Slashing for Misconduct

Validators are slashed for actions that threaten network security or liveness. Key offenses include:

• Double Signing (Equivocation): Signing two different blocks at the same height, which could enable chain reorganizations.
• Liveness Faults (Unavailability): Failing to produce or attest to blocks when required, harming network finality.
• Governance Non-Compliance: Violating protocol-specific rules, such as running unauthorized software versions.
• Data Availability Faults: Failing to provide required data in modular architectures like Ethereum's danksharding.

The penalty is a cryptoeconomic disincentive applied to a validator's stake (or bond). It is not a simple fine but a protocol-enforced burn or redistribution of tokens. The severity is often tiered:

• A small initial penalty (e.g., 1% of stake) for liveness faults.
• A severe penalty (e.g., 100% of stake) for safety faults like double signing.
• Correlation Penalties: In networks like Ethereum, validators acting in a correlated manner (e.g., going offline together) can incur exponentially higher slashing.

These are distinct but related penalties. Slashing permanently removes a portion of staked funds. Jailing (or tombstoning) temporarily or permanently removes the validator from the active set, preventing it from participating in consensus.

• A validator can be jailed without being slashed (e.g., for minor downtime).
• Slashing often includes automatic jailing to immediately neutralize the malicious actor.
• Post-jail, a validator may need to manually re-enable itself, often after an unbonding period.

In delegated systems, slashing affects delegators who have staked tokens with a validator. The penalty is applied pro-rata to the validator's total stake, meaning delegators share the loss. This creates a principal-agent risk and incentivizes delegators to choose reliable validators. Some protocols implement slashing insurance or allow validators to cover penalties with a separate insurance fund to protect their delegators.

When a slashable offense is detected, a specific transaction type—a slashing proof or evidence—is broadcast to the network. This proof is cryptographically verifiable (e.g., two conflicting signed headers). The protocol's slashing module then automatically executes the penalty. The process is permissionless; any network participant can submit slashing evidence and may receive a whistleblower reward for doing so.

Slashing is the cornerstone of cryptoeconomic security in PoS. It makes attacks costly and irrational by ensuring the penalty for misconduct exceeds any potential profit. The slashing risk is calculated as Stake at Risk * Probability of Slashing. This aligns validator incentives with honest behavior, as the cost of losing a significant staked deposit outweighs the rewards from cheating. The system's security is thus proportional to the total value subject to slashing.

A validator signs two different blocks at the same height, which could create a fork. This is a Byzantine fault that directly attacks the blockchain's consensus safety. It is detectable because the validator's cryptographic signature is public.

• Example: Signing block #100 with transaction A and also signing a conflicting block #100 with transaction B.
• Penalty: Typically results in the full slashing of the validator's stake.

A validator fails to perform its duties, such as proposing or attesting to blocks when selected. This harms network liveness and finality.

• Causes: Offline nodes, software crashes, or misconfigured infrastructure.
• Detection: Measured over an epoch or slashing window by tracking missed attestations/proposals.
• Penalty: Often a minor slash (e.g., 0.01-1% of stake) plus inactivity leak, where stake is gradually reduced until the validator is active again.

In networks with on-chain governance, validators may be slashed for voting maliciously or against the explicit rules of a governance protocol.

• Example: A validator controlling a delegated stake votes to approve a proposal that would drain the community treasury, violating pre-defined social slashing conditions.
• Mechanism: Relies on social consensus and proof-of-misconduct being submitted to the chain for verification and penalty execution.

Validators may be slashed for violating specific rules around Maximal Extractable Value (MEV). This is protocol-dependent.

• Example in Ethereum: Proposing a block with a proposer payload that does not match the committed header (enforced post-EIP-7251).
• Purpose: Prevents validators from reneging on fair MEV-sharing agreements (e.g., with block builders) after learning the block contents, which undermines the MEV supply chain.

Slashing is a security mechanism, not a punishment. Its primary function is to make attacks economically irrational. By imposing a financial cost greater than any potential gain from misbehavior, it aligns validator incentives with network security. This creates a cryptoeconomic barrier against:

• Double-signing (equivocation): Signing multiple, conflicting blocks.
• Liveness failures: Being offline for extended periods (in some protocols).
• Data unavailability: Withholding data required for block verification.

Protocols define specific, provable actions that trigger slashing. The most universal condition is equivocation.

• Double Voting: Signing two different blocks for the same height. This is a direct attack on consensus safety.
• Surround Voting: In Tendermint-based chains, voting in a way that contradicts a validator's previous vote.
• Unavailability: In some networks (e.g., early Ethereum 2.0 specs), severe downtime could be slashed. This is often replaced by inactivity leak penalties.
• Data Withholding: In data availability sampling systems, failing to provide committed data for fraud proofs.

Slashing is an automated, protocol-level action. When a slashing condition is detected and proven (often via cryptographic evidence submitted by other validators), the protocol executes the penalty.

• Slashing Penalty: Typically a percentage (e.g., 1%, 5%, or 100% in extreme cases) of the validator's stake is burned or redistributed.
• Ejection: The validator is usually forcibly removed from the active set.
• Correlation Penalties: Some protocols (e.g., Ethereum) implement quadratic slashing, where penalties increase if many validators are slashed simultaneously, deterring coordinated attacks.

While slashing secures the network, it introduces the risk of accidental slashing, which can push staking towards large, professional operators. Key considerations:

• Validator Client Diversity: A bug in a dominant client software (e.g., Prysm, Lighthouse) could cause mass, correlated slashing.
• Infrastructure Complexity: Running high-availability, redundant nodes requires expertise, favoring institutional stakers.
• User Experience vs. Security: Making staking "safer" for individuals (e.g., via insurance) can conflict with the deterrent effect of slashing.

Protocols and staking services implement features to reduce non-malicious slashing risk.

• Slashing Protection Databases: Validator clients use local databases to prevent accidental double-signing across restarts.
• Staking Pools & Delegation: Services like Lido or Rocket Pool absorb slashing risk across a large pool, smoothing the impact for individual stakers.
• Insurance/Slashing Coverage: Some protocols or third-party services offer coverage, though this can weaken the original cryptoeconomic security model.

Not all validator penalties are slashing. It's critical to distinguish between slashing and inactivity leaks (aka inactivity penalties).

• Slashing: For provable, malicious actions (equivocation). Involves stake loss and ejection.
• Inactivity Leak: A progressive reduction in stake for validators that are offline during prolonged finality delays. This is a liveness mechanism, not a punishment for malice. Its goal is to allow the chain to finalize again by reducing the stake of offline validators below 1/3.