19 min read
Knowledge Bank
This article highlights the slashing risks inherent in different chains, Luganodes contributes to the solution by offering Chainproof insurance to institutional investors as an included feature, ensuring a higher level of security and service.
Slashing is a critical security mechanism within the proof-of-stake (PoS) consensus models of blockchain technology. It serves as a disciplinary action against validators who engage in detrimental behaviour, ensuring the integrity and reliability of the network. Validators on a PoS blockchain are required to stake their own cryptocurrency as collateral, aligning their interests with the network's health. If they act maliciously or fail to meet their responsibilities, they face slashing, which is the forfeiture of a portion of their staked coins.
This punitive measure targets key misbehaviours such as downtime, where a validator's node is offline and unable to participate in consensus processes, or double-signing, where a validator might inadvertently or maliciously run the same keys on multiple servers, creating conflicts and risks for the network. Slashing can also be applied in cases of direct manipulation of the consensus process, such as signing different blocks for the same slot.
The specifics of slashing vary across different blockchain protocols, but the underlying principle remains the same: it is a powerful tool to deter bad behaviour, maintain network security, and ensure validators act in the best interest of the blockchain network. Understanding the nuances of slashing rules is essential for anyone interested in PoS blockchains. As a top validator ourselves, we decided to compile a list of slashing rules for anyone to understand the workings of a PoS blockchain.
This repository aims to provide a list of various slashing rules, and whitepaper links across different chains, offering valuable insights into the mechanisms that keep blockchain networks secure and efficient. This repository will be updated as and when necessary.
Whitepaper: Sui Whitepaper
Sui's blockchain protocol introduces a distinctive system called the Tallying Rule, aimed at ensuring network integrity through community engagement. This rule is specifically designed to promote active monitoring among validators within the network. Each validator is tasked with the continuous observation and evaluation of their peers. This process is critical for confirming that all validators are operating efficiently and aligning with the network's overarching goals.
Under the Tallying Rule, validators generally assign a default score of one to each other, symbolizing satisfactory performance. However, if a validator observes improper or inefficient operations from a peer, they adjust this score to zero. The scoring is not just a nominal exercise; it carries significant weight. Validators who are scored low are subject to penalties, including reduced stake rewards, which serve as a deterrent against negative behaviours.
The global Tallying Rule score is computed at the end of each epoch, which underscores the importance of constant vigilance by validators. They are expected to be proactive in updating their assessments based on any behavioural changes they detect. This mutual monitoring system is a key aspect of Sui's approach to governance. By holding validators accountable through this scoring mechanism, the network maintains security and reliability.
Whitepaper: Tron Whitepaper
In the Tron network, an interesting approach is adopted regarding the management of misconduct by Super Representatives (SRs), who are key validators. Unlike many other blockchains, TRX holders – the stakeholders in the Tron ecosystem – are not subject to slashing penalties. This means their holdings are not at risk of being reduced as a punitive measure.
Instead, the Tron network places the power of accountability in the hands of its community. If an SR is found to be acting against the network's interests or engaging in misconduct, the community has the authority to initiate a voting process. This democratic approach allows TRX holders to actively participate in governance decisions, including the potential removal of errant SRs, thus ensuring that validators remain aligned with the network's standards and objectives.
Another important aspect to consider for stakeholders is the allocation of their staking. In the Tron ecosystem, staking with a validator that is not part of the active set might lead to the forfeiture of staking rewards. This rule highlights the significance of choosing validators wisely and staying aligned with the active set of validators. It serves as an incentive for stakeholders to be vigilant and informed about their choices, ensuring optimal participation and benefit realization within the Tron network.
Whitepaper: Aptos Whitepaper
In the Aptos blockchain network, there are no slashing mechanisms in place. This means validators are not penalized through the deduction of their staked tokens for issues like misconduct or downtime. Instead, the main consequence for a node being inactive in Aptos is the loss of potential rewards, rather than a reduction in the principal stake. This approach prioritizes active participation from validators, without employing the harsher punitive measures seen in some other networks.
