Feedback request: introducing Adaptive Slashing in protocol P

An upcoming protocol P proposal is currently in preparation and will include a refined slashing mechanism which distinguishes between innocent mistakes and deliberate attacks.

The team would like to share the design of Adaptive Slashing:

[DRAFT] Adaptive Slashing

We kindly request that you use this thread to provide feedback, ask questions, and raise any concerns you might have.

Please note that these documents describe work in progress and will be updated as the implementation evolves based on received feedback.


I think it would be a great thing to differentiate between accidental double attestations and wilful manipulation of the chain.
But I wonder how would that be differentiated?
And how different would the penalties be?

1 Like

If we understood the document well, the penalty would be a function of the percentage of double attestations within a single block. Slashing would reach 100% of what it is with Oxford2 when the baker double attests 30+% of its attestation rights within a single block.

If so,

  • we support this idea! The risk of making an expensive mistake is reduced when installing a baker for the first time, or when setting up a failover, instance for example. Which is fair.
  • we have just one concern: a block is 15s. Probably 10s soon. That’s not enough for a sincere user to determine that a mistake was made. To put it another way, the time to think “oops I shouldn’t have done that, let’s CTRL-C quick!” and the 30% are reached.

For each block, we assess the segment of the weighted quorum that has misbehaved, measured by the number of double attested slots, and apply slashing accordingly based on a predefined slashing curve. This means that every baker who has double attested this block and for which we have collected a denunciation during the validity of denunciation for this block, will be subject to slashing, with the specific slashing rate determined by the number of double attested slots as outlined in a table provided in the documentation: [DRAFT] Adaptive Slashing - Google Docs . The differentiation is abstracted by considering portions of the weighted quorum that has been double attested. Each owner of a double attested slot within this portion will face a penalty, and the slashing curve determines the rate of this penalty.

1 Like

Thanks for sharing your understanding and support.

To ensure we are on the same page, the penalty would be a function of the percentage of double attestations (percentage of double-attested slots) within a single block. Slashing would reach 100% when the delegates of the committee double attests to 33% (1/3) or more of itsattestation rights within a single block. There is no relation to the Oxford2 slashing rate for double attesting.

To enable recovery from mistakes, the baker is forbidden as soon as a misbehavior is denounced: they will not be able to bake or attest for 2 cycles. Note however that as long as the first misbehavior has not been denounced, there is no way to prevent the baker to misbehave again, and all misbehaviors between the first one and the denunciation are subject to slashing.

This is a much welcome improvement that will certainly put recent concerns about slashing to rest. Well done :clap:

In your curve, 33% of total stake is the threshold for 100% slashing, it got me wondering what happens in this case? Does the chain halt or is the liveness threshold adjusted downwards to allow it to carry on?

1 Like

Hi there! According to the adaptive slashing draft “a low fraction of misconduct incurs moderate penalties, while a high fraction of misconduct is deemed to be critical and faces more serious repercussions.”

Is there a way to define the risks associated with accidental misconduct that could lead to a >33% fraction of double attestations? In other words, what are the potential risks of receiving a 100% slashing penalty, and what could potentially lead to it? Thanks in advance!

1 Like

If 33% of the slots of a committee belongs to delegates that are forbidden because of misbehavior, the chain halts.

1 Like

HI Anna,
Here is what we can say about the risk of reaching accidentally the 100% threshold.

The “33% fraction of double-attestation” means here that 33% of the slots of a consensus committee misbehave. As a reminder, slots are distributed randomly but following the stake distribution.

Since no baker possesses 33% of the stake, reaching this threshold requires:

  1. A baker double-baking (i.e., producing two blocks for the same level and round).
  2. Multiple bakers, with enough stake to represent together 33% of the slots of the committee, receiving the two heads and (pre-)attesting both of them.

For both double-baked heads to be propagated, they have to be built on ancestors with different rounds, also there are protections against double-signing that should prevent multiple bakers from double baking or (pre-)attesting by accident, including high-watermark protections in signing hardware, octez signer and octez baker.

The most likely scenario of accidental misbehavior, and the one observed in the past on mainnet, is that for some (bad) reason, one baker’s infrastructure is duplicated, and each instance produces a head and pre-attests it.
The probability that infrastructures of multiple bakers, representing 33% of the stake, are duplicated at the same time, and that they see different heads seems very low.


Thanks for your response, Julien! Could you please clarify this part:

"Since no baker possesses 33% of the stake, reaching this threshold requires:

1. A baker double-baking (i.e., producing two blocks for the same level and round)."

Double-baking suggests a different slashing penalty than the adaptive slashing for double-attestation (it’s 5% for double-baking), doesn’t it?

1 Like

Yes, double-baking is slashed at a fixed rate of 5% of staked deposit.
I mentioned double-baking here only because you cannot double-attest if there is no double-baking first.

1 Like

Thank you for the detailed response!

After carefully reviewing the proposal and clarifying several points, we can state that the suggested approach seems logical and reasonable.

Implementing a convex function that saturates at 100% penalty when a critical fraction of double attestations occurs appears to strike a good balance between deterring concerted attacks while mitigating the impact of accidental double attestations.

Furthermore, the requirement for more than two cycles to complete the unstaking process is a prudent measure to prevent bakers from manipulating their at-stake funds to evade penalties.

Overall, we believe these proposed adjustments will contribute positively to the integrity and security of the system. Thank you for your thoughtful consideration of these important matters.