Risk Assessment Procedures

This Risk Assessment Procedure provides a systematic approach for Ethereum node operators to assess the financial loss and the probability for each identified scenario.


1. Assessment of Financial Loss for Each Identified Scenario

Direct Monetary Losses from a Slashing Event Assess the losses directly linked to the slashing event. This can include:

  • Direct slashing penalty due to double signing (currently 1 ETH)

  • "Correlated slashing penalty" occurs 18 days after the initial slashing

  • Slashing leads to validator downtime until the slashed validator is exited

  • Missed rewards

  • Possible recoveries from insurance payments

  • The following resource can help to determine the losses for slashing and downtime: https://shorturl.at/vxGM4

Direct Monetary Losses from a Downtime Event Assess the losses directly from the downtime event. This can include:

  • Downtime penalties until the validator is exited

  • Missed rewards

  • Possible recoveries from insurance payments

  • The following resource can help to determine the losses for slashing and downtime: https://shorturl.at/vxGM4

Reputational Risks Determine the monetary loss from reputational damage. This includes:

  • Reduction in earnings due to the depletion of presently staked assets

  • Loss of anticipated earnings due to the diminishment of future staked assets

Losses from the Event Investigation Indirect losses can arise from the investigation of the slashing or downtime event. This can include:

  • Costs associated with conducting an internal investigation

  • Expenses for external investigative services

  • Replacement or upgrading of hardware and software

Legal Disputes and Liabilities Additional costs can come from legal disputes and liabilities. This can include:

  • Obligation for slashing or downtime events as stated in Service Level Agreements

  • Expenses for legal dispute settlement and court fees to address or defend against liabilities

  • Costs associated with legal consultation and advisory services

  • Possible insurance payments (e.g. for legal defence costs)


2. Assessment of the Occurrence Probability for Each Identified Scenario

Assign a likelihood of occurrence and estimate the potential financial impact for each risk identified. This approach considers the specific operational context of the node operator and requires the node operator to tailor the assessment to its unique risk exposure, and vulnerabilities and to take the mitigation strategies into account. This process can be informed by:

  • Analyzing historical data to understand past trends and incidents (external, internal incidents, and near-miss incidents)

  • Reviewing industry reports for insights into common risks and their fiscal consequences in similar scenarios

  • Consulting with experts in the field to gain a comprehensive perspective on risk probabilities and impacts

  • Utilizing risk assessment tools or software for a more data-driven analysis

  • Analyze the Mean Time to Repair (MTTR, The average time it takes to fully restore a system or service after a failure or security incident) in case of a downtime under different scenarios.


3. Risk Matrix

Create a risk matrix to visually categorize risks based on their severity and likelihood. This helps in prioritizing which risks need more immediate attention. This process can be performed before and after the identified mitigation and controls are in place to visualize the effect of these strategies.

Last updated