@lodestar/validator 1.35.0-dev.a70bac5bd3 → 1.35.0-dev.ba92bd8a88

package/src/slashingProtection/attestation/attestationByTargetRepository.ts

@@ -0,0 +1,77 @@
+import {ContainerType, Type} from "@chainsafe/ssz";
+import {DB_PREFIX_LENGTH, DbReqOpts, encodeKey, uintLen} from "@lodestar/db";
+import {BLSPubkey, Epoch, ssz} from "@lodestar/types";
+import {bytesToInt, intToBytes} from "@lodestar/utils";
+import {Bucket, getBucketNameByValue} from "../../buckets.js";
+import {LodestarValidatorDatabaseController} from "../../types.js";
+import {SlashingProtectionAttestation} from "../types.js";
+import {blsPubkeyLen, uniqueVectorArr} from "../utils.js";
+
+/**
+ * Manages validator db storage of attestations.
+ * Entries in the db are indexed by an encoded key which combines the validator's public key and the
+ * attestation's target epoch.
+ */
+export class AttestationByTargetRepository {
+  protected type: Type<SlashingProtectionAttestation>;
+  protected bucket = Bucket.slashingProtectionAttestationByTarget;
+
+  private readonly bucketId = getBucketNameByValue(this.bucket);
+  private readonly dbReqOpts: DbReqOpts = {bucketId: this.bucketId};
+  private readonly minKey: Uint8Array;
+  private readonly maxKey: Uint8Array;
+
+  constructor(protected db: LodestarValidatorDatabaseController) {
+    this.type = new ContainerType({
+      sourceEpoch: ssz.Epoch,
+      targetEpoch: ssz.Epoch,
+      signingRoot: ssz.Root,
+    }); // casing doesn't matter
+    this.minKey = encodeKey(this.bucket, Buffer.alloc(0));
+    this.maxKey = encodeKey(this.bucket + 1, Buffer.alloc(0));
+  }
+
+  async getAll(pubkey: BLSPubkey, limit?: number): Promise<SlashingProtectionAttestation[]> {
+    const attestations = await this.db.values({
+      limit,
+      gte: this.encodeKey(pubkey, 0),
+      lt: this.encodeKey(pubkey, Number.MAX_SAFE_INTEGER),
+      bucketId: this.bucketId,
+    });
+    return attestations.map((attestation) => this.type.deserialize(attestation));
+  }
+
+  async get(pubkey: BLSPubkey, targetEpoch: Epoch): Promise<SlashingProtectionAttestation | null> {
+    const att = await this.db.get(this.encodeKey(pubkey, targetEpoch), this.dbReqOpts);
+    return att && this.type.deserialize(att);
+  }
+
+  async set(pubkey: BLSPubkey, atts: SlashingProtectionAttestation[]): Promise<void> {
+    await this.db.batchPut(
+      atts.map((att) => ({
+        key: this.encodeKey(pubkey, att.targetEpoch),
+        value: this.type.serialize(att),
+      })),
+      this.dbReqOpts
+    );
+  }
+
+  async listPubkeys(): Promise<BLSPubkey[]> {
+    const keys = await this.db.keys({gte: this.minKey, lt: this.maxKey, bucketId: this.bucketId});
+    return uniqueVectorArr(keys.map((key) => this.decodeKey(key).pubkey));
+  }
+
+  private encodeKey(pubkey: BLSPubkey, targetEpoch: Epoch): Uint8Array {
+    return encodeKey(this.bucket, Buffer.concat([pubkey, intToBytes(BigInt(targetEpoch), uintLen, "be")]));
+  }
+
+  private decodeKey(key: Uint8Array): {pubkey: BLSPubkey; targetEpoch: Epoch} {
+    return {
+      pubkey: key.slice(DB_PREFIX_LENGTH, DB_PREFIX_LENGTH + blsPubkeyLen),
+      targetEpoch: bytesToInt(
+        key.slice(DB_PREFIX_LENGTH + blsPubkeyLen, DB_PREFIX_LENGTH + blsPubkeyLen + uintLen),
+        "be"
+      ),
+    };
+  }
+}

