You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Instead of applying all the unbonding storage updates at unbonding_len, the "bond", validator total deltas and voting power and validator sets should be updated earlier at pipeline_len and only the "unbond" record should be offset at unbonding_len.
This is to minimize a chance of a validator using their voting power before unbonding to perform some slashable infraction.
E.g. say a validator unbonds their stake at epoch n and then commits some slashable infraction somewhere between (n + pipeline_len .. n + unbonding_len]. They would be using their voting power before unbonding, but they couldn't be slashed for it if it's discovered at or after n + unbonding. Using the pipeline_len minimizes the duration during which the validator can use their voting power before unbonding to only epoch n + 1 (before n + pipeline_len)
The text was updated successfully, but these errors were encountered:
I'm thinking that we could design this to make it a bit clearer -
Say that instead of allowing to submit evidence for infraction in epoch n before the begining of n + unbonding_len, we only allow to submit it before the beginning of n + unbonding_len - (pipeline_len - 1) (one epoch earlier).
In effect I don't think it makes much difference, because we still cannot slash for infraction committed at epoch n + 1 with voting power that's unbonded in epoch n when the infraction is discovered at n + unbonding_len - 1, but at least this would be clear from the design, rather than saying this can happen but the chance is very low :)
Additionally, we've planned to go with pipeline_len=2, unbonding_len = 21 and disallow changes to these parameters for now, until we verify the safety of doing so, so that should be plenty time to discover any infractions at ~1 epoch per day
we decided to go with making unbonded tokens withdrawal possible in pipeline_len + unbonding_len epochs from when the tx_unbond is applied to avoid the corner case
Instead of applying all the unbonding storage updates at
unbonding_len
, the "bond", validator total deltas and voting power and validator sets should be updated earlier atpipeline_len
and only the "unbond" record should be offset atunbonding_len
.This is to minimize a chance of a validator using their voting power before unbonding to perform some slashable infraction.
E.g. say a validator unbonds their stake at epoch
n
and then commits some slashable infraction somewhere between(n + pipeline_len .. n + unbonding_len]
. They would be using their voting power before unbonding, but they couldn't be slashed for it if it's discovered at or aftern + unbonding
. Using thepipeline_len
minimizes the duration during which the validator can use their voting power before unbonding to only epochn + 1
(beforen + pipeline_len
)The text was updated successfully, but these errors were encountered: