Slashing (SLS)

Performing slashable actions leading to penalties.

Slashing Risks:

ID	Risk Group	Risk Vectors	Risk Vector Description
SLS1	Infrastructure	Operational Failure: Single validator signs two different blocks	Single node signs two different blocks, e.g. failure in setting up the anti-slashing mechanism (e.g. no lokal anti-slashing database disabled or deleted) or failure in the validator migration process.
SLS2	Infrastructure	Operational Failure: Shutting down validator only temporarily	Validator shuts (temporary) down. System spins up a new validator with the same key
SLS3	Infrastructure	Operational Failure: Validator keys are used on 2 different validators	System takes the same keys twice from the key database and deploys them on two different validators.
SLS4	Infrastructure	Operational Failure: Failure in setting up the anti-slashing mechanisms correctly	Failure in setting up the anti-slashing mechanisms correctly (e.g. Web3Signer has no slashing protection enabled, no database, database only in memory and not on disk, 2 or several copies of Web3Signer, slashing databse can be deleted)
SLS5	Infrastructure	Double key usage in the CI/CD pipeline	Usage of same key within different environments causing a slashing
SLS6	Software	Software Bug (e.g. Validator Client) (Intentional or accidentional) through update	New versions of a validator client that may cause errors that lead to slashing Supply chain attack
SLS7	Software	Software Bug (e.g. Validator Client) through software customization	New versions of a validator client may cause errors that lead to slashing
SLS8	People	Malicious Internal Employee intentionally causes operational failure via his given user rights	Anything that an internal employee has access to is at risk of being exploited to sabotage the operation resulting in a slashing incident.
SLS9	People	Malicious Internal Employee intentionally causes operational failure via privilege escalation	A malicious internal employee can get additional rights via through privileges escalation.
SLS10	People	Malicious Ex-Employee intentionally causes a slashing incident	A Ex-Employee can still have access to the system when his acces is not blocked or removed
SLS11	People	Malicious External Hacker intentionally causes slashing incident	Malicious External Hacker gets system access through absence of or weak cyber security standards
SLS12	People	Malicious External Hacker intentionally causes slashing incident	Malicious External Hacker gets external network access to the system
SLS13	People	Malicious External Hacker intentionally causes operational failure through authentication access	Malicious External Hacker can get access through by-passing or brut-forcing authentication systems
SLS14	Process	Operational Failure: Incorrect implementation of the failover mechanism: Failover system comes unexpectedly online	If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts accidentally although primary system is not down
SLS15	Process	Operational Failure: Incorrect implementation of the failover mechanism: Primary system comes unexpectedly back online	If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts (manually / automatically) because primary system is down and primary system comes back online
SLS16	Process	Operational Failure: Slashing monitoring does not prevent system shut down	Slashing events keep ongoing on because no slashing monitoring system in place
SLS17	Process	Operational Failure: Slashing monitoring ignores alerts	Monitoring is in place, but slashing events keep ongoing on because alerts are not monitored
SLS18	Process	Operational Failure: Slashing monitoring does not shut down the validators	Slashing keeps going on because system fails to automatically shut down after alerts

Risk Group

Risk Vectors

Risk Vector Description

SLS1

Infrastructure

Operational Failure: Single validator signs two different blocks

Single node signs two different blocks, e.g. failure in setting up the anti-slashing mechanism (e.g. no lokal anti-slashing database disabled or deleted) or failure in the validator migration process.

SLS2

Infrastructure

Operational Failure: Shutting down validator only temporarily

Validator shuts (temporary) down. System spins up a new validator with the same key

SLS3

Infrastructure

Operational Failure: Validator keys are used on 2 different validators

System takes the same keys twice from the key database and deploys them on two different validators.

SLS4

Infrastructure

Operational Failure: Failure in setting up the anti-slashing mechanisms correctly

Failure in setting up the anti-slashing mechanisms correctly (e.g. Web3Signer has no slashing protection enabled, no database, database only in memory and not on disk, 2 or several copies of Web3Signer, slashing databse can be deleted)

SLS5

Infrastructure

Double key usage in the CI/CD pipeline

Usage of same key within different environments causing a slashing

SLS6

Software

Software Bug (e.g. Validator Client) (Intentional or accidentional) through update

New versions of a validator client that may cause errors that lead to slashing Supply chain attack

SLS7

Software

Software Bug (e.g. Validator Client) through software customization

New versions of a validator client may cause errors that lead to slashing

SLS8

People

Malicious Internal Employee intentionally causes operational failure via his given user rights

Anything that an internal employee has access to is at risk of being exploited to sabotage the operation resulting in a slashing incident.

SLS9

People

Malicious Internal Employee intentionally causes operational failure via privilege escalation

A malicious internal employee can get additional rights via through privileges escalation.

SLS10

People

Malicious Ex-Employee intentionally causes a slashing incident

A Ex-Employee can still have access to the system when his acces is not blocked or removed

SLS11

People

Malicious External Hacker intentionally causes slashing incident

Malicious External Hacker gets system access through absence of or weak cyber security standards

SLS12

People

Malicious External Hacker intentionally causes slashing incident

Malicious External Hacker gets external network access to the system

SLS13

People

Malicious External Hacker intentionally causes operational failure through authentication access

Malicious External Hacker can get access through by-passing or brut-forcing authentication systems

SLS14

Process

Operational Failure: Incorrect implementation of the failover mechanism: Failover system comes unexpectedly online

If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts accidentally although primary system is not down

SLS15

Process

Operational Failure: Incorrect implementation of the failover mechanism: Primary system comes unexpectedly back online

If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts (manually / automatically) because primary system is down and primary system comes back online

SLS16

Process

Operational Failure: Slashing monitoring does not prevent system shut down

Slashing events keep ongoing on because no slashing monitoring system in place

SLS17

Process

Operational Failure: Slashing monitoring ignores alerts

Monitoring is in place, but slashing events keep ongoing on because alerts are not monitored

SLS18

Process

Operational Failure: Slashing monitoring does not shut down the validators

Slashing keeps going on because system fails to automatically shut down after alerts

PreviousRisks NextDowntime (DOW)

Last updated 1 month ago