package/src/slashingProtection/attestation/attestationLowerBoundRepository.ts

@@ -0,0 +1,44 @@
+import {ContainerType, Type} from "@chainsafe/ssz";
+import {DbReqOpts, encodeKey} from "@lodestar/db";
+import {BLSPubkey, Epoch, ssz} from "@lodestar/types";
+import {Bucket, getBucketNameByValue} from "../../buckets.js";
+import {LodestarValidatorDatabaseController} from "../../types.js";
+
+// Only used locally here
+export interface SlashingProtectionLowerBound {
+  minSourceEpoch: Epoch;
+  minTargetEpoch: Epoch;
+}
+
+/**
+ * Manages validator db storage of the minimum source and target epochs required of a validator
+ * attestation.
+ */
+export class AttestationLowerBoundRepository {
+  protected type: Type<SlashingProtectionLowerBound>;
+  protected bucket = Bucket.slashingProtectionAttestationLowerBound;
+
+  private readonly bucketId = getBucketNameByValue(this.bucket);
+  private readonly dbReqOpts: DbReqOpts = {bucketId: this.bucketId};
+
+  constructor(protected db: LodestarValidatorDatabaseController) {
+    this.type = new ContainerType({
+      minSourceEpoch: ssz.Epoch,
+      minTargetEpoch: ssz.Epoch,
+    }); // casing doesn't matter
+    this.dbReqOpts = {bucketId: this.bucketId};
+  }
+
+  async get(pubkey: BLSPubkey): Promise<SlashingProtectionLowerBound | null> {
+    const att = await this.db.get(this.encodeKey(pubkey), this.dbReqOpts);
+    return att && this.type.deserialize(att);
+  }
+
+  async set(pubkey: BLSPubkey, value: SlashingProtectionLowerBound): Promise<void> {
+    await this.db.put(this.encodeKey(pubkey), this.type.serialize(value), this.dbReqOpts);
+  }
+
+  private encodeKey(pubkey: BLSPubkey): Uint8Array {
+    return encodeKey(this.bucket, pubkey);
+  }
+}

package/src/slashingProtection/attestation/errors.ts

@@ -0,0 +1,66 @@
+import {Epoch} from "@lodestar/types";
+import {LodestarError} from "@lodestar/utils";
+import {SlashingProtectionAttestation} from "../types.js";
+
+export enum InvalidAttestationErrorCode {
+  /**
+   * The attestation has the same target epoch as an attestation from the DB
+   */
+  DOUBLE_VOTE = "ERR_INVALID_ATTESTATION_DOUBLE_VOTE",
+  /**
+   * The attestation surrounds an existing attestation from the database `prev`
+   */
+  NEW_SURROUNDS_PREV = "ERR_INVALID_ATTESTATION_NEW_SURROUNDS_PREV",
+  /**
+   * The attestation is surrounded by an existing attestation from the database `prev`
+   */
+  PREV_SURROUNDS_NEW = "ERR_INVALID_ATTESTATION_PREV_SURROUNDS_NEW",
+  /**
+   * The attestation is invalid because its source epoch is greater than its target epoch
+   */
+  SOURCE_EXCEEDS_TARGET = "ERR_INVALID_ATTESTATION_SOURCE_EXCEEDS_TARGET",
+  /**
+   * The attestation is invalid because its source epoch is less than the lower bound on source
+   * epochs for this validator.
+   */
+  SOURCE_LESS_THAN_LOWER_BOUND = "ERR_INVALID_ATTESTATION_SOURCE_LESS_THAN_LOWER_BOUND",
+  /**
+   * The attestation is invalid because its target epoch is less than or equal to the lower
+   * bound on target epochs for this validator.
+   */
+  TARGET_LESS_THAN_OR_EQ_LOWER_BOUND = "ERR_INVALID_ATTESTATION_TARGET_LESS_THAN_OR_EQ_LOWER_BOUND",
+}
+
+type InvalidAttestationErrorType =
+  | {
+      code: InvalidAttestationErrorCode.DOUBLE_VOTE;
+      attestation: SlashingProtectionAttestation;
+      prev: SlashingProtectionAttestation;
+    }
+  | {
+      code: InvalidAttestationErrorCode.NEW_SURROUNDS_PREV;
+      attestation: SlashingProtectionAttestation;
+      // Since using min-max surround, the actual attestation may not be available
+      prev: SlashingProtectionAttestation | null;
+    }
+  | {
+      code: InvalidAttestationErrorCode.PREV_SURROUNDS_NEW;
+      attestation: SlashingProtectionAttestation;
+      // Since using min-max surround, the actual attestation may not be available
+      prev: SlashingProtectionAttestation | null;
+    }
+  | {
+      code: InvalidAttestationErrorCode.SOURCE_EXCEEDS_TARGET;
+    }
+  | {
+      code: InvalidAttestationErrorCode.SOURCE_LESS_THAN_LOWER_BOUND;
+      sourceEpoch: Epoch;
+      minSourceEpoch: Epoch;
+    }
+  | {
+      code: InvalidAttestationErrorCode.TARGET_LESS_THAN_OR_EQ_LOWER_BOUND;
+      targetEpoch: Epoch;
+      minTargetEpoch: Epoch;
+    };
+
+export class InvalidAttestationError extends LodestarError<InvalidAttestationErrorType> {}

