Slashing
Overview
The slashing mechanism penalizes Maintainers who fail to fulfill their duties or act maliciously, ensuring the security and reliability of the cross-chain system. This document covers penalty scenarios, Slash Points, and Jail Epoch mechanisms.
Penalty Types
Slash Point
Accumulated penalty points affecting rewards and election priority
Jail Epoch
Imprisonment period during which nodes cannot participate in elections
Stake Slash
Direct deduction from staked MAPO
Penalty Scenarios
Arbitrary Voting
When Maintainers vote on observations (TxIn, TxOut, KeyGen failures, etc.), they receive Slash Points to discourage arbitrary voting. Points are recovered when the vote reaches 2/3+ consensus.
Vote Absence or Delay
When voting reaches 2/3+ consensus, Maintainers who haven't voted are penalized. Points can be recovered if the vote is submitted within the delay tolerance period after consensus.
TSS KeyGen Failure
When the KeyGen process fails, nodes are penalized based on blame information:
Current Maintainer members receive Slash Points
Non-current Maintainers receive Jail Epochs
This penalty is not recoverable.
TSS KeySign Failure
When KeySign fails, blamed nodes receive both Slash Points and Jail Epochs. This penalty is not recoverable.
TSS Switching Timeout
When KeyGen success vote reaches consensus, Maintainers who haven't voted are penalized. Points can be recovered within the delay tolerance period.
Migration Timeout
During asset migration, vote delays result in both Slash Points and Jail Epochs. Partial recovery is possible within the delay tolerance period.
Asset Theft
If a transaction on the target chain doesn't match the initiated TxOutItem (wrong memo, mismatched data, or excessive gas), the system calculates the stolen value, converts it to MAPO, and applies a penalty multiplier.
If the slash amount exceeds the pause threshold, the affected chain is paused. Each Maintainer in the Vault is slashed proportionally based on their stake relative to total Vault stake.
Slash Point Mechanism
Effects on Rewards
Maintainer rewards are reduced based on accumulated Slash Points:
When Slash Points exceed or equal EpochBlocks, the reward becomes zero.
Effects on Election
During election, the system:
Filters out jailed nodes
Prioritizes removal of nodes with Slash Points exceeding the bad maintainer threshold
Sorts remaining candidates by stake amount
Jail Epoch Mechanism
Jail Effect
Jailed nodes cannot participate in elections until their Jail Epoch count reaches zero.
Jail Release
On each TSS switching completion:
All nodes' Jail Epoch is decremented by 1
Nodes reaching zero can rejoin elections
Unstaking While Jailed
When a Validator unstakes, MAPO is deducted for remaining Jail Epochs. The jail record is retained even after unstaking.
Penalty Handling During TSS Switching
On Churn Start
Nodes with Jail Epoch > 0 are excluded from election
Nodes exceeding the Slash Point threshold are prioritized for removal
On Churn Complete
Jail Epoch decremented by 1 for all nodes
MAPO deducted based on Slash Points and consumed Jail Epochs
Slash Points cleared
Parameter Configuration
Slash Point Parameters
ObserveSlashPoint
Points on voting
1
LackOfObservationSlashPoint
Vote absence penalty
2
KeyGenFailSlashPoint
KeyGen failure penalty
500
KeySignFailSlashPoint
KeySign failure penalty
10
KeyGenDelaySlashPoint
KeyGen vote delay
500
MigrationDelaySlashPoint
Migration delay
360
Jail Epoch Parameters
KeyGenFailJailEpoch
KeyGen failure jail
4
KeySignFailJailEpoch
KeySign failure jail
1
MigrationDelayJailEpoch
Migration delay jail
2
Other Parameters
ObserveDelayTolerance
Vote delay tolerance in blocks
BadMaintainerSlashPointThreshold
Threshold for bad node classification
MAPOPerSlashPoint
MAPO deducted per Slash Point
MAPOPerJailEpoch
MAPO deducted per Jail Epoch
PauseOnSlashThreshold
Threshold triggering chain pause
Penalty Summary
Arbitrary voting
+1
-
Yes
Vote absence
+2
-
Yes
KeyGen failure (member)
+500
-
No
KeyGen failure (non-member)
-
+4
No
KeySign failure
+10
+1
No
KeyGen vote delay
+500
-
Yes
Migration delay
+360
+2
Yes
Asset theft
-
-
No (direct slash)
Last updated