Risk Assessment Procedures
This Risk Assessment Procedure provides a systematic approach for Ethereum node operators to assess the financial loss and the probability for each identified scenario.
Last updated
Was this helpful?
This Risk Assessment Procedure provides a systematic approach for Ethereum node operators to assess the financial loss and the probability for each identified scenario.
Last updated
Was this helpful?
Direct Monetary Losses from a Slashing Event Assess the losses directly linked to the slashing event. This can include:
Direct slashing penalty due to double signing (currently 1 ETH)
"Correlated slashing penalty" occurs 18 days after the initial slashing
Slashing leads to validator downtime until the slashed validator is exited
Missed rewards
Possible recoveries from insurance payments
The following resource can help to determine the losses for slashing and downtime:
Direct Monetary Losses from a Downtime Event Assess the losses directly from the downtime event. This can include:
Downtime penalties until the validator is exited
Missed rewards
Possible recoveries from insurance payments
The following resource can help to determine the losses for slashing and downtime:
Reputational Risks Determine the monetary loss from reputational damage. This includes:
Reduction in earnings due to the depletion of presently staked assets
Loss of anticipated earnings due to the diminishment of future staked assets
Losses from the Event Investigation Indirect losses can arise from the investigation of the slashing or downtime event. This can include:
Costs associated with conducting an internal investigation
Expenses for external investigative services
Replacement or upgrading of hardware and software
Legal Disputes and Liabilities Additional costs can come from legal disputes and liabilities. This can include:
Obligation for slashing or downtime events as stated in Service Level Agreements
Expenses for legal dispute settlement and court fees to address or defend against liabilities
Costs associated with legal consultation and advisory services
Possible insurance payments (e.g. for legal defence costs)
Assign a likelihood of occurrence and estimate the potential financial impact for each risk identified. This approach considers the specific operational context of the node operator and requires the node operator to tailor the assessment to its unique risk exposure, and vulnerabilities and to take the mitigation strategies into account. This process can be informed by:
Analyzing historical data to understand past trends and incidents (external, internal incidents, and near-miss incidents)
Reviewing industry reports for insights into common risks and their fiscal consequences in similar scenarios
Consulting with experts in the field to gain a comprehensive perspective on risk probabilities and impacts
Utilizing risk assessment tools or software for a more data-driven analysis
Analyze the Mean Time to Repair (MTTR, The average time it takes to fully restore a system or service after a failure or security incident) in case of a downtime under different scenarios.
Create a risk matrix to visually categorize risks based on their severity and likelihood. This helps in prioritizing which risks need more immediate attention. This process can be performed before and after the identified mitigation and controls are in place to visualize the effect of these strategies.