package/src/slashingProtection/attestation/index.ts

@@ -0,0 +1,171 @@
+import {BLSPubkey, Epoch} from "@lodestar/types";
+import {MinMaxSurround, SurroundAttestationError, SurroundAttestationErrorCode} from "../minMaxSurround/index.js";
+import {SlashingProtectionAttestation} from "../types.js";
+import {isEqualNonZeroRoot, minEpoch} from "../utils.js";
+import {AttestationByTargetRepository} from "./attestationByTargetRepository.js";
+import {AttestationLowerBoundRepository} from "./attestationLowerBoundRepository.js";
+import {InvalidAttestationError, InvalidAttestationErrorCode} from "./errors.js";
+export {
+  AttestationByTargetRepository,
+  AttestationLowerBoundRepository,
+  InvalidAttestationError,
+  InvalidAttestationErrorCode,
+};
+
+enum SafeStatus {
+  SAME_DATA = "SAFE_STATUS_SAME_DATA",
+  OK = "SAFE_STATUS_OK",
+}
+
+export class SlashingProtectionAttestationService {
+  private attestationByTarget: AttestationByTargetRepository;
+  private attestationLowerBound: AttestationLowerBoundRepository;
+  private minMaxSurround: MinMaxSurround;
+
+  constructor(
+    signedAttestationDb: AttestationByTargetRepository,
+    attestationLowerBound: AttestationLowerBoundRepository,
+    minMaxSurround: MinMaxSurround
+  ) {
+    this.attestationByTarget = signedAttestationDb;
+    this.attestationLowerBound = attestationLowerBound;
+    this.minMaxSurround = minMaxSurround;
+  }
+
+  /**
+   * Check an attestation for slash safety, and if it is safe, record it in the database
+   * This is the safe, externally-callable interface for checking attestations
+   */
+  async checkAndInsertAttestation(pubKey: BLSPubkey, attestation: SlashingProtectionAttestation): Promise<void> {
+    const safeStatus = await this.checkAttestation(pubKey, attestation);
+
+    if (safeStatus !== SafeStatus.SAME_DATA) {
+      await this.insertAttestation(pubKey, attestation);
+    }
+
+    // TODO: Implement safe clean-up of stored attestations
+  }
+
+  /**
+   * Check an attestation from `pubKey` for slash safety.
+   */
+  async checkAttestation(pubKey: BLSPubkey, attestation: SlashingProtectionAttestation): Promise<SafeStatus> {
+    // Although it's not required to avoid slashing, we disallow attestations
+    // which are obviously invalid by virtue of their source epoch exceeding their target.
+    if (attestation.sourceEpoch > attestation.targetEpoch) {
+      throw new InvalidAttestationError({code: InvalidAttestationErrorCode.SOURCE_EXCEEDS_TARGET});
+    }
+
+    // Check for a double vote. Namely, an existing attestation with the same target epoch,
+    // and a different signing root.
+    const sameTargetAtt = await this.attestationByTarget.get(pubKey, attestation.targetEpoch);
+    if (sameTargetAtt) {
+      // Interchange format allows for attestations without signing_root, then assume root is equal
+      if (isEqualNonZeroRoot(sameTargetAtt.signingRoot, attestation.signingRoot)) {
+        return SafeStatus.SAME_DATA;
+      }
+      throw new InvalidAttestationError({
+        code: InvalidAttestationErrorCode.DOUBLE_VOTE,
+        attestation: attestation,
+        prev: sameTargetAtt,
+      });
+    }
+
+    // Check for a surround vote
+    try {
+      await this.minMaxSurround.assertNoSurround(pubKey, attestation);
+    } catch (e) {
+      if (e instanceof SurroundAttestationError) {
+        const prev = await this.attestationByTarget.get(pubKey, e.type.attestation2Target).catch(() => null);
+        switch (e.type.code) {
+          case SurroundAttestationErrorCode.IS_SURROUNDING:
