Slashing
Chapter 35: Validator Slashing Protection
Section titled “Chapter 35: Validator Slashing Protection”Overview
Section titled “Overview”Slashing is a security mechanism in Proof of Stake (PoS) blockchains that penalizes validators for misbehavior. Understanding slashing conditions and implementing proper protection measures is critical for anyone running a validator node.
35.1 Slashing Conditions
Section titled “35.1 Slashing Conditions”┌─────────────────────────────────────────────────────────────────────────────┐│ SLASHING CONDITIONS │├─────────────────────────────────────────────────────────────────────────────┤│ ││ DOUBLE SIGNING ││ ━━━━━━━━━━━━━━━ ││ ││ Signing two different blocks at the same height ││ ││ ┌─────┐ ┌─────┐ ││ │Block│───▶│Block│───▶ ... ││ │ N │ │ N │ ││ └──┬─┘ └──┬─┘ ││ │ │ ││ │ ❌ BOTH SIGNED! ││ │ │ ││ └─────────┘ ││ ││ Penalty: Severe (10-100% of stake) ││ ││ ────────────────────────────────────────────────────────────────────── ││ ││ DOUBLE VOTING ││ ━━━━━━━━━━━━━ ││ ││ Creating two attestations for different blocks in same epoch ││ ││ ┌─────┐ ┌─────┐ ││ │Att 1│ │Att 2│ ││ │ for │ │ for │ ││ │Block A │ │Block B │ ││ └──┬───┘ └──┬───┘ ││ │ │ ││ │ ❌ BOTH VOTED! ││ │ │ ││ └─────────┘ ││ ││ Penalty: Severe (10-100% of stake) ││ ││ ────────────────────────────────────────────────────────────────────── ││ ││ SURROUND VOTING ││ ┌━━━━━━━━━━━━ ││ ││ Creating attestations that surround a previous attestation ││ ││ ┌───────────────Att 1 (start: 100, end: 200)──────────────┐ ││ │ │ ││ │ ┌──────Att 2 (start: 150, end: 180)────┐ │ ││ │ │ ❌ SURROUNDS Att 1! │ │ ││ │ └───────────────────────────────────────┘ │ ││ └──────────────────────────────────────────────────────┘ ││ ││ Penalty: Moderate (1-5% of stake) ││ │└─────────────────────────────────────────────────────────────────────────────┘Slashing Penalties by Network
Section titled “Slashing Penalties by Network”| Network | Double Sign | Double Vote | Surround Vote | Min Stake |
|---|---|---|---|---|
| Ethereum | Up to 1 ETH min | Up to 1 ETH min | Up to 1 ETH min | 32 ETH |
| Cosmos | 5% + jailed | 2% + jailed | 0.5% + jailed | 10,000 ATOM |
| Polygon | 10% | 10% | 1% | 10,000 MATIC |
| Solana | 100% | 100% | N/A | 10,000 SOL |
35.2 Slashing Prevention Best Practices
Section titled “35.2 Slashing Prevention Best Practices”Infrastructure Recommendations
Section titled “Infrastructure Recommendations”┌─────────────────────────────────────────────────────────────────┐│ VALIDATOR INFRASTRUCTURE RECOMMENDATIONS │├─────────────────────────────────────────────────────────────────┤│ ││ ┌─────────────────────────────────────────────────────────┐ ││ │ DEDICATED HARDWARE │ ││ │ ━━━━━━━━━━━━━━━━━━━ │ ││ │ - Dedicated server (not shared) │ ││ │ - No other software running │ ││ │ - Hardware security module (HSM) preferred │ ││ └─────────────────────────────────────────────────────────┘ ││ │ ││ ▼ ││ ┌─────────────────────────────────────────────────────────┐ ││ │ NETWORK ISOLATION │ ││ │ ━━━━━━━━━━━━━━━━━━━━━ │ ││ │ - Private network for validator │ ││ │ - No direct internet access │ ││ │ - Firewall rules for consensus client │ ││ └─────────────────────────────────────────────────────────┘ ││ │ ││ ▼ ││ ┌─────────────────────────────────────────────────────────┐ ││ │ REDUNDANCY │ ││ │ ━━━━━━━━━━━━━ │ ││ │ - Primary and backup validators │ ││ │ - Only one active at a time │ ││ │ - Automatic failover with proper controls │ ││ └─────────────────────────────────────────────────────────┘ ││ │└─────────────────────────────────────────────────────────────────┘Validator Key Management
Section titled “Validator Key Management”# Using HSM (Hardware Security Module) - recommended# Example with YubiHSM2
# Generate validator keys in HSMyubihsm> generate asymmetric 1,0 key \ "validator signing key" \ sign-pss-sha2-256
# Import pre-generated keyyubihsm> put asymmetric 1,0 key \ "validator signing key" \ sign-pss-sha2-256 \ < key.pem
# Use key in validatorlighthouse \ validator \ --validator-keys /path/to/keystore.json:/path/to/password.txt \ --slashing-protectionProper Validator Setup
Section titled “Proper Validator Setup”# Lighthouse (Ethereum)lighthouse beacon_node \ --network mainnet \ --http-address 127.0.0.1 \ --validator-monitor-auto \ --slasher \ -- graffiti "your-validator-name"