Whitepaper: Archway Whitepaper
In Archway, which follows the Cosmos SDK framework, slashing rules are specifically designed to maintain validator accountability and network security. The system addresses two primary types of infractions: non-malicious protocol faults and liveness faults.
Non-malicious protocol faults typically result from issues like misconfigurations or update errors. Validators found responsible for such faults face slashing of their funds, but only for their first offence. Any further infractions lead to a state known as "tombstoning." Validators in this state must serve a jail period before rejoining the network, and they are penalized for the most severe infraction committed during this time.
Liveness faults occur when validators fail to verify a block. Unlike non-malicious protocol faults, there is no cap on penalties for liveness faults. They are immediately addressed, with the offending validators quickly put in jail. This prevents them from committing multiple liveness faults in succession, ensuring network reliability.
Whitepaper: Avalanche Whitepaper
Avalanche's unique approach to validator management does not involve any slashing mechanisms. If a validator node behaves incorrectly, such as giving wrong responses or failing to respond, its staked amount is fully returned without any rewards. The network remains secure and robust as long as a significant amount of AVAX is staked by nodes that are operating correctly, which helps ensure the smooth processing of transactions.
In Avalanche's primary subnet, there's no slashing at all. Nodes engaging in malicious activities don't face a cut in their stakes. Instead, their penalty is the forfeiture of potential rewards. However, it's important to note that future subnets within Avalanche may have the option to implement their own forms of slashing penalties. This flexibility allows each subnet to tailor its security measures according to its specific needs.
Whitepaper: Cardano Whitepaper
In the Cardano network, the protocol does not enforce slashing, meaning ADA holdings are not reduced for dishonest actions. Honesty is encouraged by the chance to earn additional ADA. Cardano's Ouroboros mechanism counters the "nothing at stake" issue by rewarding block producers more when they contribute to the main chain. As Stake Pool Operators (SPOs) collectively produce more blocks in an epoch, they share increased rewards, motivating them to focus on the primary chain and deterring the creation of forks.
Furthermore, SPOs are motivated to pledge more ADA, with higher pledges leading to potentially greater rewards. This pledge is locked, creating a financial risk for SPOs in case of actions that harm consensus or the ADA price. Delegators are advised to choose pools with higher pledges, as these operators have a greater financial commitment. The importance of pledge may grow in future updates, making it a key factor for delegators in their staking decisions.
Whitepaper: Ethereum Whitepaper
Ethereum has a detailed approach when it comes to slashing, ensuring network integrity through a well-defined set of penalties for validators who engage in misconduct. The process begins with a whistleblower, and another validator, identifying and reporting the misbehavior. This report is then included in a block by a block proposer, who receives a small portion of the offender's balance as a reward, reflecting the ethos that this act is more about network safety than personal profit.
The penalties for the offending validator are multifaceted. Initially, they are scheduled for an irreversible exit from the network after a predetermined period, such as 36 days. During this period, they incur penalties starting from the moment their infraction is included in a block. These penalties continue for every epoch they miss their duties. Furthermore, a significant correlation penalty is imposed, which is dependent on the number of validators slashed during the same timeframe. This can be particularly punitive in cases of coordinated malicious activities, potentially resulting in the loss of the entire staked balance.
Once slashed, validators are permanently removed from the validator set. To rejoin, they must use new validator keys and place new stakes. The slashing process leads to a gradual depletion of the staked ETH, culminating in a substantial loss at the midpoint of the exit period, after which the validator can withdraw any remaining stake. This comprehensive approach underlines Ethereum's commitment to maintaining a secure and trustworthy network.
Whitepaper: Polkadot Whitepaper
Polkadot's slashing mechanism is activated when 10% of validators are offline, demonstrating the network's resilience to minor disruptions. The penalties incurred are shared equally between the validator and their nominators, meaning both parties face the same percentage reduction in their stake.
Upon a violation, validators enter a phase called 'unapplied slash', lasting 28 days for Polkadot and 7 days for Kusama. This period coincides with the unbonding time, preventing stakeholders from withdrawing their stake to evade penalties. During this phase, there's a window for governance to intervene and potentially annul the penalty, particularly in cases where the offence was unintentional or due to factors beyond the validator's control.
