ObolNetwork · obol-bulldozer · Apr 3, 2024 · Mar 3, 2024 · Mar 11, 2024 · Mar 25, 2024
diff --git a/app/obolapi/exit_test.go b/app/obolapi/exit_test.go
@@ -21,14 +21,15 @@ import (
 	"github.com/obolnetwork/charon/tbls"
 	"github.com/obolnetwork/charon/tbls/tblsconv"
 	"github.com/obolnetwork/charon/testutil/beaconmock"
+	"github.com/obolnetwork/charon/testutil/obolapimock"
 )
 
 const exitEpoch = eth2p0.Epoch(162304)
 
 func TestAPIFlow(t *testing.T) {
 	kn := 4
 
-	handler, addLockFiles := MockServer(false)
+	handler, addLockFiles := obolapimock.MockServer(false)
 	srv := httptest.NewServer(handler)
 
 	defer srv.Close()
@@ -119,7 +120,7 @@ func TestAPIFlow(t *testing.T) {
 func TestAPIFlowMissingSig(t *testing.T) {
 	kn := 4
 
-	handler, addLockFiles := MockServer(true)
+	handler, addLockFiles := obolapimock.MockServer(true)
 	srv := httptest.NewServer(handler)
 
 	defer srv.Close()

diff --git a/cmd/cmd.go b/cmd/cmd.go
@@ -48,6 +48,11 @@
 			newAddValidatorsCmd(runAddValidatorsSolo),
 			newViewClusterManifestCmd(runViewClusterManifest),
 		),
+		newExitCmd(
+			newListActiveValidatorsCmd(runListActiveValidatorsCmd),
+			newSubmitPartialExitCmd(runSubmitPartialExit),
+			newBcastFullExitCmd(runBcastFullExit),
+		),
 		newUnsafeCmd(newRunCmd(app.Run, true)),
 	)
 }

