I think that the discussion should at least happen. If we can’t demonstrate a degenerate case on mainnet, my preference would be to extend 0x01 capabilities.
Maybe not “free” but at least easy to fill and asymmetric compared to the restriction on beacon block operations
- Assuming we can add roughly the same amount of Exits as there are Deposits on the beacon chain – that’s 16 per block.
- Now assume that an Exit costs roughly the same gas in the contract as a Deposit does today – ~50k gas.
- Thus a single, non-validator actor can cram ~300 invalid Exits into a single execution layer (eth1) payload and prevent any honest Exits for happening for at least 18 slots. Or at least make them much slower on average.
There is a cost here in ETH tx fees but it doesn’t seem like the correct way to evaluate the cost of an attacker being able to grief core actions of the validator set that are only meaningfully taken by validators.
It’s not a DOS in terms of the chain grinding to a halt. Although I haven’t gone into a detailed analysis of all things an attacker could do here with capital available, it does seem like an attacker should not be able to pay to prevent honest exits.