Validators guilty of slashable offences are 'chilled', meaning they are removed from the active set and barred from the next election round. If a penalty is applied, all their nominations are also removed, and this action is irreversible, even if the slashing decision is later overturned by governance.
In terms of penalty distribution, slashed DOT is allocated to the Treasury. This aids in governance decisions and supports various initiatives. The specific allocation depends on the nature of the offence: all DOT from liveliness offences goes to the Treasury, while for equivocation or double-signing, a portion is given to the reporting validator. The impact of slashing is proportionally greater on validators with larger stakes due to the percentage-based penalty system.
Whitepaper: Polygon Whitepaper
Currently, the MATIC token staking process does not include slashing. The network aims for an annual inflation rate of 13.09%, which indicates the planned change in token supply annually. Polygon has allocated 1.2 billion MATIC tokens as incentives for staking over the first five years, as part of its strategy to encourage network participation and security.
Whitepaper: Solana Whitepaper
Solana's slashing policy is designed to strongly deter malicious behaviour while protecting honest validators. The network enforces a 100% penalty for nodes that violate safety rules, whereas validators engaged in regular operations face no penalty. Solana's system involves gathering evidence and conducting a thorough assessment before applying penalties, rather than imposing automatic slashing.
In cases of safety violations during consensus, Solana's network halts to allow for data analysis and identification of responsible parties. Slashing proposals are considered only after the network resumes. For violations related to optimistic confirmation, the network may not halt immediately. Instead, stakes involved are frozen until the next network upgrade, when a decision on slashing is made.
Solana also plans to implement a feature where transactions can recover a part of the slashing collateral in case of proven optimistic safety violations, acting as a form of insurance and balancing protection for validators against penalties for wrongdoing. This strategy aims to encourage active and honest participation in the network.
Whitepaper: Arcana Whitepaper
Currently, Arcana is in the process of revising its slashing policies. At this moment, there isn't a definitive policy in place for slashing within the Arcana network. This indicates an ongoing effort to develop and refine the rules and procedures related to penalizing nodes within the network.
Whitepaper: Canto Whitepaper
Canto's slashing policy, influenced by the Cosmos SDK, aims to penalize validators for specific infractions in a fair manner. If a validator misses signing 3000 consecutive blocks, they face a penalty of 0.75% stake reduction and a temporary suspension of 30 minutes, known as jail time. More severe infractions, like double signing or conflicting block votes, trigger consensus slashing. This results in a 10% reduction in stake and permanent exclusion from the validator set.
The policy's stringency is adjusted based on the nature of the violation and the overall stake in the network. To prevent excessive penalties, validators are afforded certain protections like grace periods, defined slashing thresholds, and a maximum penalty cap of 10%. The overarching goal of this policy is to balance the need for network security with fairness, penalizing harmful actions while minimizing the risk of unjustified slashing.
Whitepaper: Chiliz Whitepaper
In the Chiliz network, a meticulous approach is taken to ensure the security and reliability of the Chiliz Chain through the implementation of a slashing policy. Validators within the Chiliz ecosystem may face slashing penalties for specific offences, such as the production of invalid blocks, failure to participate in consensus (e.g., not signing or voting on blocks), or double-signing blocks. The severity of the violation determines the extent of stake slashing, with penalties varying based on the nature of the misconduct.
Building upon the baseline of Ethereum Virtual Machine (EVM) compatibility, the Chiliz Chain introduces a robust system of 11 validators utilizing the Proof of Staked Authority (PoSA) consensus. The Chiliz Chain incorporates sophisticated double-sign detection and other slashing logic, reinforcing the network's commitment to security, stability, and chain finality. This multi-layered approach ensures that the Chiliz Chain remains resilient, fostering a secure and reliable environment for participants in the Chiliz ecosystem. Stakers and validators alike are incentivised to uphold the integrity of the network through adherence to stringent security measures.