diff --git a/cmd/exit.go b/cmd/exit.go
@@ -0,0 +1,114 @@
+// Copyright © 2022-2024 Obol Labs Inc. Licensed under the terms of a Business Source License 1.1
+
+package cmd
+
+import (
+	"context"
+	"time"
+
+	eth2http "github.com/attestantio/go-eth2-client/http"
+	eth2p0 "github.com/attestantio/go-eth2-client/spec/phase0"
+	"github.com/spf13/cobra"
+
+	"github.com/obolnetwork/charon/app/errors"
+	"github.com/obolnetwork/charon/app/eth2wrap"
+	"github.com/obolnetwork/charon/app/log"
+	"github.com/obolnetwork/charon/eth2util/signing"
+	"github.com/obolnetwork/charon/tbls"
+)
+
+type exitConfig struct {
+	BeaconNodeURL   string
+	ValidatorAddr   string
+	DataDir         string
+	ObolAPIEndpoint string
+	ExitEpoch       uint64
+
+	PlaintextOutput bool
+
+	Log log.Config
+}
+
+func newExitCmd(cmds ...*cobra.Command) *cobra.Command {
+	root := &cobra.Command{
+		Use:   "exit",
+		Short: "Exit a distributed validator.",
+		Long:  "Exit a distributed validator through the Obol API.",
+	}
+
+	root.AddCommand(cmds...)
+
+	return root
+}
+
+func bindGenericExitFlags(cmd *cobra.Command, config *exitConfig) {
+	cmd.Flags().StringVar(&config.ObolAPIEndpoint, "obol-api-endpoint", "https://api.obol.tech", "Endpoint of the Obol API instance.")
+	cmd.Flags().StringVar(&config.BeaconNodeURL, "beacon-node-url", "", "Beacon node URL.")
+	cmd.Flags().StringVar(&config.DataDir, "data-dir", ".charon", "The directory where charon will read lock file and partial validator keys.")
+
+	mustMarkFlagRequired(cmd, "beacon-node-url")
+}
+
+func bindExitRelatedFlags(cmd *cobra.Command, config *exitConfig) {
+	cmd.Flags().StringVar(&config.ValidatorAddr, "validator-address", "", "Validator to exit, must be present in the cluster lock manifest.")
+	cmd.Flags().Uint64Var(&config.ExitEpoch, "exit-epoch", 162304, "Exit epoch at which the validator will exit, must be the same across all the partial exits.")
+
+	mustMarkFlagRequired(cmd, "validator-address")
+}
+
+func eth2Client(ctx context.Context, u string) (eth2wrap.Client, error) {
+	bnHTTPClient, err := eth2http.New(ctx,
+		eth2http.WithAddress(u),
+		eth2http.WithLogLevel(1), // zerolog.InfoLevel
+	)
+	if err != nil {
+		return nil, errors.Wrap(err, "can't connect to beacon node")
+	}
+
+	bnClient := bnHTTPClient.(*eth2http.Service)
+
+	return eth2wrap.AdaptEth2HTTP(bnClient, 10*time.Second), nil
+}
+
+// signExit signs a voluntary exit message for valIdx with the given keyShare.
+func signExit(ctx context.Context, eth2Cl eth2wrap.Client, valIdx eth2p0.ValidatorIndex, keyShare tbls.PrivateKey, exitEpoch eth2p0.Epoch) (eth2p0.SignedVoluntaryExit, error) {
+	exit := &eth2p0.VoluntaryExit{
+		Epoch:          exitEpoch,
+		ValidatorIndex: valIdx,
+	}
+
+	sigData, err := sigDataForExit(ctx, *exit, eth2Cl, exitEpoch)
+	if err != nil {
+		return eth2p0.SignedVoluntaryExit{}, errors.Wrap(err, "exit hash tree root")
+	}
+
+	sig, err := tbls.Sign(keyShare, sigData[:])
+	if err != nil {
+		return eth2p0.SignedVoluntaryExit{}, errors.Wrap(err, "signing error")
+	}
+
+	return eth2p0.SignedVoluntaryExit{
+		Message:   exit,
+		Signature: eth2p0.BLSSignature(sig),
+	}, nil
+}
+
+// sigDataForExit returns the hash tree root for the given exit message, at the given exit epoch.
+func sigDataForExit(ctx context.Context, exit eth2p0.VoluntaryExit, eth2Cl eth2wrap.Client, exitEpoch eth2p0.Epoch) ([32]byte, error) {
+	sigRoot, err := exit.HashTreeRoot()
+	if err != nil {
+		return [32]byte{}, errors.Wrap(err, "exit hash tree root")
+	}
+
+	domain, err := signing.GetDomain(ctx, eth2Cl, signing.DomainExit, exitEpoch)
+	if err != nil {
+		return [32]byte{}, errors.Wrap(err, "get domain")
+	}
+
+	sigData, err := (&eth2p0.SigningData{ObjectRoot: sigRoot, Domain: domain}).HashTreeRoot()
+	if err != nil {
+		return [32]byte{}, errors.Wrap(err, "signing data hash tree root")
+	}
+
+	return sigData, nil
+}
diff --git a/cmd/exit_fullexit.go b/cmd/exit_fullexit.go
@@ -0,0 +1,130 @@
+// Copyright © 2022-2024 Obol Labs Inc. Licensed under the terms of a Business Source License 1.1