+            throw new InvalidAttestationError({
+              code: InvalidAttestationErrorCode.NEW_SURROUNDS_PREV,
+              attestation,
+              prev,
+            });
+          case SurroundAttestationErrorCode.IS_SURROUNDED:
+            throw new InvalidAttestationError({
+              code: InvalidAttestationErrorCode.PREV_SURROUNDS_NEW,
+              attestation,
+              prev,
+            });
+        }
+      }
+      throw e;
+    }
+
+    // Refuse to sign any attestation with:
+    // - source.epoch < min(att.source_epoch for att in data.signed_attestations if att.pubkey == attester_pubkey), OR
+    // - target_epoch <= min(att.target_epoch for att in data.signed_attestations if att.pubkey == attester_pubkey)
+    // (spec v4, Slashing Protection Database Interchange Format)
+    const attestationLowerBound = await this.attestationLowerBound.get(pubKey);
+    if (attestationLowerBound) {
+      const {minSourceEpoch, minTargetEpoch} = attestationLowerBound;
+      if (attestation.sourceEpoch < minSourceEpoch) {
+        throw new InvalidAttestationError({
+          code: InvalidAttestationErrorCode.SOURCE_LESS_THAN_LOWER_BOUND,
+          sourceEpoch: attestation.sourceEpoch,
+          minSourceEpoch,
+        });
+      }
+
+      if (attestation.targetEpoch <= minTargetEpoch) {
+        throw new InvalidAttestationError({
+          code: InvalidAttestationErrorCode.TARGET_LESS_THAN_OR_EQ_LOWER_BOUND,
+          targetEpoch: attestation.targetEpoch,
+          minTargetEpoch,
+        });
+      }
+    }
+
+    return SafeStatus.OK;
+  }
+
+  /**
+   * Insert an attestation into the slashing database
+   * This should *only* be called in the same (exclusive) transaction as `checkAttestation`
+   * so that the check isn't invalidated by a concurrent mutation
+   */
+  async insertAttestation(pubKey: BLSPubkey, attestation: SlashingProtectionAttestation): Promise<void> {
+    await this.attestationByTarget.set(pubKey, [attestation]);
+    await this.minMaxSurround.insertAttestation(pubKey, attestation);
+  }
+
+  /**
+   * Retrieve an attestation from the slashing protection database for a given `pubkey` and `epoch`
+   */
+  async getAttestationForEpoch(pubkey: BLSPubkey, epoch: Epoch): Promise<SlashingProtectionAttestation | null> {
+    return this.attestationByTarget.get(pubkey, epoch);
+  }
+
+  /**
+   * Interchange import / export functionality
+   */
+  async importAttestations(pubkey: BLSPubkey, attestations: SlashingProtectionAttestation[]): Promise<void> {
+    await this.attestationByTarget.set(pubkey, attestations);
+
+    // Pre-compute spans for all attestations
+    for (const attestation of attestations) {
+      await this.minMaxSurround.insertAttestation(pubkey, attestation);
+    }
+
+    // Pre-compute and store lower-bound
+    const minSourceEpoch = minEpoch(attestations.map((attestation) => attestation.sourceEpoch));
+    const minTargetEpoch = minEpoch(attestations.map((attestation) => attestation.targetEpoch));
+    if (minSourceEpoch != null && minTargetEpoch != null) {
+      await this.attestationLowerBound.set(pubkey, {minSourceEpoch, minTargetEpoch});
+    }
+  }
+
+  /**
+   * Interchange import / export functionality
+   */
+  async exportAttestations(pubkey: BLSPubkey): Promise<SlashingProtectionAttestation[]> {
+    return this.attestationByTarget.getAll(pubkey);
+  }
+
+  async listPubkeys(): Promise<BLSPubkey[]> {
+    return this.attestationByTarget.listPubkeys();
+  }
+}

