What Validators Do to Prevent Slashing in Ethereum

Slashing is a punitive action in Ethereum and other Proof-of-Stake (PoS) blockchains designed to maintain network security and integrity. By imposing penalties on misbehaving validators, slashing ensures they have a strong financial incentive to act in the network’s best interest. 

Ethereum’s official materials describe slashing as follows:

“Slashing is the term given to the destruction of some of a validator’s stake and the ejection of the validator from the network. The amount of ETH lost in a slashing scales with the number of validators being slashed—this means colluding validators get punished more severely than individuals.”

It’s important to understand, however, that slashing may be caused by deliberate and accidental violations. Since the system acts automatically and is, therefore, impartial, it cannot care about the reasons behind the offense; the network’s best interests are at the heart of this mechanism. To that end, not all validators that had been slashed are inherently “dishonest,” as some sources tend to refer to them.

This article explores slashing in Ethereum and the strategies a validator may employ to avoid triggering it inadvertently.

Slashing in Ethereum 101 

Introduced as part of Ethereum’s transition to a PoS mechanism, slashing plays a pivotal role in upholding the credibility of the blockchain. There are three offenses that trigger slashing in Ethereum:

• Signing two different beacon blocks for the same slot.

• Producing an attestation that surrounds a previous one, thus causing contradictory finalizations.

• Signing two separate attestations with identical targets.

The penalties for doing any of the above, deliberately or not, are quite severe and boil down to the following:

• Slashed validators are marked to exit the network after 36 days.

• Upon detection, they face an immediate fine, i.e., forced reduction of their stake.

• Each epoch they miss duties incurs additional fines.

• A correlation penalty occurs 18 days after being slashed and is calculated pursuant to a specific formula taking into account the sum of the effective balances of all validators for the 18 before and after the violating validator’s slashing, among other things. If many validators partake in foul play together, it could amount to the total balance of the malicious validator.

To date, Ethereum has witnessed over 260 slashing instances, predominantly caused by attestation violations. Two events, however, stand out:

• Staked: Ethereum 2.0’s staking infrastructure saw 75 of its validators suspended when Staked was penalized 18 ETH (worth $30,000 then) for producing conflicting blocks. Staked’s attempt to boost block validation efficiency introduced a bug causing chaos. Eventually, they pledged to compensate for the losses.

• RockLogic: RockLogic faced the music when 11 of its validators were slashed due to key duplication in active clusters, resulting in double voting. The total penalty weighed in at 11.1945 ETH.

This slashing and lashing perfectly exemplify the seriousness of the matter, so any validator has numerous practices and policies to minimize the risks of slashing.

Preventing Slashing

Since the very first instance when Everstake joined Ethereum as a validator, it has not been slashed once. Still, it is impossible to completely eliminate the risks of slashing since it may occur for reasons beyond the validator’s reasonable control, such as a power outage or buggy software.

In order to minimize the slashing risks, any validator works in four general directions, as listed below.

• Having a dedicated DevOps team.

• Implementing continuous monitoring solutions.

• Developing a set of best practices

• Having risk containment measures in place.

Aside from those generalized and high-level principles, validators usually have a detailed strategy for minimizing the likelihood of an event that could trigger slashing. Everstake, for example, uses two fundamental methods in this regard.

Local Database

​​One of the most typical chains of events leading to a slashable violation in Ethereum is when a beacon node that had received the validator client’s assessment of the blockchain state re-organizes due to network failures and ends up on a conflicting fork. In that case, if the validator client reboots for some reason (e.g., there was a short power outage), it once again sends its assessment to the beacon node, but in this case, it’s a different fork, so the client, in fact, sends an attestation for the same slot for the alternative chain. Thus, it signs two slots at the same height of the block tower, which constitutes an attestation violation and results in immediate slashing.

To avoid that gruesome scenario, Everstake runs a local anti-slashing database, which maintains the record of all blocks and attestations signed. This way, the database prevents the client from signing two conflicting blocks in the event of a potential failure.

Doppelgänger Protection

This method basically checks whether any other validator is working or has recently worked with the same validator key. Prysm, which is the client run at Everstake, checks whether the presented key was validated within the previous two epochs and, if not, whether it even was live over the same period. If either of the above checks out, the client presumes that some other client was or is working with the same key, and therefore, dealing with it would result in a conflict leading to a slashable offense. 

This method is known as “Doppelgänger detection” or “Doppelgänger protection.”

On top of that, Everstake has a checklist describing procedures for keys handling in various scenarios, including extreme conditions. We would also suggest researching additional methods, such as Dirk or Cloud HSM (Cubist), and using GitOps for public key double-checks.

Finally, Everstake delegators can enjoy slashing protection provided by our trusted partners, including Nexus Mutual.

Conclusion 

Staking Ethereum is not without its perils. The threat of slashing is ever-present, so choosing a reliable validator who implements adequate strategies to avoid it is paramount for ETH delegators. Everstake’s pristine track record, combined with its meticulous risk management practices and insurance partnerships, showcases the premium placed on security, ensuring that your Ethereum staking endeavors remain, well, unslashed.