts/DoppelgangerAlertPanel.tsx– renders alert list with confidence score bar, affected key, detected peer IDs, and "Acknowledge" / "Suppress" actionssrc/components/layout/AlertBanner.tsx