package/src/slashingProtection/block/blockBySlotRepository.ts

@@ -0,0 +1,78 @@
+import {ContainerType, Type} from "@chainsafe/ssz";
+import {DB_PREFIX_LENGTH, DbReqOpts, encodeKey, uintLen} from "@lodestar/db";
+import {BLSPubkey, Slot, ssz} from "@lodestar/types";
+import {bytesToInt, intToBytes} from "@lodestar/utils";
+import {Bucket, getBucketNameByValue} from "../../buckets.js";
+import {LodestarValidatorDatabaseController} from "../../types.js";
+import {SlashingProtectionBlock} from "../types.js";
+import {blsPubkeyLen, uniqueVectorArr} from "../utils.js";
+
+/**
+ * Manages validator db storage of blocks.
+ * Entries in the db are indexed by an encoded key which combines the validator's public key and the
+ * block's slot.
+ */
+export class BlockBySlotRepository {
+  protected type: Type<SlashingProtectionBlock>;
+  protected bucket = Bucket.slashingProtectionBlockBySlot;
+
+  private readonly bucketId = getBucketNameByValue(this.bucket);
+  private readonly dbReqOpts: DbReqOpts = {bucketId: this.bucketId};
+  private readonly minKey: Uint8Array;
+  private readonly maxKey: Uint8Array;
+
+  constructor(protected db: LodestarValidatorDatabaseController) {
+    this.type = new ContainerType({
+      slot: ssz.Slot,
+      signingRoot: ssz.Root,
+    }); // casing doesn't matter
+    this.minKey = encodeKey(this.bucket, Buffer.alloc(0));
+    this.maxKey = encodeKey(this.bucket + 1, Buffer.alloc(0));
+  }
+
+  async getAll(pubkey: BLSPubkey, limit?: number): Promise<SlashingProtectionBlock[]> {
+    const blocks = await this.db.values({
+      limit,
+      gte: this.encodeKey(pubkey, 0),
+      lt: this.encodeKey(pubkey, Number.MAX_SAFE_INTEGER),
+      bucketId: this.bucketId,
+    });
+    return blocks.map((block) => this.type.deserialize(block));
+  }
+
+  async getFirst(pubkey: BLSPubkey): Promise<SlashingProtectionBlock | null> {
+    const blocks = await this.getAll(pubkey, 1);
+    return blocks[0] ?? null;
+  }
+
+  async get(pubkey: BLSPubkey, slot: Slot): Promise<SlashingProtectionBlock | null> {
+    const block = await this.db.get(this.encodeKey(pubkey, slot), this.dbReqOpts);
+    return block && this.type.deserialize(block);
+  }
+
+  async set(pubkey: BLSPubkey, blocks: SlashingProtectionBlock[]): Promise<void> {
+    await this.db.batchPut(
+      blocks.map((block) => ({
+        key: this.encodeKey(pubkey, block.slot),
+        value: this.type.serialize(block),
+      })),
+      this.dbReqOpts
+    );
+  }
+
+  async listPubkeys(): Promise<BLSPubkey[]> {
+    const keys = await this.db.keys({gte: this.minKey, lt: this.maxKey, bucketId: this.bucketId});
+    return uniqueVectorArr(keys.map((key) => this.decodeKey(key).pubkey));
+  }
+
+  private encodeKey(pubkey: BLSPubkey, slot: Slot): Uint8Array {
+    return encodeKey(this.bucket, Buffer.concat([pubkey, intToBytes(BigInt(slot), uintLen, "be")]));
+  }
+
+  private decodeKey(key: Uint8Array): {pubkey: BLSPubkey; slot: Slot} {
+    return {
+      pubkey: key.slice(DB_PREFIX_LENGTH, DB_PREFIX_LENGTH + blsPubkeyLen),
+      slot: bytesToInt(key.slice(DB_PREFIX_LENGTH, DB_PREFIX_LENGTH + uintLen), "be"),
+    };
+  }
+}

