Panelty

Slashing

The oracle module ensures the security and stability of the pricing system by providing a slashing mechanism, which enforces penalties for two types of misbehavior by validators: downtime (failure to report a price) and malicious behavior (providing incorrect prices). This mechanism serves to maintain reliable and trustworthy price feeds.

Params

Slashing: &SlashingParams{
	ReportedRoundsWindow:        100,
  MinReportedPerWindow:        sdkmath.LegacyNewDec(1).Quo(sdkmath.LegacyNewDec(2)),
  OracleMissJailDuration:      600 * time.Second,
  OracleMaliciousJailDuration: 30 * 24 * time.Hour,
  SlashFractionMiss:           sdkmath.LegacyNewDec(1).Quo(sdkmath.LegacyNewDec(20)),
  SlashFractionMalicious:      sdkmath.LegacyNewDec(1).Quo(sdkmath.LegacyNewDec(10)),
          },

Downtime

Active validators is expected to submit price quotes within the quoting window for each active tokenFeeder. When a validator fails to provide a correct price during a valid round, they accumulate "miss" counts. A valid round is one where a consensus price has been reached, and a correct price is one that strictly matches the consensus price (in the case of Chainlink as the source). If the number of misses exceeds a defined threshold, a downtime-penalty event is triggered. This results in the following:

• Jailing: The validator is temporarily removed from the active validator set and cannot rejoin for a period defined by OracleMissJailDuration.

  • The default duration is set to 600 seconds.

The miss count follows these rules:

1. Observation Period: The observation period is a sliding window measured in rounds. The window size is defined in the parameters as ReportedRoundsWindow (default is 100). Only rounds where consensus on price is achieved are considered in this window.

   • For example, in a 5-round observation period, if only round_1 and round_3 reach consensus, data from round_2, round_4, and round_5 are excluded from miss calculations.

2. Miss Counting: A miss is recorded if the following conditions are met at the end of each round's price window:

   1. The validator is active in the validator set.

   2. The round has a consensus price.

   3. The validator did not submit a price matching the consensus price.

   4. The round is not closed by a validator set change.The round is not sealed by a validator set change.

      • If, during any block within the quotation window of a round, price consensus has not been reached (i.e., not enough voting power has been accumulated) and a validator set change occurs, the current quotation window will be closed. No further prices will be processed, and the previous round's price will be used to update the current round's price.

3. Downtime Penalty Trigger: If the count of misses exceeds ReportedRoundsWindow - ReportedRoundsWindow * MinReportedPerWindow, downtime penalty is triggered.

4. Default values:

   1. ReportedRoundsWindow: 100

   2. MinReportedPerWindow: 0.5

      1. This means 50% of the ReportedRoundsWindow.

Malicious Quoting

When the oracle module establishes a consensus price, such as {price:123, detID:5}, a malicious-slashing event is triggered if an active validator submits price data with a matching detID but a differing price value. The slashing result involves:

1. Asset Reduction

   The validator's assets will be slashed, with the reduction ratio defined in the parameters as SlashFractionMalicious. The slashed assets will be burnt.

   Slashing Priority:

   1. First, the operator's assets in pendingUndelegation will be slashed.

   2. If necessary, the slashing will extend to the operator's assets in assetsPool (the assets currently delegated).

2. Jailing

   The validator will be jailed, meaning they are forced to exit the active_validator_set and are unable to rejoin for a specified period.

   • The jail duration is defined in the parameters as OracleMaliciousJailDuration.

3. Default values:

   1. SlashFractionMalicious: 0.1

      1. This means that 10% of the staked assets will be slashed.

   2. OracleMaliciousJailDuration: 2592000 seconds