This proposal increases min_signed_per_window to 80%.
increase min_signed_per_window to 80%
The current min_signed_per_window enables time-based exploits on the cosmos hub. Validators who are unable to sign for some reason should be jailed much more swiftly to ensure that the chain remains live.
Currently, the value is set to 5%, meaning that a validator needs to sign only 500 / 10000 of the most recent blocks in order to not be jailed. After passage, a validator would need to sign 8000 / 10000 of the most recent blocks to be jailed. After 2000 blocks in any 10000 block window are missed by a validator, that validator will be jailed, hopefully without a slash. There is another proposal that will go live on the same day as this one that will eliminate the downtime slash.
Even if we choose to keep slashing for downtime, this is the safer course. Many thanks to @freak12techno for their active assistance in ideation on this proposal.
Parameters
current:
{
"min_signed_per_window": "0.050000000000000000",
}
future:
{
"min_signed_per_window": "0.800000000000000000",
}
I still think 2k blocks is too small and I think the increasing of min_signed_per_window should go along with the increase of blocks_window, so that there would be still the same window of allowed downtime but validators who have bad hardware would get kicked out faster.
Don’t forget that a jail for a validator is quite a dirty spot on a validator’s reputation regardless of whether it was slashed or not, and sometimes 2000 blocks is a waaaay too small timespan to fix their node, and sometimes it may result in a validator trying to fix their node by switching to a failover node, resulting in a double sign if the older node goes back online (and yes, I know such cases), and we do want to avoid such cases, don’t we?
Only increasing the min_signed_per_window param would make the life of a validator way more stressful, and I see a trend of having quite a big signed blocks window and overall the time a validator is allowed to skip blocks without getting jailed, and I do not see a reason to make it different here.
IMO the ideal approach here would be to save the same 16 hours downtime window, so if min_signed_per_window would be 0.8, the blocks_window should be 47500 (can be rounded up to 50k I guess to make it easier to count, that way a validator would be able to skip 10k blocks without getting jailed).
1 Like