Proposed Proposal Body:
In the Cosmos Hub, centralization of consensus power amongst a small set of validators can cause harm to the network due to increased risk of censorship, liveness failure, fork attacks, etc.
However, while this centralization causes harm to the network, it is a negative externality not felt directly by the stakers contributing towards delegating towards already large validators. We would like a way to pass on the negative externality cost of centralization onto large validators and their delegators.
There have been many discussions in the Cosmos community on different mediums about disincentivizing delegations that centralize the network. However, many of them suffer from sybil attacks in which their effect is negated by validator operators running multiple validators accounts.
We propose adopting a procedure called Proportional Slashing which is resistant to such sybil attacks. In this system, instead of the slashing percent being equal for all slashes, the percentage a validator gets slashed for a fault is proportional to the validator’s percent of consensus power. This way, larger validators face harsher slash amounts thus incentivizing risk-managing delegators to delegate to smaller validators. There may also be minimum and maximum bounds on the size of the slash percentages.
To solve for sybil attacks, we make it such that a validator’s slash is not only dependent on their own voting power percent, but also dependent on the other validators who fault within a short time period (exact time periods can be an on-chain governable parameter), thus suggesting correlation amongst the faults. We make it such that the slash is dependent on both the total percentage voting power of validators who fault in a time period as well as on the number of validators who fault within the same time period. Using this mechanism, it disincentivizes operators from splitting into multiple validators, because if they fault in a correlated way, they’re increasing their own slashing percent.
This also creates a secondary benefit where it incentivizes validators to decorrelate their setups from other validators. Because the mechanism only cares about validators faulting in a short time period, it does not differentiate between correlation in faults due to being controlled by a single operator or for other reasons. This incentivizes validators to differentiate their setups from other validators, to avoid having correlated faults with them or else risking a higher slash. So for example, operators should avoid using the same data centers, popular cloud hosting platforms, or Staking as a Service providers. This will lead to a more resilient and decentralized network.
For details and explanation on the exact form of the function to calculate the slash percent, as well as a technical summary of implementation method, please see this proposed ADR to the Cosmos SDK repository: https://github.com/cosmos/cosmos-sdk/blob/sunny/prop-slashing-adr/docs/architecture/adt-014-proportional-slashing.md
Would love some feedback and discussion on this before I post it on-chain!