100% slashing - a proposal/discussion

I’d like to get a discussion going around 100% slashing and hear some varied points of view on the topic. We’ve mentioned a few times we’re kicking around the idea and it’s various implications, I thought I’d open it up here as well.

Here are some initial thoughts and considerations:

Context

  • This would be a mid- to long-term goal for the protocol
  • Infractions leading to 100% slashing would be limited and well defined (e.g. equivocation, not for downtime)

Pros

  • It may compel delegators to think about risk allocation and push for greater distribution of tokens across validators
  • Validators may be able to attract larger delegations from splitting stakes across multiple nodes assuming strong operational firewalls between keys.
  • By design it would likely lead to a high quality validator network
  • It would necessarily advance work around slashing insurance. On the other hand - it might not be viable until we have a healthy slashing insurance marketplace (chicken <> egg?)

Cons

  • Raise barrier to entry for new validator
  • It might make certain classes of staking derivatives difficult or impossible.

Etc/Open Questions

  • How would it impact exchange validation services?

So what do y’all think?

1 Like

100% slashing is frightening… and however carefully you try to make it only for “true” offenders, you WILL catch one or two validators who make mistakes.

Go over to the Tezos reddit. The way Tezos works is that delegated stake is always safe, however the validator puts down a bond, which is at risk of 100% slashing. If you search the reddit you will find instance of someone losing 42K.

Were they an intentional bad actor? No. They accidentally started the validator process twice, causing them to submit the same block twice (aka a double bake).

You should seriously think about this. A mistake should not cost someone 42K. It’s extremely off-putting and explains why despite being the first PoS network Tezos has few public validators.

Something very similar happened with the Lightening Network. After a hardware failure, someone partially restored from backup and restarted their node without changing all the config. Slashed.

Yes, a misbehaving node needs to be immediately put out of commission, but as for consequences, there are alternatives…

Would it be possible to sequester stake rather than slash it? E.G. The stake is gone for 6 months, after which you get it back.

Or something like that anyway.

2 Likes

Interesting, thanks for the feedback!

Is this true? I see Tezos w/ around 115 bakers (https://mytezosbaker.com). This seems to be on the same order of Cosmos w/ 155 on deck (https://hubble.figment.network/cosmos/chains/cosmoshub-2).
Do you think Tezos has significantly less than they would without the bonded slashing requirement?

You should seriously think about this.

Yup, just trying to understand all sides at this point :slight_smile:

1 Like

Yea it’s been around 115 for a long time. I don’t consider 115 that many, remember no specialist hardware is required for them… Cardano are aiming for 800 - 1000 on launch.

idk if you think 115 is a lot, obvs it’s more than EOS’ 23, lol.

I will admit I am guessing, maybe the slashing requirement isn’t the root cause of it, I can’t say for sure.

And I guess in truth, how many do you actually need? it has to be that no government can shut it down, 100+ is probably sufficient for that. maybe.

1 Like

IMO, this will have several negative consequences:

  1. Reduce network security. 100% slashing is terrifying and the risk/return won’t be there for many holders. (I know Cosmos holders who think 5% slashing vs a 9% annualized yield isn’t worth the risk). So you’ll have fewer people stake and put the network at risk.

  2. Increase centralization. Increased risks means increased diligence on your validators. This means the big guys (via brand, advertising, et al) get bigger.

  3. It would set back insurance significantly. Insurance rates for custody/smart contract risk are ~.5%-2% of the funds at risk. If you increase the funds at risk from 5% to 100%, you increase the cost of insurance by 20X. If a typical validator takes 10% of a 10% annualized yield, they are only earning 1% of the funds at risk annually. So insurance becomes economically unviable.

If you want more decentralization, lower the requirements on validators. Make it easy to get started, run on a crappy insecure machine, take away risks of doing it incorrectly. The tradeoff here is performance but you get lots of decentralization.

