Sun. May 9th, 2021
Free TON, Slashing, Validators

The configuration of the Free TON network requires a special slashing mechanism, which includes not only sanctions against validators but also contributes to the stress resistance of the entire blockchain. 

We talked about its specifics with Mitja Goroshevsky, CTO of TON Labs and Sergei Zaitseff, Senior Data Scientist and Product Owner of TON Live Blockchain explorer.

“We Have Witnessed Catastrophic Events”

Free TON, Validators,

With these words, Mitja Goroshevsky and TON OS core developer Leonid Kholodov immediately identified the problem faced by the Free TON platform.

Data center failures resulting from the launch of nodes with incompatible software and misconfiguration led to a loss of consensus among validators. When a third of them dropped out of the system in this way, the entire network stopped.

To minimize the dependence of the blockchain on the work of individual consensus participants, TON Labs has developed a fundamentally new algorithm for the actions of the system itself. It will complement the already used and traditional mechanism of fisherman-control over validators.

Third Wheel

Free TON, Validators

Slashing is a type of penalty that should help improve the security of the network and its participants.

Recall that for validation, a Free TON platform participant needs to block a stake of several hundred thousand coins, either his own or someone else’s. And this stake is the key to the correctness of his actions.

If the validator fails, then he risks losing part of this stake. So far, judging by the comments on specialized forums, the main difficulties for participants are related to the network and hardware configurations. The organizers assume that the human factor can also interfere in the simplest manifestations — inattention, laziness, lack of technical preparedness. If malicious intent and collusion are detected in the actions of the validator, then the entire stake may be blocked. Although this is an extremely hypothetical scenario, a reaction has been prepared for it.

Let’s imagine that the validation process has begun, and among its participants, some made a mistake. To detect a consensus violator, the validators will control each other by sending data about the incorrect work of their colleagues.

During the AMA-session, Mitja Goroshevsky explained how this algorithm will work. At the central control level of the Free TON platform, there are two smart contracts, Elector and Slasher. The slasher receives information from validators regarding the correctness of the work of other validators — all under Byzantine fault tolerance. Essentially, the validators are constantly checking other validators. If 2/3 of the participants in this check report a potential threat, the Slasher sends this information to the Elector who decides on the next step.

And here a scenario not provided for in the original TON is possible — a dynamic change of the entire set of validators. Then the “bad” node is simply disconnected from validation.

“This will improve the stability of the networks”, Mitja Goroshevsky is sure because it will be more effective not to punish immediately with money, as the design of the TON platform previously suggested, but to temporarily exclude the validator from the system so that it is not taken into account in the total percentage of working nodes. This means that the alarm threshold of 33% of incorrectly working nodes will be pushed back, beyond which the entire network can stop.

In the normal mode, slashing is assumed as a punishment for flaws discovered during the work of validators:

  • erroneous block signing; 
  • miscalculation in the transaction;
  • approval of illegal payments.

You can find a detailed list of indicators for which sanctions are provided in the contest description. Although the slashing mechanism has not yet been implemented, the current slashing points are already awarded. It is necessary to pay attention to the critical threshold of the points awarded to the validator, which is 0.66, that is, if the indicator is lower than this, there will be no negative consequences for the validator.

Funds blocked as a result of slashing will be distributed among those validators whose work was correct. However, you should not confuse the slashing during validation and the situation where the terms of the contest are violated, even if the validator does not take part in the election and validation at all. For example, in the Rust Cup. In the latter case, as Sergei Zaitseff explained to us “if the validation cycle fails, the part of the vesting stake that belongs to the failed cycle is sent back to the organizers after unblocking”.

When Depositors Are Under Attack

Free TON, Validators, Contributors

If the slashing points exceed the critical threshold, a penalty session for the validator begins. But not only for him. If his stake largely consists of the funds that other crystal holders have invested in it, then they may suffer.

Sergei Zaitseff, in a conversation with our publication, explained the sequence of blocking funds in case of slashing. First, the amount of the shortfall will be debited from the validator’s own stakes. The order is: first a regular stake, then vesting, then a lock stake.

“One of the main parameters of DePool that investors should pay attention to is the size of the guarantee, that is, the minimum contribution that the validator must put on his own behalf in each round of validation”, — advised Sergei Zaitseff.

At the same time, Mitja Goroshevsky especially emphasized that the contributors to DePool of the fined validator can suffer only in the last turn.

If this happens, then the losses will be incurred by the depositors in proportion to the deposits in DePool, while the percentage of write-off from the deposit amount will be the same.

Waiting For Real Slashing

On the Free TON mainnet, this is only a project so far. As Mitja Goroshevsky explained to our publication, during the DePool Game contest there was only an imitation of slashing, and its full implementation is planned for the Rust Cup.

There will be no slashing simulation in rustnet, it will have real slashing. Let’s see how it works and think about how to visualize it. I have not yet seen it in action. Sergei Zaitseff in the Telegram chat of validators

To our question about when exactly it is planned to start slashing, Mitja replied it is too early to talk about it since for its implementation it is necessary to carry out formal verification of the new Elector contract and go through the necessary rounds of testing. In the meantime, dynamic slashing mechanisms will be further improved and developed.

But the first fundamental step — the choice of an algorithm, when validators who do not validate well will be immediately excluded from the set — has already been made, and it should significantly affect the improvement of consensus and network security.