RFC-0005 — Slashing extrinsic ABI
Owner: Pallet Lead + Verification Lead
Design rules (from red-team)
- Per-detection, not per-epoch. 100 cheats = 100 slash events.
- Bounded per-incident. Max 10% single-incident.
- Cumulative cap. Max 50% per month per operator.
- Dispute window. 7 days; 28 days total resolution.
- Escrow, not burn. Stake held in escrow until resolution.
- Transparency. Every slash on-chain with reason code.
- Watcher penalty. False slashing claim → bond × 10 + 2nd-offense ban.
Fault codes & severities
WrongModel/QuantizationSwap/ValidatorCollusion/BatchOvercommit 10% · WrongResponse/CacheReplay 5% · LogProbDrift/AttestationStale 2% · KernelPackMismatch 0.5% · DeviceCertCollision/SanctionsHit 100% (no dispute) · FakeBurn 50% · HeartbeatMiss soft (emission decay).
Co-signature requirements
| Severity | Corroborators |
|---|---|
| 0.5% | 1 (submitter) |
| 2–5% | 2 |
| 10% | 3 |
| 50% | 3 + burn-engine evidence |
| 100% | 5 or multisig |
Dispute flow
T+0 slash → escrow · T+7d operator opens dispute + 10% bond · T+14d sortition panel selected (3 ops from top-50 stake, geographically diverse) · T+21d panel votes 2-of-3 · T+28d multisig ratifies → execute.
Circuit breaker: if network-wide slashing exceeds 3× rolling baseline, pallet-slashing enters paused state requiring 5-of-7 multisig + 2-day public delay to resume.