2 Likes

Hi Eric,
Thank you for initiating this post.
The last thing that we want is bad actors and they should certainly be avoided/eliminated/punished.
We also really do not want people insufficiently skilled running nodes. It is potentially very easy to destabilise a network.
What we do want is a protocol and community who are mutually supportive and drive continuous improvement.
The starting point is good governance and it would be better for us to focus on establishing decentralised governance as a very early step.
So in response to your question a 100% slashing is in all probability the wrong thing to do and the wrong place to start.

1 Like

That sounds pretty unforgiving and draconian :grimacing: :slightly_smiling_face: It would probably scare many people away, depending on the condition.

I’d have to think carefully about validating on a network that had 100% slashing.That said, if the 100% slashing was only implemented based on something that was almost guaranteed to be due to bad/malicious acting by a validator, rather than say a misconfiguration, outage, etc., then it would soften the impact.

And adding to that, maybe there would have to be a couple governance votes to make it happen. e.g. -

1 - A vote to initiate a vote to levy 100% slashing on the validator.

2 - If vote 1 passes, then a second vote to decide whether or not to levy the 100% slashing penalty.

From the other side, what would 100% slashing prevent, that a lower (but much higher than current slashing %'s currently implemented in production networks) slashing % wouldn’t?

Tezos has 460 active validators, most of them have been delegated most of them endorse most of the blocks and produce a block once or twice every 3 days. They do have 460 Validators ready all the time, if one fails the next picks it up.

1 Like

100% slashing is changing “carrot and stick” to become “carrot and nuclear weapon”.

True decentralization should be measured by the distribution of ownership of the tokens, not the delegation. Imagine a government owns all the tokens of a particular blockchain. Even there are 10K good validators, they are just protecting the interests of the centralized authority. The only way to improve the decentralization of ownership is to lower the barrier of entry which will then foster wide adoption.

I think emphasizing penalty is not the right direction to go. I prefer to think more about the benefit side. We should focus more on benefits, values, well-being and love.

3 Likes

Could 100% slashing deter the creation of staking vouchers/derivatives? I’m curious to hear what Everett or Chorus One think of this.

1 Like

I’m also interested in this question.
It seems to me that no exchange would want to bear the risk of a single user’s tokens on a single node and they would want to distribute across the validator network

you get a heart for that one, my man!

1 Like

@togilvie

  1. Reduce network security. 100% slashing is terrifying and the risk/return won’t be there for many holders. (I know Cosmos holders who think 5% slashing vs a 9% annualized yield isn’t worth the risk). So you’ll have fewer people stake and put the network at risk.

So part of this argument is that the security of a network is the amount of capital at risk. I think you’re saying that 100% slashing would prevent an healthy network from forming to start with because of the inherent risks. But what if it was ramped up to carefully and slowly over 5-10 years (or longer)?

insurance
yeah this is interesting. I’m not sure it is necessarily economically unviable because yields/margins would also increase, but I agree it would be more expensive

@mikeb

So in response to your question a 100% slashing is in all probability the wrong thing to do and the wrong place to start.

Definitely the wrong place to start :slight_smile: but an interesting, potential, long-term goal (or at least long term discussion)

@cjremus
The problem I see with introducing a vote would be that it would put into doubt the amount that is actually at risk. Hard/fast rules w/out humans in the loop draws clear lines of the capital at risk and thus well defines the security of the network.

hi, this is wrong, Tezos has 115 “public bakers” (which are public delegation services) and currently way over 400 bakers (validators) in total

it also has a VERY low barrier to entry. NO liveness slashing (if you are off you only miss out on your allocated rewards) and no slashing of delegator funds.

Some of my thoughts on this topic (not necessarily reflecting the rest of Chorus):
First of all, I do think that long term PoS will need to approach 100% slashing. But 100% should only be slashed if there is a highly coordinated, clearly malicious attack on the network, e.g. a large % of VP double signing. Some proportional slashing algorithm (as discussed on Cosmos/Ethereum) seems like a good direction from the network’s perspective.