# Key configuration to prevent double signing# Never run:# - Two validator clients with same key# - Same key on testnet and mainnet# - Import same key twice35.3 Monitoring and Alerting
Section titled “35.3 Monitoring and Alerting”Critical Metrics to Monitor
Section titled “Critical Metrics to Monitor”| Metric | Warning | Critical |
|---|---|---|
| Validator Status | Inactive | Jailed |
| Attestations | < 95% included | < 80% included |
| Block Proposals | Missed blocks | Zero proposals |
| Network Peers | < 10 peers | < 5 peers |
| Uptime | < 99% | < 95% |
Prometheus Alert Rules
Section titled “Prometheus Alert Rules”groups: - name: validator rules: # Alert if validator gets jailed - alert: ValidatorJailed expr: validator_slashed == 1 for: 1m labels: severity: critical annotations: summary: "Validator has been slashed"
# Alert on missed attestations - alert: HighMissedAttestations expr: rate(validator_missed_attestations_total[5m]) > 0.1 for: 5m labels: severity: warning annotations: summary: "High rate of missed attestations"
# Alert on missed block proposals - alert: MissedBlockProposals expr: validator_missed_block_proposals > 0 for: 1m labels: severity: warning annotations: summary: "Validator missed a block proposal"35.4 Recovery After Slashing
Section titled “35.4 Recovery After Slashing”Understanding the Process
Section titled “Understanding the Process”┌─────────────────────────────────────────────────────────────────┐│ SLASHING RECOVERY PROCESS │├─────────────────────────────────────────────────────────────────┤│ ││ 1. SLASHING EVENT ││ ━━━━━━━━━━━━━━━━ ││ - Validator is slashed (penalty applied) ││ - Validator is automatically jailed ││ - Cannot participate in consensus ││ ││ 2. JAIL PERIOD ││ ━━━━━━━━━━━━━ ││ - Wait for jail period (varies by network) ││ - Ethereum: Can exit validator or wait to exit ││ - Cosmos: ~21 days minimum ││ ││ 3. UNJAILING ││ ━━━━━━━━━━━━ ││ - Submit unjail transaction (if allowed) ││ - Resume validator duties ││ - Continue monitoring closely ││ │└─────────────────────────────────────────────────────────────────┘Unjailing (Cosmos)
Section titled “Unjailing (Cosmos)”# Check validator statusgaiad query staking validator <validator-address>
# Wait for jail period to end
# Unjail the validatorgaiad tx slashing unjail \ --from=validator-wallet \ --chain-id=cosmoshub-4 \ --gas=auto \ --gas-adjustment=1.5 \ --broadcast-mode=block
# Verify unjailgaiad query staking validator <validator-address>Ethereum Exit
Section titled “Ethereum Exit”# If slashed on Ethereum, can voluntarily exitlighthouse validator exit \ --wallet-password /path/to/password.txt
# Or using web3signercurl -X POST http://web3signer:9000/api/v1/validator/<public_key>/exit35.5 Slashing Protection Checklist
Section titled “35.5 Slashing Protection Checklist”┌─────────────────────────────────────────────────────────────────┐│ SLASHING PREVENTION CHECKLIST │├─────────────────────────────────────────────────────────────────┤│ ││ PRE-DEPLOYMENT: ││ ━━━━━━━━━━━━━━━━ ││ ☐ Use dedicated hardware ││ ☐ Configure proper key management (HSM preferred) ││ ☐ Set up monitoring and alerting ││ ☐ Test backup/failover procedures ││ ☐ Document emergency procedures ││ ││ AT DEPLOYMENT: ││ ━━━━━━━━━━━━━━ ││ ☐ Verify only one instance running ││ ☐ Confirm no duplicate keys ││ ☐ Test network connectivity ││ ☐ Verify validator registration ││ ││ ONGOING: ││ ━━━━━━━━ ││ ☐ Monitor validator status 24/7 ││ ☐ Keep software updated ││ ☐ Review security alerts immediately ││ ☐ Maintain backup procedures ││ │└─────────────────────────────────────────────────────────────────┘35.6 Interview Questions
Section titled “35.6 Interview Questions”| Question | Answer |
|---|---|
| What is double signing? | Signing two different blocks at the same height |
| What causes slashing? | Validator misbehavior like double signing, double voting |
| How can you prevent slashing? | Use dedicated hardware, proper key management, monitoring |
| What happens after slashing? | Validator is jailed, penalty applied, must wait to unjail |
| What’s the penalty for slashing? | Varies by network, typically 1-100% of staked tokens |
Summary
Section titled “Summary”- Slashing penalizes validator misbehavior in PoS networks
- Double signing has the highest penalty
- Use dedicated infrastructure and proper key management
- Implement comprehensive monitoring and alerting
- Have a recovery plan in place
Next Chapter
Section titled “Next Chapter”In Chapter 36: Node Metrics & Prometheus, we’ll explore node monitoring.
Last Updated: 2026-02-20