Slashing (SLS)
Performing slashable actions leading to penalties.
Slashing Risks:
ID | Risk Group | Risk Vectors | Risk Vector Description |
---|---|---|---|
SLS1 | Infrastructure | Operational Failure: Single validator signs two different blocks | Single node signs two different blocks, e.g. failure in setting up the anti-slashing mechanism (e.g. no lokal anti-slashing database disabled or deleted) or failure in the validator migration process. |
SLS2 | Infrastructure | Operational Failure: Shutting down validator only temporarily | Validator shuts (temporary) down. System spins up a new validator with the same key |
SLS3 | Infrastructure | Operational Failure: Validator keys are used on 2 different validators | System takes the same keys twice from the key database and deploys them on two different validators. |
SLS4 | Infrastructure | Operational Failure: Failure in setting up the anti-slashing mechanisms correctly | Failure in setting up the anti-slashing mechanisms correctly (e.g. Web3Signer has no slashing protection enabled, no database, database only in memory and not on disk, 2 or several copies of Web3Signer, slashing databse can be deleted) |
SLS5 | Infrastructure | Double key usage in the CI/CD pipeline | Usage of same key within different environments causing a slashing |
SLS6 | Software | Software Bug (e.g. Validator Client) (Intentional or accidentional) through update | New versions of a validator client that may cause errors that lead to slashing Supply chain attack |
SLS7 | Software | Software Bug (e.g. Validator Client) through software customization | New versions of a validator client may cause errors that lead to slashing |
SLS8 | People | Malicious Internal Employee intentionally causes operational failure via his given user rights | Anything that an internal employee has access to is at risk of being exploited to sabotage the operation resulting in a slashing incident. |
SLS9 | People | Malicious Internal Employee intentionally causes operational failure via privilege escalation | A malicious internal employee can get additional rights via through privileges escalation. |
SLS10 | People | Malicious Ex-Employee intentionally causes a slashing incident | A Ex-Employee can still have access to the system when his acces is not blocked or removed |
SLS11 | People | Malicious External Hacker intentionally causes slashing incident | Malicious External Hacker gets system access through absence of or weak cyber security standards |
SLS12 | People | Malicious External Hacker intentionally causes slashing incident | Malicious External Hacker gets external network access to the system |
SLS13 | People | Malicious External Hacker intentionally causes operational failure through authentication access | Malicious External Hacker can get access through by-passing or brut-forcing authentication systems |
SLS14 | Process | Operational Failure: Incorrect implementation of the failover mechanism: Failover system comes unexpectedly online | If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts accidentally although primary system is not down |
SLS15 | Process | Operational Failure: Incorrect implementation of the failover mechanism: Primary system comes unexpectedly back online | If the failover does not ensure that old system is not still alive in some way or is using a stale version of the anti-slashing database, e.g.: failover system starts (manually / automatically) because primary system is down and primary system comes back online |
SLS16 | Process | Operational Failure: Slashing monitoring does not prevent system shut down | Slashing events keep ongoing on because no slashing monitoring system in place |
SLS17 | Process | Operational Failure: Slashing monitoring ignores alerts | Monitoring is in place, but slashing events keep ongoing on because alerts are not monitored |
SLS18 | Process | Operational Failure: Slashing monitoring does not shut down the validators | Slashing keeps going on because system fails to automatically shut down after alerts |
Last updated