package/src/slashingProtection/block/errors.ts

@@ -0,0 +1,28 @@
+import {Slot} from "@lodestar/types";
+import {LodestarError} from "@lodestar/utils";
+import {SlashingProtectionBlock} from "../types.js";
+
+export enum InvalidBlockErrorCode {
+  /**
+   * The block has the same slot as a block from the DB
+   */
+  DOUBLE_BLOCK_PROPOSAL = "ERR_INVALID_BLOCK_DOUBLE_BLOCK_PROPOSAL",
+  /**
+   * The block is invalid because its slot is less than the lower bound slot for this validator.
+   */
+  SLOT_LESS_THAN_LOWER_BOUND = "ERR_INVALID_BLOCK_SLOT_LESS_THAN_LOWER_BOUND",
+}
+
+type InvalidBlockErrorType =
+  | {
+      code: InvalidBlockErrorCode.DOUBLE_BLOCK_PROPOSAL;
+      block: SlashingProtectionBlock;
+      block2: SlashingProtectionBlock;
+    }
+  | {
+      code: InvalidBlockErrorCode.SLOT_LESS_THAN_LOWER_BOUND;
+      slot: Slot;
+      minSlot: Slot;
+    };
+
+export class InvalidBlockError extends LodestarError<InvalidBlockErrorType> {}