+
+package cmd
+
+import (
+	"context"
+	"path/filepath"
+
+	libp2plog "github.com/ipfs/go-log/v2"
+	"github.com/spf13/cobra"
+
+	"github.com/obolnetwork/charon/app/errors"
+	"github.com/obolnetwork/charon/app/k1util"
+	"github.com/obolnetwork/charon/app/log"
+	"github.com/obolnetwork/charon/app/obolapi"
+	"github.com/obolnetwork/charon/app/z"
+	"github.com/obolnetwork/charon/core"
+	"github.com/obolnetwork/charon/eth2util/keystore"
+	"github.com/obolnetwork/charon/tbls"
+	"github.com/obolnetwork/charon/tbls/tblsconv"
+)
+
+func newBcastFullExitCmd(runFunc func(context.Context, exitConfig) error) *cobra.Command {
+	var config exitConfig
+
+	cmd := &cobra.Command{
+		Use:   "broadcast",
+		Short: "Broadcast exit",
+		Long:  `Broadcasts a full exit message, aggregated with the available partial signatures retrieved from Obol API.`,
+		Args:  cobra.NoArgs,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if err := log.InitLogger(config.Log); err != nil {
+				return err
+			}
+			libp2plog.SetPrimaryCore(log.LoggerCore()) // Set libp2p logger to use charon logger
+
+			printFlags(cmd.Context(), cmd.Flags())
+
+			return runFunc(cmd.Context(), config)
+		},
+	}
+
+	bindGenericExitFlags(cmd, &config)
+	bindExitRelatedFlags(cmd, &config)
+	bindLogFlags(cmd.Flags(), &config.Log)
+
+	return cmd
+}
+
+func runBcastFullExit(ctx context.Context, config exitConfig) error {
+	lockFilePath := filepath.Join(config.DataDir, "cluster-lock.json")
+	manifestFilePath := filepath.Join(config.DataDir, "cluster-manifest.pb")
+	identityKeyPath := filepath.Join(config.DataDir, "charon-enr-private-key")
+
+	identityKey, err := k1util.Load(identityKeyPath)
+	if err != nil {
+		return errors.Wrap(err, "could not load identity key")
+	}
+
+	cl, err := loadClusterManifest(manifestFilePath, lockFilePath)
+	if err != nil {
+		return errors.Wrap(err, "could not load cluster data")
+	}
+
+	validator := core.PubKey(config.ValidatorAddr)
+	if _, err := validator.Bytes(); err != nil {
+		return errors.Wrap(err, "cannot convert validator pubkey to bytes")
+	}
+
+	ctx = log.WithCtx(ctx, z.Str("validator", validator.String()))
+
+	eth2Cl, err := eth2Client(ctx, config.BeaconNodeURL)
+	if err != nil {
+		return errors.Wrap(err, "cannot create eth2 client for specified beacon node")
+	}
+
+	oAPI, err := obolapi.New(config.ObolAPIEndpoint)
+	if err != nil {
+		return errors.Wrap(err, "could not create obol api client")
+	}
+
+	log.Info(ctx, "Retrieving full exit message")
+
+	shareIdx, err := keystore.ShareIdxForCluster(cl, *identityKey.PubKey())
+	if err != nil {
+		return errors.Wrap(err, "could not load share index from cluster lock")
+	}
+
+	fullExit, err := oAPI.GetFullExit(ctx, config.ValidatorAddr, cl.GetInitialMutationHash(), shareIdx, identityKey)
+	if err != nil {
+		return errors.Wrap(err, "could not load full exit data from Obol API")
+	}
+
+	// parse validator public key
+	rawPkBytes, err := validator.Bytes()
+	if err != nil {
+		return errors.Wrap(err, "could not serialize validator key bytes")
+	}
+
+	pubkey, err := tblsconv.PubkeyFromBytes(rawPkBytes)
+	if err != nil {
+		return errors.Wrap(err, "could not convert validator key bytes to BLS public key")
+	}
+
+	// parse signature
+	signature, err := tblsconv.SignatureFromBytes(fullExit.SignedExitMessage.Signature[:])
+	if err != nil {
+		return errors.Wrap(err, "could not parse BLS signature from bytes")
+	}
+
+	exitRoot, err := sigDataForExit(
+		ctx,
+		*fullExit.SignedExitMessage.Message,
+		eth2Cl,
+		fullExit.SignedExitMessage.Message.Epoch,
+	)
+	if err != nil {
+		return errors.Wrap(err, "cannot calculate hash tree root for exit message for verification")
+	}
+
+	if err := tbls.Verify(pubkey, exitRoot[:], signature); err != nil {
+		return errors.Wrap(err, "exit message signature not verified")
+	}
+
+	if err := eth2Cl.SubmitVoluntaryExit(ctx, &fullExit.SignedExitMessage); err != nil {
+		return errors.Wrap(err, "could submit voluntary exit")
+	}
+
+	return nil
+}