On the other hand, I do also agree with points made earlier that it will stop token holders to engage with staking, especially in this early phase. A higher slashing ratio does wildly impact the risk/reward calculation. Once software and validator setups are more mature, the risk of slashing should go down. Then, token holders are likely willing to accept a higher slashing penalty as the expected reward outweighs the risk.

IMO this will likely take several years, but then there will be better tooling to run a secure validator, a large pool of historical data, audits, stable demand for blockchain transactions that make it possible to value staking tokens using some type of DCF methodology, etc. So overall having 100% slashing then sounds reasonable to me (i.e. ramping up over time).

Regarding the question of whether 100% slashings deters staking derivatives:
I don’t think 100% slashing will deter that any more than 5% does. There’s still value for a staked token holder to be able to liquidate his stake or to use his staking collateral for other purposes. With only 5% really at stake, staking derivatives are much more powerful obviously.

One interesting discussion to have (I think Erik also mentioned this at some earlier point) is the idea of “leveraged staking”, i.e. enabling the token holder/delegator to choose his slashing degree w/ higher degrees resulting in higher VP + associated higher reward. Haven’t thought about the impact on staking derivatives for that so far tho.

1 Like

@eric Hi Eric, thank you for your response. I would like to challenge the goal and offer a potential solution:

The goal is not, in my opinion, 100% slashing. The goal is to ensure sufficient decentralisation such that no single actor or group of actors can stake so much that they can significantly influence the network. Whilst 100% slashing would be a disincentive for a large whale who would be unlikely to take such a risk, it is equally a disincentive for smaller validators who also run the risk of being slashed - they also lose 100% of their stake, something to which they would be equally averse.

I still remain of the view that we want to formulate and clarify the true goals with our community and encourage them to come up with solutions, ideally via effective decentralised governance.

In that spirit then, here is a potential solution for the goal of preventing a single actor from manipulating the network:

Have 100% slashing only for validators whose stake is larger than x% of the network. (It is probably sensible that only the amount over x% is subject to the 100% slashing, as this prevents those who are close to x% having a malicious party delegate sufficient with them to push them over x% and then attack their nodes, eg via some form of DOS until they are punished and lose everything).

This is not a perfect solution because it does not stop an exchange or large whale running multiple validators to reduce their risk whilst maximizing their influence. However, it does generally encourage multiple validators, particularly those with smaller stakes, which I think is one of the goals. It may be beneficial to also consider tapering rewards so that individual validators with smaller stakes receive the maximum proportional rewards and validators with larger stakes receive lower proportional rewards. Again this nudges us towards having more smaller validators.

Agree both with @FelixLts and @mikeb here.

If we introduce slashing based on the stake amount, this will be fair for small operators but likely to cause large validators to split their stakes to mitigate the risks, which in the end may result in this fractional validators to actually squeeze out smaller guys from the validator set cause the former’s stake still might be bigger.

100% slashing, on the other hand, sounds too harsh and if implemented, should definitely be done in stages and over the course of several years.

It looks like NEAR plans to implement 100% slashing for double-signing.

I quite disagree with this. If you want a truly decentralized censorship-resistant network, you want it to make so that almost anyone can validate. Solana aims at scalability without sacrificing decentralization. If we start requiring highly skillful validators, plus high-end GPUs, plus 100% slashing, this is going to become effectively an oligopoly network like EOS, Cosmos, etc. In fact you can already notice that a lot of the validators in this testnet are companies with highly technical background. I kind of dislike that validators become a thing only attainable by a (techie) elite of the rich world.

Something to consider is to have different degrees of slashing, and for minor issues consider freezing funds instead of slashing.

Hi Codonyat,

Thank you for your comments. I think you make a very good point that we do want a decentralised censorship-resistant network. This requires a good number of validators. How capable they need to be depends on the network design. It would be good to get a statement from Solana about whether the network is likely to be very robust and whether this is in the shorter or longer term.

Bearing in mind that this thread is about 100% slashing, in order to incentivise network performance then it seems logical to conclude that people would only be subject to such a draconian measure because either they are bad actors or they are not as competent as they need to be. Hence the reference to competence/skill.