Skip to content

Duplicate Key Registration Doppelganger Detection Alert Subsystem #50

Description

@JamesEjembi

Problem Statement / Feature Objective

Running the same validator key on two machines simultaneously (doppelganger) causes attestation conflicts, slashing, and potential exit. Operators need an automated detection subsystem that cross-references their validator public keys against beacon chain observed participation and flags any key that appears active from a different IP/Node-ID than expected.

Technical Invariants & Bounds

  • Detection window: scan the last 2 epochs (≈12.8 min) of attestation data for each monitored key
  • Cross-reference sources: (1) beacon node peer ID map, (2) local validator client logs, (3) attestation gossip metadata if available
  • Alert confidence scoring: 0.6 × (unrecognized_peer_ids_count) + 0.4 × (duty_slot_miss_rate_on_expected_node)
  • False positive suppression: skip detection if the expected node is undergoing a scheduled reboot (maintenance window flag)
  • Alert deduplication: same doppelganger event not re-alerted within 24 hours
  • Must handle 10,000+ keys with batch processing; each batch of 1,000 keys processed in a web worker

Codebase Navigation Guide

  • src/hooks/useDoppelgangerDetection.ts – detection hook
  • src/workers/doppelgangerScannerWorker.ts – web worker for batch key scanning
  • src/components/alerts/DoppelgangerAlertPanel.tsx – alert display component
  • src/services/beaconChainService.ts – extend with peer ID query methods
  • src/utils/alertDeduplicator.ts – deduplication utility with 24h window
  • src/store/alertSlice.ts – alert state management

Implementation Blueprint

  1. Create src/utils/doppelgangerDetector.ts – core logic: for each key, query recent attestation slots, compare observed signing peer IDs against expected, compute confidence score
  2. Build src/workers/doppelgangerScannerWorker.ts – processes keys in batches of 1,000 using chunked ArrayBuffer transfer for zero-copy
  3. Implement src/utils/alertDeduplicator.ts – bloom filter-based deduplication with 24h TTL, persists to localStorage
  4. Create src/hooks/useDoppelgangerDetection.ts – orchestrates worker, applies maintenance window suppression, manages alert lifecycle
  5. Build src/components/alerts/DoppelgangerAlertPanel.tsx – renders alert list with confidence score bar, affected key, detected peer IDs, and "Acknowledge" / "Suppress" actions
  6. Integrate into global alert system in src/components/layout/AlertBanner.tsx

Metadata

Metadata

Assignees

Labels

Complexity: HardcoreExtremely difficult, high-complexity engineering taskGrantFox OSSIssue tracked in GrantFox OSSLayer: Core-EngineCore engine layerMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignType: Core-ArchitectureCore architecture design and structural concern

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions