Safety Threshold

In modern PoS systems, the safety threshold is often enforced through cryptoeconomic slashing. Validators who act maliciously (e.g., double-signing) have a portion of their staked assets destroyed. The security assumption is that the cost of acquiring ≥ ⅓ of the total stake and having it slashed outweighs any potential reward from an attack. This creates a security budget—the total value that can be slashed—which acts as a practical safety threshold.

A safety threshold is a predetermined, protocol-enforced minimum level of honest participation (e.g., stake, hash power, validator count) required to guarantee the security properties of a blockchain network, such as liveness and safety. Its primary purpose is to establish a quantifiable security baseline below which the network becomes vulnerable to catastrophic failures like double-spending or censorship. For example, in Proof-of-Stake (PoS), a common safety threshold is that at least two-thirds (⅔) of the total stake must be controlled by honest validators to ensure consensus finality.

Safety thresholds are mathematically derived from Byzantine Fault Tolerance (BFT) consensus models. These models define the maximum proportion of malicious or faulty nodes a system can tolerate.

• Classic BFT (e.g., PBFT): Requires > ⅔ (67%) of nodes to be honest. The safety threshold is therefore 33% adversarial tolerance.
• Nakamoto Consensus (PoW): Security is probabilistic. The safety threshold is often considered the 51% attack point, where an adversary controlling >50% of hash power can reliably double-spend.
• Tendermint/Cosmos SDK: Explicitly enforces a ⅔+1 voting power threshold for validator set changes and block finality, making it a core safety parameter.

In PoS and DeFi systems, safety thresholds are often expressed in economic terms. They define the minimum cost-of-attack or the level of slashing risk an adversary must bear.

• Staking Minimums: Protocols may require validators to stake a minimum amount (e.g., 32 ETH) to participate, creating a base economic barrier.
• Slashing Conditions: Safety is enforced by slashing (burning) a validator's stake for malicious acts like double-signing. The threshold is the point where the cost of slashed stake outweighs the potential profit from an attack.
• DeFi Collateral Ratios: In lending protocols, the liquidation threshold is a safety parameter that triggers automatic collateral seizure if the loan's health factor falls below it, protecting the system from undercollateralization.

Operating below the safety threshold opens the network to fundamental attacks:

• 51% Attack (PoW/PoS): An entity controlling majority resources can reorganize the chain, censor transactions, and double-spend.
• Liveness Failure: If the proportion of honest/online participants falls below the threshold (e.g., < ⅔ in BFT), the network may halt, unable to produce new blocks.
• Cartel Formation: A coalition of validators controlling stake just below the slashing threshold could engage in censorship or MEV extraction without triggering punitive measures.
• Long-Range Attacks: In PoS, if an attacker acquires keys to a past validator set that controlled >⅓ of stake, they could create an alternative chain history, challenging weak subjectivity assumptions.

Safety thresholds are not always static; they are governance parameters that may be adjusted via on-chain votes. Changing them carries extreme risk.

• Hard Forks: Altering a core threshold (like the Ethereum PoW difficulty bomb or PoS slashing penalties) typically requires a coordinated hard fork.
• On-Chain Governance: In chains like Cosmos, the slash_fraction_double_sign parameter (e.g., 5% stake slashed for double-signing) can be changed via governance proposal. A malicious proposal lowering this could weaken security.
• Dynamic Adjustment: Some protocols propose algorithmically adjusted thresholds based on network participation, but this introduces complexity and new attack surfaces.

The Liquidation Threshold is the Loan-to-Value (LTV) ratio at which a position becomes eligible for liquidation. It is always set higher than the Safety Threshold, creating a buffer zone. When a user's LTV exceeds this level, liquidators can repay part of the debt to seize collateral, restoring the position's health.

• Key Difference: Safety Threshold is a protocol-wide risk parameter; Liquidation Threshold is a per-asset parameter.
• Example: If ETH has a Safety Threshold of 80% and a Liquidation Threshold of 82%, a position is liquidatable at 82% LTV, but the protocol stops new borrowing at 80%.

Loan-to-Value (LTV) Ratio is a real-time metric for a user's position, calculated as (Debt / Collateral Value). It measures the risk level of an individual borrow position.

• The protocol's Safety Threshold is the maximum allowable LTV for opening new debt positions.
• Dynamic Value: LTV fluctuates with the market prices of the collateral and borrowed assets.
• Critical Function: When LTV > Liquidation Threshold, the position is at risk of being liquidated to protect the protocol.

The Health Factor is a user-facing, inverse representation of risk, showing how close a position is to liquidation. It is calculated as (Collateral Value * Liquidation Threshold) / Debt.

• Health Factor > 1: Position is safe.
• Health Factor <= 1: Position is eligible for liquidation.
• Relationship to Safety Threshold: The Safety Threshold defines the maximum risk (minimum health) for new positions, while the Health Factor monitors existing positions in real-time.

Maximum LTV is often used synonymously with the Safety Threshold. It is the highest Loan-to-Value ratio at which a user can initially borrow against posted collateral.

• Primary Purpose: Acts as the first line of defense against insolvency by limiting leverage at origination.
• Risk Parameter: Set by governance or risk teams based on asset volatility and liquidity.
• Example: A Maximum LTV of 75% for ETH means a user can borrow up to $0.75 for every $1 of ETH collateral they deposit.

In the Compound protocol, the Collateral Factor is the direct equivalent of the Safety Threshold or Maximum LTV. It defines the maximum proportion of an asset's value that can be borrowed against.

• Mechanics: Expressed as a decimal (e.g., 0.75 for 75%).
• Function: Determines the borrowing power of deposited collateral. Borrowing Power = Collateral Balance * Collateral Factor.
• Protocol-Specific Term: While "Safety Threshold" is used by Aave, "Collateral Factor" is Compound's terminology for the same core risk parameter.

A Debt Ceiling is a protocol-level risk parameter that limits the total amount that can be borrowed against a specific collateral asset. It works in tandem with the Safety Threshold.

• Safety Threshold controls individual position risk (how much one user can borrow per collateral).
• Debt Ceiling controls systemic concentration risk (how much total debt the protocol allows for an asset).
• Purpose: Prevents overexposure to a single collateral type, mitigating liquidity and market risk during volatile downturns.