Whitepaper: Cosmos Whitepaper
The Cosmos network takes a unique approach to blockchain interoperability, allowing independent blockchains to seamlessly communicate and share information. In Cosmos, slashing rules are specifically designed to maintain validator accountability and network security. The system addresses two primary types of infractions: non-malicious protocol faults and liveness faults.
Non-malicious protocol faults typically result from issues like misconfigurations or update errors. Validators found responsible for such faults face slashing of their funds, but only for their first offence. Any further infractions lead to a state known as "tombstoning." Validators in this state must serve a jail period before rejoining the network, and they are penalized for the most severe infraction committed during this time.
Liveness faults occur when validators fail to verify a block. Unlike non-malicious protocol faults, there is no cap on penalties for liveness faults. They are immediately addressed, with the offending validators quickly put in jail. This prevents them from committing multiple liveness faults in succession, ensuring network reliability.
Documentation: Kroma Network User Guide
In the Kroma network, a distinctive approach is taken to validator responsibilities and penalties. Unlike some other networks, double-signing is not a concern for Kroma validators, as only the proposer bears the responsibility for block generation, and the network currently operates with a single proposer.
However, it's important to note that penalties may still be applicable in alternative scenarios. For instance, submitting an invalid checkpoint output could trigger penalties. If a submitted checkpoint output is deemed invalid, other validators have the authority to challenge it. In the event of a successful challenge, the bonded ETH of the offending validator will be subject to slashing, with the slashed amount transferred to the challenging validator.
This nuanced system in Kroma ensures that validators are held accountable for specific actions, even as the network's design minimizes concerns related to double-signing. The approach reflects Kroma’s commitment to maintaining integrity and security while adapting to the unique aspects of its consensus mechanism and validator roles.
Whitepaper: NEAR White Paper
Within the NEAR network, a resilient security model is implemented to deter manipulation attempts on the chain. Manipulating the NEAR chain would necessitate gaining control over the majority of validators simultaneously, ensuring that malicious activity remains undetected. However, this ambitious endeavour comes with a significant deterrent—the requirement to put a substantial sum of capital at risk.
The security architecture of NEAR introduces a powerful economic disincentive, as an unsuccessful attempt to manipulate the chain would result in the slashing of staked tokens. This penalty mechanism aligns with NEAR's commitment to maintaining the network's integrity and security. The substantial financial risk associated with such manipulation attempts serves as a formidable barrier, emphasizing NEAR's proactive approach to security measures and ensuring the protection of the network and its stakeholders.
Whitepaper: Kusama Whitepaper
Kusama, known as Polkadot's canary network, is designed for experimental development, which explains its similar slashing methodology to Polkadot, enabling the testing and fine-tuning of these protocols. Kusama takes a proactive stance against misbehaviour, employing slashing as a penalization mechanism for instances such as network attacks or the operation of modified software by validators. The consequences extend to both validators and nominators, resulting in losses of bonded KSM.
Crucially, the slashed KSM doesn't vanish; instead, it enters the Treasury, contributing to the network's collective resources. The potential for reversal exists through governance proposals within a specific 7-day window, adding a layer of community-driven oversight.
The severity of slashing within Kusama is tiered across four offense levels, addressing a spectrum of misbehaviors. Ranging from minor penalties to significant consequences for severe threats, this structured approach emphasizes the network's commitment to maintaining a secure and resilient environment. Notably, slashing is applied to active nominations, treating each validator independently. This nuanced system underscores Kusama's dedication to robust security measures while providing mechanisms for community-driven governance and redemption.
Whitepaper: Stride Whitepaper
Within the Stride network, a robust slashing policy is implemented based on two fundamental principles: Double signing and Downtime. These principles form the cornerstone of Stride's commitment to maintaining the security and reliability of its network.
