Filecoin每个块必须要包含一个随机数,而且依赖Drand服务,这里问题是每个获取随机数周期必须小于出块周期。而filecoin代码里面是25秒进行。

Describe the bug
I originally saw (in lotus code) and I read "period: 25", assuming that drand round is 25s.
https://github.com/filecoin-project/lotus/blob/master/build/params_shared_vals.go#L102
Given our analysis there must be at least one drand entry per block (for the slow catchup mode to fully work). Having less than 1 drand per block allows miners to rush during catch-up on some epochs (e.g. if drand is 30 and lotus is 25, they can catch up every 5 blocks).

We do not have analysis that show that the impact of a single rush every few epochs is insecure nor that it insecure, however, we do know that one drand per round is secure.

Proposal:

Proposal 1: Change Filecoin blocktime: Set Filecoin block time to ≥30s
Proposal 2: Change Filecoin blocktime: Set Drand round time to ≤25s