github.com/Finschia/finschia-sdk@v0.48.1/x/slashing/spec/01_concepts.md

github.com/Finschia/finschia-sdk@v0.48.1/x/slashing/spec/01_concepts.md (about)

     1  <!--
     2  order: 1
     3  -->
     4  
     5  # Concepts
     6  
     7  ## States
     8  
     9  At any given time, there are any number of validators registered in the state
    10  machine. Each block, the top `MaxValidators` (defined by `x/staking`) validators
    11  who are not jailed become _bonded_, meaning that they may propose and vote on
    12  blocks. Validators who are _bonded_ are _at stake_, meaning that part or all of
    13  their stake and their delegators' stake is at risk if they commit a protocol fault.
    14  
    15  For each of these validators we keep a `ValidatorSigningInfo` record that contains
    16  information partaining to validator's liveness and other infraction related
    17  attributes.
    18  
    19  ## Tombstone Caps
    20  
    21  In order to mitigate the impact of initially likely categories of non-malicious
    22  protocol faults, the Cosmos Hub implements for each validator
    23  a _tombstone_ cap, which only allows a validator to be slashed once for a double
    24  sign fault. For example, if you misconfigure your HSM and double-sign a bunch of
    25  old blocks, you'll only be punished for the first double-sign (and then immediately tombstombed). This will still be quite expensive and desirable to avoid, but tombstone caps
    26  somewhat blunt the economic impact of unintentional misconfiguration.
    27  
    28  Liveness faults do not have caps, as they can't stack upon each other. Liveness bugs are "detected" as soon as the infraction occurs, and the validators are immediately put in jail, so it is not possible for them to commit multiple liveness faults without unjailing in between.
    29  
    30  ## Infraction Timelines
    31  
    32  To illustrate how the `x/slashing` module handles submitted evidence through
    33  Tendermint consensus, consider the following examples:
    34  
    35  **Definitions**:
    36  
    37  _[_ : timeline start  
    38  _]_ : timeline end  
    39  _C<sub>n</sub>_ : infraction `n` committed  
    40  _D<sub>n</sub>_ : infraction `n` discovered  
    41  _V<sub>b</sub>_ : validator bonded  
    42  _V<sub>u</sub>_ : validator unbonded
    43  
    44  ### Single Double Sign Infraction
    45  
    46  <----------------->
    47  [----------C<sub>1</sub>----D<sub>1</sub>,V<sub>u</sub>-----]
    48  
    49  A single infraction is committed then later discovered, at which point the
    50  validator is unbonded and slashed at the full amount for the infraction.
    51  
    52  ### Multiple Double Sign Infractions
    53  
    54  <--------------------------->
    55  [----------C<sub>1</sub>--C<sub>2</sub>---C<sub>3</sub>---D<sub>1</sub>,D<sub>2</sub>,D<sub>3</sub>V<sub>u</sub>-----]
    56  
    57  Multiple infractions are committed and then later discovered, at which point the
    58  validator is jailed and slashed for only one infraction. Because the validator
    59  is also tombstoned, they can not rejoin the validator set.