Double signing is considered a severe offence within Stride, occurring when a validator signs two blocks at the same height. Such an action poses a significant threat to the network's security. In response to double signing, Stride employs a tiered slashing mechanism:
First Offense: 10% slash
Second Offense: 20% slash
Third Offense: 30% slash
Fourth Offense: 50% slash
Fifth Offense: Removal from the validator set
Downtime, defined as a validator being offline for a specified period, is also addressed in Stride's slashing policy. Recognizing the potential harm to the network when validators are offline, Stride applies the following slashing structure for downtime:
More than 1 hour of downtime: 1% slash
More than 6 hours of downtime: 2% slash
More than 12 hours of downtime: 3% slash
More than 24 hours of downtime: 5% slash
Validators found in violation of either of these principles face slashing, a process that reduces the amount of staked tokens held by the validator. This not only results in a loss of rewards for the offending validator but also introduces challenges in maintaining its position within the validator set. Stride's meticulously crafted slashing policy underscores its commitment to a secure and resilient network, fostering an environment where validators are held accountable for their actions.
Update: 14/02/2024
Whitepaper: Celestia Resource Celestia Resource Celestia Resource
Celestia, operating on the Cosmos SDK and leveraging the x/slashing module, implements a slashing mechanism affecting both validators and their delegators. If a validator undergoes slashing, delegators linked to that validator share the same percentage reduction in their delegated funds.
For downtime, if a validator is offline for over 25% of the last 5,000 blocks, they face a 1-minute jail period. During this time, the validator is temporarily removed from the set, unable to propose blocks or earn rewards. Post-jail, an unjail request is necessary for rejoining.
In the case of double signing, a more serious offense, validators lose 2% of their stake, and the remaining amount is returned. Permanently removed from the set, they cannot unjail. Delegators connected to the penalized validator enter a 21-day unbonding period, free to delegate to another validator afterward.
Update: 01/03/2024
Whitepaper: Reference Document
In the event of a validator becoming unresponsive for an entire session, they undergo involuntary chilling, preventing them from being selected in the next election cycle. Nonetheless, affected validators can indicate their intent to validate again at any time. If less than 10% of nodes become unresponsive, there is no penalty for such downtime.
Slashing may result from involuntary chilling or other infractions, leading to a validator's loss of nominations and potential support. Consequently, even after declaring an intent to validate before session 5, reinstatement into the active set may be hindered by insufficient nominations. Nominators can renominate a slashed validator via an option in the Avail Apps under "Account Actions".
Conditions for slashing include equivocation—producing two blocks in the same slot, or in GRANDPA terms, sending conflicting pre-vote or pre-commit messages in the same round, affecting both validators and nominators. Additionally, if more than 10% of validators go offline simultaneously after being chilled in an epoch, all will be slashed. The slashing is immediately visible in Avail Apps, but the actual financial penalty occurs later, allowing for governance proposals to potentially reverse the decision.
We are committed to continually updating this resource with the latest information to ensure it remains a valuable tool for your understanding of blockchain security. Stay tuned for more such research-driven and educational projects, which aim to provide deeper insights and understanding of the ever-evolving blockchain landscape.
For institutional investors, Luganodes now includes Chainproof insurance as a part of its standard offering.
Coming Soon - More information on alternate security mechanisms and updates to the knowledge base. Stay tuned!
If you hold cryptocurrency tokens, you can enhance your portfolio by staking to earn rewards. Leverage Luganodes' institutional-grade infrastructure to stake your holdings and create a passive income. Staking with us ensures ease of use, support, and safety while you earn attractive APRs, contributing to the security of various blockchain networks.
Learn how to stake your tokens using our comprehensive guides. You can learn more about our staking services on our website, and feel free to contact us for any queries!
Luganodes is a world-class, Swiss-operated, non-custodial blockchain infrastructure provider that has rapidly gained recognition in the industry for offering institutional-grade services. It was born out of the Lugano Plan B Program, an initiative driven by Tether and the City of Lugano. Luganodes maintains an exceptional 99.9% uptime with round-the-clock monitoring by SRE experts. With support for 45+ PoS networks, it ranks among the top validators on Polygon, Polkadot, Sui, and Tron. Luganodes prioritizes security and compliance, holding the distinction of being one of the first staking providers to adhere to all SOC 2 Type II, GDPR, and ISO 27001 standards as well as offering Chainproof insurance to institutional clients.