Slashing (SLS)

Performing slashable actions leading to penalties.

Slashing Risks:

ID	Risk Group	Risk Vectors	Risk Vector Description
SLS1	Infrastructure	Operational Failure: Single validator signs two different blocks	Single node signs two different blocks, e.g. failure in setting up the anti-slashing mechanism (e.g. no lokal anti-slashing database disabled or deleted) or failure in the validator migration process.
SLS2	Infrastructure	Operational Failure: Shutting down validator only temporarily	Validator shuts (temporary) down. System spins up a new validator with the same key
SLS3	Infrastructure	Operational Failure: Validator keys are used on 2 different validators	System takes the same keys twice from the key database and deploys them on two different validators.
SLS4	Infrastructure	Operational Failure: Failure in setting up the anti-slashing mechanisms correctly	Failure in setting up the anti-slashing mechanisms correctly (e.g. Web3Signer has no slashing protection enabled, no database, database only in memory and not on disk, 2 or several copies of Web3Signer, slashing databse can be deleted)
SLS5	Infrastructure	Double key usage in the CI/CD pipeline	Usage of same key within different environments causing a slashing
SLS6	Software	Software Bug (e.g. Validator Client) (Intentional or accidentional) through update	New versions of a validator client that may cause errors that lead to slashing Supply chain attack
SLS7	Software	Software Bug (e.g. Validator Client) through software customization	New versions of a validator client may cause errors that lead to slashing
SLS8	People	Malicious Internal Employee intentionally causes operational failure via his given user rights	Anything that an internal employee has access to is at risk of being exploited to sabotage the operation resulting in a slashing incident.
SLS9	People	Malicious Internal Employee intentionally causes operational failure via privilege escalation	A malicious internal employee can get additional rights via through privileges escalation.
SLS10	People	Malicious Ex-Employee intentionally causes a slashing incident	A Ex-Employee can still have access to the system when his acces is not blocked or removed
SLS11	People	Malicious External Hacker intentionally causes slashing incident	Malicious External Hacker gets system access through absence of or weak cyber security standards
SLS12	People	Malicious External Hacker intentionally causes slashing incident	Malicious External Hacker gets external network access to the system
SLS13	People	Malicious External Hacker intentionally causes operational failure through authentication access	Malicious External Hacker can get access through by-passing or brut-forcing authentication systems
SLS14	Process	Operational Failure: Incorrect implementation of the failover mechanism: Failover system comes unexpectedly online	If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts accidentally although primary system is not down
SLS15	Process	Operational Failure: Incorrect implementation of the failover mechanism: Primary system comes unexpectedly back online	If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts (manually / automatically) because primary system is down and primary system comes back online
SLS16	Process	Operational Failure: Slashing monitoring does not prevent system shut down	Slashing events keep ongoing on because no slashing monitoring system in place
SLS17	Process	Operational Failure: Slashing monitoring ignores alerts	Monitoring is in place, but slashing events keep ongoing on because alerts are not monitored
SLS18	Process	Operational Failure: Slashing monitoring does not shut down the validators	Slashing keeps going on because system fails to automatically shut down after alerts