SSV Register Cluster copied shares attack

# SSV Register Cluster copied shares attack ### Overview A copied shares attack can happen by an attacked registering valid shares to a valid validator by frontrunning a valid register cluster transaction or re-registering a removed validator. In both cases a validator will be running on SSV by a malicious user instead of the owner of the validator. ### Front-Running A malicious attacker will front-run an honest user registering a validator. The registration will pass as valid. The attacker will pay fees for the validator to maintain the attack active. The honest user will need to exit the validator to make any change (remove/ change cluster). ### Re-registering attack An attacker will detect a removed validator (removed from the SSV network) and will re-register it immediatley, preventing the owner from moving the validator away. The attacker will pay fees for the validator to maintain the attack active. The honest user will need to exit the validator immediately. ### Onchain Solution 2 step registration. Step 1) Register cluster as usual, validator pk hash not full validator PK. Store H(PK) and mark validator as registered but not active Check no H(PK) exists, if exists verify sender equal. Step 2) Approve registration by providing PK that hashes to H(PK) from step 1 + compare sender addressese to be equal. Mark validator active. ### Offchain Solution * Encrypted share = Encrypt(append(share bytes, sender address)) Nodes, when decrypting shares, will check sender == msg.sender. If not equal will treat share as invalid. * OR sign registering address + nonce with validator key * ValidatorAdded event changed to ValidatorAddedV2 This will version events and indicate the node which version of the share to parse and validate * Remove validatorPKs registry Removing unique validator PK registration as validation is now moved to the shares themselves * Nonce - each validator registration will have a nonce to prevent attakcers from re-registering the validator if the registering account is compromised (but not the valdiator key)