Slashing

General overview of the slashing mechanisms in Cambrian

Why Cambrian needs slashing

Cryptoeconomic security defines the costs that an attacker must pay to cause a protocol to lose its desired security property. This is called the "cost of corruption". System has strong security when the CoC far exceeds any potential profit from corruption. Cryptoeconomic security contrasts with systems that provide security guarantees based on majority trust, which are only valid if at least a threshold percentage of operators are altruistic and will act honestly. The main idea of Cambrian is to provide cryptoeconomic security through various mechanisms that entail a high cost of corruption.

Cambrian ensures it by implementing different slashing mechanisms for participants. If a staker who restakes to Cambrian is proven to have behaved improperly while opting-in in AVS, then that staker's SOL will be slashed and frozen. This means this validator will be prohibited from further participation in providing services in AVS. Slashing rules are defined in the slashing contract within the AVS chain.

Let's now look at what these slashing rules might be. In Cambrian, each ABC can independently implement the rules of slashing, however, it will also be possible to use ready-made building blocks for custom implementation of slashing.

Incorrect attestations

Obviously, it will be good for the network if the stake is diversified enough between different nodes, so that no single node exceeds a certain threshold. This makes the service resistant to errors or attacks by a single validator. Thresholds and diversification rules are described in a separate module inside Cambrian.

However, multiple validators may attempt to start a coordinated attack. This is where anti-correlation penalties come into play: the idea is that if a validator does something bad, the penalty will be higher if more validators make a mistake around the same time. In other words, you are punished for correlated failures. The anti-correlation penalty curve itself is specified when creating the AVS.

Obviously, it will be good for the network if the stake is diversified enough between different nodes, so that no single node exceeds a certain threshold. This makes the service resistant to errors or attacks by a single validator. Thresholds and diversification rules are described in a separate module inside Cambrian.

However, multiple validators may attempt to start a coordinated attack. This is where anti-correlation penalties come into play: the idea is that if a validator does something bad, the penalty will be higher if more validators make a mistake around the same time. In other words, you are punished for correlated failures. The anti-correlation penalty curve itself is specified when creating the AVS.

Inactivity

Another reason why a validator can fail is being of-fline. In most validation services, it also makes sense to give a penalty for this, but its mechanism is dif-ferent.

If one small validator fails, this is not a big risk for the system, so the penalty is small. However, the situation becomes completely different when the amount of stake close to the thrashhold (and the corresponding validators) are offline. In this case, the viability of the service is jeopardized.

To solve such problems, there are rules for increasing the fine depending on the downtime.

Mathematical formalisation

You can read more about the mathematical formalisation of the slashing mechanism in the document "Cambrian: Restaking SOL to Enable Shared Security on Solana v0.1" in section 10 "Mathematical Formalisation": https://docsend.com/view/tnyan6cj8i6aj6tz

Last updated