-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slashing spec changes: capped slashing-per-period #1896
Comments
Ref slashing-beyond-unbonding period: #1378. |
Thanks @cwgoes, this is very insightful. Few thoughts:
|
Per slashing design meeting concurred that:
These constraints will be included in the spec. |
Which infractions utilize a slashing period? How does this constitute to what ends a slashing period? Is it still only double signs? |
Only double-signs.
All infractions which utilize the slashing period must also jail the validator.
Yes, for now (prelaunch). |
Thanks! |
As discussed in the slashing design meeting, introduce the concept of a "slashing period":
Slashing period:
A slashing period is a start and end time associated with a particular validator, within which only the "worst infraction counts": the total amount of slashing for infractions committed within the period (and discovered whenever) is capped at the penalty for the worst offense.
This period starts when a validator is first bonded and ends when a validator is slashed & revoked for double-signing (but does not end if they are slashed & revoked for just missing blocks). When the validator voluntarily unrevokes themselves (and possibly changes signing keys), they reset the period.
Implementation sketch:
SlashingPeriod
structure:When a validator is first bonded, create a new
SlashingPeriod
structure for the validator, with theStartTime
of the current block, a sentinelEndTime
of0
, andFractionSlashedSoFar
of0
.When
stakeKeeper.Slash()
is called, lookup the appropriateSlashingPeriod
based on the time-of-infraction, cap the fraction slashed atMaxFractionSlashedPerPeriod - FractionSlashedSoFar
, possibly0
(whereMaxFractionSlashedPerPeriod
is a configuration parameter), and update theSlashingPeriod
struct with the increasedFractionSlashedSoFar
.EndTime
of the currentSlashingPeriod
to the current block time.When a validator is unrevoked, look up its newest
SlashingPeriod
. If thatSlashingPeriod
has already ended (EndTime
is nonzero), create a newSlashingPeriod
as in (1).Somehow cleanup old
SlashingPeriod
structures once no evidence could possibly be valid (depends on a resolution Slashing: special kind of slashing-by-transaction for infractions older than an unbonding period #1378 among others)Concerns:
MaxFractionSlashedPerPeriod = 0.5
, if a validator is initially slashed at0.4
near the start of a period when they have100
steak bonded, then later slashed at0.4
when they have1000
steak bonded, the total amount slashed is just40 + 100 = 140
(since the latter slash is capped at0.1
) - whereas if they had1000
steak bonded initially, the total amount slashed would have been500
. One possible way to avoid this problem is to track aMaxStakeBonded
in theSlashingPeriod
(which must be updated every time the validator's power changes), and instead cap the total slashing amount (in tokens) within a period byMaxStakeBonded * MaxFractionSlashedPerPeriod
.X
amount more, it's now less risky to delegate to. This is not an issue if all the slashing events which change theSlashingPeriod
also revoke the validator.SlashingPeriod
sThe text was updated successfully, but these errors were encountered: