A slashing implementation for NPoS systems.
For the purposes of the economic model, it is easiest to think of each validator as a nominator which nominates only its own identity.
The act of nomination signals intent to unify economic identity with the validator - to take part in the rewards of a job well done, and to take part in the punishment of a job done badly.
There are 3 main difficulties to account for with slashing in NPoS:
- A nominator can nominate multiple validators and be slashed via any of them.
- Until slashed, stake is reused from era to era. Nominating with N coins for E eras in a row does not mean you have N*E coins to be slashed - you’ve only ever had N.
- Slashable offences can be found after the fact and out of order.
The algorithm implemented in this module tries to balance these 3 difficulties.
First, we only slash participants for the maximum slash they receive in some time period, rather than the sum. This ensures a protection from overslashing.
Second, we do not want the time period (or “span”) that the maximum is computed over to last indefinitely. That would allow participants to begin acting with impunity after some point, fearing no further repercussions. For that reason, we automatically “chill” validators and withdraw a nominator’s nomination after a slashing event, requiring them to re-enlist voluntarily (acknowledging the slash) and begin a new slashing span.
Typically, you will have a single slashing event per slashing span. Only in the case where a validator releases many misbehaviors at once, or goes “back in time” to misbehave in eras that have already passed, would you encounter situations where a slashing span has multiple misbehaviors. However, accounting for such cases is necessary to deter a class of “rage-quit” attacks.
Based on research at https://research.web3.foundation/en/latest/polkadot/slashing/npos.html
- An encoding of all of a nominator’s slashing spans.
- The index of a slashing span - unique to each stash.