package/src/slashingProtection/block/index.ts

@@ -0,0 +1,94 @@
+import {BLSPubkey} from "@lodestar/types";
+import {SlashingProtectionBlock} from "../types.js";
+import {isEqualNonZeroRoot} from "../utils.js";
+import {BlockBySlotRepository} from "./blockBySlotRepository.js";
+import {InvalidBlockError, InvalidBlockErrorCode} from "./errors.js";
+export {BlockBySlotRepository, InvalidBlockError, InvalidBlockErrorCode};
+
+enum SafeStatus {
+  SAME_DATA = "SAFE_STATUS_SAME_DATA",
+  OK = "SAFE_STATUS_OK",
+}
+
+export class SlashingProtectionBlockService {
+  private blockBySlot: BlockBySlotRepository;
+
+  constructor(blockBySlot: BlockBySlotRepository) {
+    this.blockBySlot = blockBySlot;
+  }
+
+  /**
+   * Check a block proposal for slash safety, and if it is safe, record it in the database.
+   * This is the safe, externally-callable interface for checking block proposals.
+   */
+  async checkAndInsertBlockProposal(pubkey: BLSPubkey, block: SlashingProtectionBlock): Promise<void> {
+    const safeStatus = await this.checkBlockProposal(pubkey, block);
+
+    if (safeStatus !== SafeStatus.SAME_DATA) {
+      await this.insertBlockProposal(pubkey, block);
+    }
+
+    // TODO: Implement safe clean-up of stored blocks
+  }
+
+  /**
+   * Check a block proposal from `pubKey` for slash safety.
+   */
+  async checkBlockProposal(pubkey: BLSPubkey, block: SlashingProtectionBlock): Promise<SafeStatus> {
+    // Double proposal
+    const sameSlotBlock = await this.blockBySlot.get(pubkey, block.slot);
+    if (sameSlotBlock && block.slot === sameSlotBlock.slot) {
+      // Interchange format allows for blocks without signing_root, then assume root is equal
+      if (isEqualNonZeroRoot(sameSlotBlock.signingRoot, block.signingRoot)) {
+        return SafeStatus.SAME_DATA;
+      }
+
+      throw new InvalidBlockError({
+        code: InvalidBlockErrorCode.DOUBLE_BLOCK_PROPOSAL,
+        block,
+        block2: sameSlotBlock,
+      });
+    }
+
+    // Refuse to sign any block with slot <= min(b.slot for b in data.signed_blocks if b.pubkey == proposer_pubkey),
+    // except if it is a repeat signing as determined by the signing_root.
+    // (spec v4, Slashing Protection Database Interchange Format)
+    const minBlock = await this.blockBySlot.getFirst(pubkey);
+    if (minBlock && block.slot <= minBlock.slot) {
+      throw new InvalidBlockError({
+        code: InvalidBlockErrorCode.SLOT_LESS_THAN_LOWER_BOUND,
+        slot: block.slot,
+        minSlot: minBlock.slot,
+      });
+    }
+
+    return SafeStatus.OK;
+  }
+
+  /**
+   * Insert a block proposal into the slashing database
+   * This should *only* be called in the same (exclusive) transaction as `checkBlockProposal`
+   * so that the check isn't invalidated by a concurrent mutation
+   */
+  async insertBlockProposal(pubkey: BLSPubkey, block: SlashingProtectionBlock): Promise<void> {
+    await this.blockBySlot.set(pubkey, [block]);
+  }
+
+  /**
+   * Interchange import / export functionality
+   */
+  async importBlocks(pubkey: BLSPubkey, blocks: SlashingProtectionBlock[]): Promise<void> {
+    await this.blockBySlot.set(pubkey, blocks);
+  }
+
+  /**
+   * Interchange import / export functionality
+   */
+  async exportBlocks(pubkey: BLSPubkey): Promise<SlashingProtectionBlock[]> {
+    return this.blockBySlot.getAll(pubkey);
+  }
+
+  async listPubkeys(): Promise<BLSPubkey[]> {
+    return this.blockBySlot.listPubkeys();
+  }
+}

