Bond Seizure

Bond seizure, commonly called slashing, is triggered by specific protocol violations. The primary conditions are:

• Double Signing: Proposing or attesting to multiple blocks at the same height.
• Liveness Faults: Extended periods of inactivity, failing to propose or attest to blocks.
• Safety Faults: Attesting to blocks that violate consensus rules or surround previous votes. Each condition has a defined penalty, often a percentage of the staked bond.

The threat of bond seizure is the foundation of cryptoeconomic security in PoS. It aligns economic incentives with honest validation by making attacks financially irrational. The slashing penalty must exceed the potential profit from an attack. This mechanism secures the network by ensuring validators have skin in the game, where misbehavior results in direct, significant financial loss.

Penalties are not uniform and are often structured to match the severity of the fault.

• Correlation Penalty: For coordinated failures (e.g., many validators going offline simultaneously), penalties can increase.
• Proportional Slashing: Penalties may be a fixed percentage (e.g., 1%, 5%, 100%) of the staked bond.
• Ejection: Often accompanies slashing, forcibly removing the validator from the active set. Protocols like Ethereum use a sliding scale where penalties increase with the amount of stake slashed in a short period.

In delegated systems, slashing affects both the validator operator and their delegators. The slashed bond is typically drawn proportionally from all staked funds in the pool. This creates a strong incentive for delegators to choose reliable, well-operated validators. Some protocols offer slashing insurance or allow validators to cover penalties with separate insurance funds to protect their delegators.

Most protocols include safeguards against incorrect slashing. Mechanisms may include:

• Challenge Periods: A time window where evidence of misbehavior must be submitted and can be contested.
• Fault Proofs: Requiring cryptographic proof (e.g., two signed conflicting messages) to initiate slashing.
• Governance Appeals: In some chains, slashing decisions can be appealed to an on-chain governance system for final arbitration, protecting against false accusations.

Different blockchains implement bond seizure with distinct parameters:

• Ethereum (Proof-of-Stake): Slashes for attestation violations and block proposal offenses, with penalties that can escalate to 100% of stake.
• Cosmos SDK: Modules like the x/slashing module penalize double-signing and downtime.
• Polkadot: Implements unresponsiveness and equivocation slashing, with penalties that can affect nominators (delegators). These variations highlight the mechanism's adaptability to different consensus models.

In Proof-of-Stake (PoS) networks like Ethereum, bond seizure is enforced through slashing. Validators who act maliciously (e.g., double-signing blocks or censorship) have a portion of their staked ETH permanently destroyed. This mechanism secures the network by making attacks economically irrational.

• Example: An Ethereum validator that proposes two conflicting blocks for the same slot will be slashed, losing a minimum of 1 ETH and being forcibly exited from the validator set.

In DeFi lending markets like Aave or Compound, bond seizure occurs via liquidation. If a borrower's collateral value falls below a required health factor, a liquidator can repay part of the debt in exchange for seizing the collateral at a discount.

• Example: A user borrows DAI against ETH collateral. If ETH's price drops sharply, their position becomes undercollateralized. A liquidator triggers a function to repay the DAI debt and seize the ETH, paying a penalty fee to the protocol.

Decentralized exchanges and derivatives protocols use bond seizure to cover losses from bad debt. If a trader's position cannot be liquidated in time, the protocol's insurance fund or safety module is used. Stakers in these modules (who provide a bond) may have their funds seized to make the protocol whole.

• Example: On a perpetual futures DEX, an extreme market move causes a trader's position to go negative. The insurance fund, capitalized by stakers' tokens, is tapped to cover the deficit, effectively seizing value from the stakers' bond.

In oracle networks like Chainlink or UMA, data providers stake bonds. If they report provably incorrect data, a dispute resolution process can lead to bond seizure, where the faulty reporter's stake is slashed and often awarded to the disputer who correctly flagged the error.

• Example: An oracle node reports an inaccurate price feed for an asset. A disputer challenges it with verifiable data. Upon validation by the network's dispute resolution system, the malicious node's staked LINK tokens are seized and transferred to the disputer.

Cross-chain bridges that use fraud-proof or optimistic security models rely on bond seizure. Watchers or validators post bonds to attest to the validity of state transitions. If a fraudulent transaction is proven, the bond of the malicious actor is seized and used to compensate victims.

• Example: In an optimistic bridge, a validator fraudulently attests to moving 1000 ETH. A watcher submits a fraud proof within the challenge period. Upon verification, the validator's entire bond is seized and used to reimburse the bridge's treasury or users.

Decentralized Autonomous Organizations (DAOs) sometimes implement bond seizure to prevent governance attacks. Delegates or proposal submitters may be required to stake tokens, which are seized if they are found to be acting maliciously (e.g., proposing a clearly harmful vote or engaging in vote-buying).

• Example: A delegate in a DAO consistently votes against the clear, expressed will of their token delegators in a verifiable way. A governance proposal to slash the delegate's staked bond for misconduct passes, and their tokens are seized and burned or redistributed.