[Staking] Validator slashing

[karlem]

Description:

We need to implement a slashing mechanism for validators misbehaving in the CometBFT consensus on our child chain. This feature will ensure the integrity and security of the network by penalizing validators who act maliciously or negligently. The proposed implementation includes detecting, witnessing, and generating proofs of misbehavior, which will then be validated and executed by the parent chain.

Methods of Validator Cheating:

1. Double-Signing (Equivocation):
   • A validator signs two different blocks at the same height and round.
2. Non-Participation:
   • A validator fails to participate in a required consensus round, missing pre-votes or pre-commits.
3. Signing Invalid Proposals:
   • A validator signs a proposal that does not follow the consensus rules or contains invalid transactions.

Witnessing and Proof Generation:

1. Double-Signing Detection:
   • Validators monitor the network for block proposals and commits.
   • Detection occurs when a validator signs two different blocks at the same height and round.
   • Proof Generation:
   • Gather signatures of the two conflicting blocks.
   • Proof consists of the block heights, rounds, and both signed blocks with signatures.
2. Non-Participation Detection:
   • Validators log all received pre-votes and pre-commits.
   • Detection occurs when a validator fails to submit required votes within a predefined time.
   • Proof Generation:
   • Generate a list of received pre-votes or pre-commits, highlighting the absence of the validator’s vote.
3. Signing Invalid Proposals:
   • Validators monitor proposals for adherence to consensus rules and validity of transactions.
   • Detection occurs when a validator signs an invalid proposal.

Proof Generation:

• Gather the invalid proposal and the validator’s signature.
• Proof consists of the invalid proposal, the specific rule violations, and the validator’s signature.

Proof Submission and Slashing Execution:

1. Bottom-Up Checkpoint:
   • Generated proofs of misbehavior are submitted during the bottom-up checkpoint process.
2. Validation by Subnet Actor:
   • The subnet actor on the parent chain validates the submitted proofs.
   • If validated, the subnet actor implements slashing by reducing the misbehaving validator’s stake.
3. Adjusted Powers in Up-to-Bottom Finality:
   • The parent chain sends down the adjusted validator powers after slashing, ensuring the updated state is reflected in the child chain.

Configurable Slashing Algorithm:

The exact parameters and rules of the slashing algorithm need to be defined but should remain highly configurable.

Configurable Parameters:

• Ability to adjust the slashing formula based on network parameters (e.g., number of validators, network load).
• Define whether the slashed amount should be rewarded to genuine validators, burned, or both.
• Configurable thresholds for misbehavior detection (e.g., number of missed votes before slashing).
• Potentially others?

Implementation Steps:

1. Detection Logic:
   • Implement logic in validator nodes to detect double-signing, non-participation, and signing invalid proposals.
2. Proof Generation:
   • Develop mechanisms for generating cryptographic proofs of detected misbehavior.
3. Proof Submission:
   • Enable validators to submit proofs during the checkpoint process.
4. Validation and Slashing:
   • Develop smart contracts or logic in the subnet actor to validate proofs and execute slashing.
5. State Adjustment:
   • Ensure the parent chain updates and sends the adjusted validator powers back to the child chain.

By implementing this feature, we will enhance the security and reliability of our network, ensuring that validators are incentivized to act honestly and are penalized for any malicious behavior.

[raulk]

This is a solid description and map of concerns, thanks @karlem! This is necessary for collateral-based validator membership to be complete (collateral makesk sense when there's something at risk).