package/src/slashingProtection/index.ts

@@ -0,0 +1,95 @@
+import {BLSPubkey, Epoch, Root} from "@lodestar/types";
+import {Logger, toPubkeyHex} from "@lodestar/utils";
+import {uniqueVectorArr} from "../slashingProtection/utils.js";
+import {LodestarValidatorDatabaseController} from "../types.js";
+import {
+  AttestationByTargetRepository,
+  AttestationLowerBoundRepository,
+  SlashingProtectionAttestationService,
+} from "./attestation/index.js";
+import {BlockBySlotRepository, SlashingProtectionBlockService} from "./block/index.js";
+import {
+  Interchange,
+  InterchangeFormatVersion,
+  InterchangeLodestar,
+  parseInterchange,
+  serializeInterchange,
+} from "./interchange/index.js";
+import {ISlashingProtection} from "./interface.js";
+import {DistanceStoreRepository, MinMaxSurround} from "./minMaxSurround/index.js";
+import {SlashingProtectionAttestation, SlashingProtectionBlock} from "./types.js";
+
+export {InvalidAttestationError, InvalidAttestationErrorCode} from "./attestation/index.js";
+export {InvalidBlockError, InvalidBlockErrorCode} from "./block/index.js";
+export type {Interchange, InterchangeFormat} from "./interchange/index.js";
+export {InterchangeError, InterchangeErrorErrorCode} from "./interchange/index.js";
+export type {ISlashingProtection, InterchangeFormatVersion, SlashingProtectionBlock, SlashingProtectionAttestation};
+/**
+ * Handles slashing protection for validator proposer and attester duties as well as slashing protection
+ * during a validator interchange import/export process.
+ */
+export class SlashingProtection implements ISlashingProtection {
+  private blockService: SlashingProtectionBlockService;
+  private attestationService: SlashingProtectionAttestationService;
+
+  constructor(protected db: LodestarValidatorDatabaseController) {
+    const blockBySlotRepository = new BlockBySlotRepository(db);
+    const attestationByTargetRepository = new AttestationByTargetRepository(db);
+    const attestationLowerBoundRepository = new AttestationLowerBoundRepository(db);
+    const distanceStoreRepository = new DistanceStoreRepository(db);
+    const minMaxSurround = new MinMaxSurround(distanceStoreRepository);
+
+    this.blockService = new SlashingProtectionBlockService(blockBySlotRepository);
+    this.attestationService = new SlashingProtectionAttestationService(
+      attestationByTargetRepository,
+      attestationLowerBoundRepository,
+      minMaxSurround
+    );
+  }
+
+  async checkAndInsertBlockProposal(pubKey: BLSPubkey, block: SlashingProtectionBlock): Promise<void> {
+    await this.blockService.checkAndInsertBlockProposal(pubKey, block);
+  }
+
+  async checkAndInsertAttestation(pubKey: BLSPubkey, attestation: SlashingProtectionAttestation): Promise<void> {
+    await this.attestationService.checkAndInsertAttestation(pubKey, attestation);
+  }
+
+  async hasAttestedInEpoch(pubKey: BLSPubkey, epoch: Epoch): Promise<boolean> {
+    return (await this.attestationService.getAttestationForEpoch(pubKey, epoch)) !== null;
+  }
+
+  async importInterchange(interchange: Interchange, genesisValidatorsRoot: Root, logger?: Logger): Promise<void> {
+    const {data} = parseInterchange(interchange, genesisValidatorsRoot);
+    for (const validator of data) {
+      logger?.info("Importing slashing protection", {pubkey: toPubkeyHex(validator.pubkey)});
+      await this.blockService.importBlocks(validator.pubkey, validator.signedBlocks);
+      await this.attestationService.importAttestations(validator.pubkey, validator.signedAttestations);
+    }
+  }
+
+  async exportInterchange(
+    genesisValidatorsRoot: Root,
+    pubkeys: BLSPubkey[],
+    formatVersion: InterchangeFormatVersion,
+    logger?: Logger
+  ): Promise<Interchange> {
+    const validatorData: InterchangeLodestar["data"] = [];
+    for (const pubkey of pubkeys) {
+      logger?.info("Exporting slashing protection", {pubkey: toPubkeyHex(pubkey)});
+      validatorData.push({
+        pubkey,
+        signedBlocks: await this.blockService.exportBlocks(pubkey),
+        signedAttestations: await this.attestationService.exportAttestations(pubkey),
+      });
+    }
+    logger?.verbose("Serializing Interchange");
+    return serializeInterchange({data: validatorData, genesisValidatorsRoot}, formatVersion);
+  }
+
+  async listPubkeys(): Promise<BLSPubkey[]> {
+    const pubkeysAtt = await this.attestationService.listPubkeys();
+    const pubkeysBlk = await this.blockService.listPubkeys();
+    return uniqueVectorArr([...pubkeysAtt, ...pubkeysBlk]);
+  }
+}

package/src/slashingProtection/interchange/errors.ts

@@ -0,0 +1,15 @@
+import {Root} from "@lodestar/types";
+import {LodestarError} from "@lodestar/utils";
+
+export enum InterchangeErrorErrorCode {
+  UNSUPPORTED_FORMAT = "ERR_INTERCHANGE_UNSUPPORTED_FORMAT",
+  UNSUPPORTED_VERSION = "ERR_INTERCHANGE_UNSUPPORTED_VERSION",
+  GENESIS_VALIDATOR_MISMATCH = "ERR_INTERCHANGE_GENESIS_VALIDATOR_MISMATCH",
+}
+
+type InterchangeErrorErrorType =
+  | {code: InterchangeErrorErrorCode.UNSUPPORTED_FORMAT; format: string}
+  | {code: InterchangeErrorErrorCode.UNSUPPORTED_VERSION; version: string}
+  | {code: InterchangeErrorErrorCode.GENESIS_VALIDATOR_MISMATCH; root: Root; expectedRoot: Root};
+
+export class InterchangeError extends LodestarError<InterchangeErrorErrorType> {}