Comment on page

Slashing protection

How does slashing work in Filecoin?

Slashing is a mechanism that penalizes Storage Providers who fail to meet their storage commitments or behave maliciously. The penalties can vary from losing a portion of their stake (a "slash") to being completely removed from the network. Here's how it works in more detail:

Storage Fault Slashing

Storage Fault Slashing happens when a miner doesn't meet their storage obligations. There are two main ways this can happen:
  1. 1.
    Faulty sectors: Miners in Filecoin are required to submit regular Proof of Spacetime (PoSt) to demonstrate that they're properly storing their assigned data. If a miner fails to submit their PoSt in a timely manner, the sectors they're responsible for are considered faulty. These sectors are subject to a Sector Fault Fee penalty, which is a loss of a portion of the miner's FIL (the native token of Filecoin) collateral.
  2. 2.
    Sector termination: If a miner wants to stop storing a sector before the agreed-upon time, they can choose to terminate it. However, early sector termination results in a penalty, which scales depending on how much time was left in the sector's deal.

Current network fault fees:

Sector Fault Fee
Worth 3.5 days of rewards
Termination Fee
Depends on sector lifetime:
  • Under 140 days: 20 days + half sector's lifetime worth of mining rewards.
  • 140 days or more: equivalent to 90 days' rewards.
Note: Fault Fee depends on the exact slash date and future reward trends. A termination fee is based on the daily rewards at sector onboarding.
Profile of total slashing fees depending on mining rewards trend
Consensus Fault Slashing
Consensus Fault Slashing is designed to punish miners who try to undermine the network's consensus mechanism. There are three types of consensus faults: double-forging, parent grinding, and time-offset mining. Each of these faults results in the miner losing all their FIL collateral and being permanently expelled from the network. Here's a brief description of each type of consensus fault:
  1. 1.
    Double-forging: This fault occurs when a miner creates two blocks at the same height in the blockchain.
  2. 2.
    Parent grinding: This fault occurs when a miner tries to manipulate the blockchain's history to their advantage.
  3. 3.
    Time-offset mining: This fault occurs when a miner tries to manipulate the timestamp of their block to gain an advantage.

Collateral requirements example

Total allocation
1,000,000 FIL
Daily sealing capacity
25,000 FIL
Commitment (days)
40 days sector onboarding
Collateral requirements (stable rewards)
30% (300,000 FIL)
Collateral requirements (increasing rewards)
35% (350,000 FIL)
Collateral requirements (decreasing rewards)
26% (260,000 FIL)
Here is a simplified example of collateral requirements for a Storage Provider that looking to pledge about a million FIL

Slashing protection

Storage Providers (SPs) working with Collectif DAO need to maintain collateral to cover potential slashing losses, ensuring FIL stakers are compensated for SP misconduct. Slashing protection covers the following types of misconduct:
  • Storage Faults
  • Consensus Faults
  • Missed rewards
This collateral, primarily in liquid FIL coins, is deposited by SPs into a dedicated smart contract. If an SP is slashed, the amount is drawn from this collateral to cover losses in the staking pool.
SPs must uphold sufficient collateral to pledge FIL capital from the pool to their miners. The collateral percentage is dynamic and can adjust over time. It accounts for the extreme scenario of an SP halting operations and incurring slashing for 42 consecutive days, leading to the automatic termination of all slashed sectors.
To ensure a sufficient safety net, the collateral percentage considers the average network and SPs' past slashing incidents. This provides a buffer to maintain a healthy state, even if a minor percentage of sectors are slashed for a short duration (up to 2 days).

Rehypothecation of an existing initial pledge as collateral

The initial version of the Collectif protocol doesn't allow rehypothecation to avoid adding systemic risk to the Filecoin network. Although collateralization of the miner actor's initial pledge is seen in other staking protocols, we've opted to restrict this for now until we fully understand its potential impact on the Filecoin network's Quality-Adjusted Power (QAP) reduction. We're cautious about compromising Filecoin's consensus security, as it could endanger the entire ecosystem. Our team is committed to enhancing the network's resilience.
A significant concern is the potential decrease in data availability security. Specifically, if FIL+ sectors or sectors containing real data are rehypothecated, it considerably diminishes data security. This issue is critical as it undermines the primary value of Filecoin, which incentivizes maintaining data availability throughout the entire sector lifespan.