PUP-24: Increase SlashFractionDoubleSign

Updated 11/08/2022 by @Andy-Liquify from a new value of 0.5% to 2% to make it more inline with other PoS networks

Attributes

Author(s): Andy Pohl (Liquify), @StephenRoss (Republic Crypto)

Parameter: SlashFractionDoubleSign

Current Value: 0.000001000000000000 (0.0001%)

New Value: 0.020000000000000000 (2%)

Summary

To help better enforce the network and prevent bad actors/ miss configured validators causing consensus delays/ chain halting. Harsher punishment needs to be enforced on validators sending multiple signatures per block.

We propose to increase the current 0.0001% slash punishment to 2%.

Abstract

During my investigations into the current delayed block issues. It was observed that we are regularly receiving multiple signatures per validator. This is most likely caused by miss configured failover nodes (but we can’t fully rule out bad actors here). The current punishment for multiple signing is the same as node downtime at just 0.0001% however multiple signing blocks have worsened consequences.

Motivation

Currently a 0.0001% slash is not a large enough deterrent for node runners to ensure their fleets are correctly configured. 2% adds a big enough deterrent without being too unreasonable for larger fleets running 10+ miss configured validators (it may be worth increasing this again at a later date).

2% is still far less than other PoS multiple signing punishments:

Chain Double Sign Slashing
Eth 2.0 >3%
Cosmos 5%
Harmony >2%
Polkadot 1-100%
celo 9000 Celo
Terra 5%
Akash 5%

Rationale

The increase of SlashFractionDoubleSign from 0.0001% to 2% will add a big enough deterrent for node runners to avoid signing the same block multiple times.

Dissenting Opinions

To add later

Copyright

Copyright and related rights waived via CC0.

2 Likes

During writing this PUP I noticed a bug in double signing penalty so the update in this value will have to wait until this is fixed. But thought I would post the PUP anyway for comments from the community

Nice finds and make sense to me. Definitely support this proposal

3 Likes

Just to see if I understand… the top validator at 333k staked would get slashed 6,666 POKT, correct? And this would cumulate per occurrence until configuration fixed, correct? (approx once every two days for this 5-ticket validator). So about 20k if it took 6 days to discover and fix. (I’m not commenting on whether this is desirable or undesirable just making sure I understand the meaning of the parameter.)

This is why the jailing bug I mentioned needs fixing. To avoid reoccurring slashes.

The correct flow should be

Double Signed detected → node slashed * & jailed* → operator fixes the issues (by ensuring only one validator running) → operator unjails

There is no reason a node should be double signing it is a big attack vector

Also, what are the configuration issues that are leading to double signing… Is it happening now bc with all the stirring the pot of PIP-22/PUP-19 we have a brand new set of validators. I’m having a hard time picturing what kind of config issues would persist after the first few weeks of being a validator or would pop-up later after being properly configured. Understanding the issues from this perspective is useful… then we can use other mechanisms such as community bulletins etc to educate new and wanna-be validators of the common config problems to watch out for.

It is multiple instances of validators running with the same key.

absolutely that needs patching asap!

How is that possible??

fairly simple, you just need to run two+ instances of pokt core with the same key simultaneously.

This is normally do due to badly configured failover, negligence/ lack of understanding or as a bad actor.