What Is Slashing in Proof of Stake?

By / November 3, 2025

What Is Slashing in Proof of Stake?

TL;DR (Key Takeaways)

  • Slashing = on-chain penalty that burns part of a validator’s stake and usually forces an exit from validating. It exists to deter attacks and severe faults. (ethereum.org)
  • Common slashable offenses across PoS networks include double signing/equivocation, surround voting, and sometimes extended downtime—details vary by chain. (ethereum.org)
  • Delegators can be affected on many networks (e.g., Polkadot nominators share the validator’s penalty), but not all systems treat delegators the same way. (wiki.polkadot.com)
  • Not every PoS chain uses slashing: Cardano’s design aims to stay secure without slashing; Solana has documented slashing in its docs but historically hasn’t had automatic slashing on mainnet. (IOHK)
  • Best defenses: single active signer, strong key management, monitoring/alerts, and using sentinel/dupe-sign protection provided by clients or custodians. (Coinbase)

What “Slashing” Means (and Why PoS Needs It)

What Is Slashing in Proof of Stake?

In Proof of Stake (PoS), validators lock capital to propose and attest to blocks. If they violate consensus rules—in ways that are provable on-chain—the protocol can destroy a portion of their stake (burn) and often kick them out of the active set. The threat of losing real value aligns validator incentives with network health: it becomes economically irrational to attack or to operate carelessly. (ethereum.org)

Different chains implement slashing in slightly different ways, but the aim is the same: credible deterrence against behavior that can harm safety (finality) or liveness (continued block production). (ethereum.org)

Which Behaviors Are Slashable?

Although terminology differs, most PoS designs penalize at least one of the following:

1) Double Signing / Equivocation

Signing two conflicting blocks or votes for the same height/slot/round. This threatens safety and can enable double-spends or consensus splits. It’s heavily penalized on Ethereum and the Polkadot ecosystem (BABE/GRANDPA/BEEFY). (ethereum.org)

2) Surround Voting (Ethereum)

Attesting in a way that “surrounds” a previous attestation—effectively trying to rewrite history—is expressly slashable on Ethereum. (ethereum.org)

3) Double Voting (Ethereum)

Attesting to two candidates for the same block is another explicit slashing condition in Ethereum. (ethereum.org)

4) Extended Downtime (Some Tendermint/Cosmos Chains; Many Others)

Some networks penalize validators who miss too many blocks within a sliding window. Cosmos SDK chains document liveness tracking and a downtime slash + jail, after which the operator must “unjail.” The exact fractions and jail durations are chain-specific parameters. (docs.cosmos.network)

Note: Not every PoS network slashes for downtime. Policies are chain-specific and can evolve via governance.

How Slashing Is Applied (By Network)

Ethereum

  • What triggers it? Three slashable behaviors:
    (1) proposing two blocks for the same slot, (2) surround voting, (3) double voting. (ethereum.org)
  • What happens? Immediate burn of a small amount, forced exit over ~36 days, and a mid-period correlation penalty that grows if many validators are slashed around the same time (discouraging correlated failures/attacks). Max loss can reach the validator’s entire effective balance in extreme correlated events. (ethereum.org)
  • Why the design? To strongly deter collusion or client monocultures that could break finality/safety. (ethereum.org)

Cosmos SDK–Based Chains (e.g., Cosmos Hub and many appchains)

  • Mechanics: Cosmos’s x/slashing module documents liveness tracking, downtime penalties (slash + jail), and double-sign slashes. It also includes tombstone logic so a validator is permanently barred after a proven double-sign. Parameters are set per-chain/governance. (docs.cosmos.network)

Polkadot / Kusama (NPoS)

  • Who gets slashed? Validators and their nominators (delegators), proportionally to stake bonded with the offending validator. Slashes range from 0.01% up to 100%, with severity tied to offense type (e.g., backing invalid blocks can be 100%). The formula increases penalties as more validators equivocate (an anti-correlation feature). Slashed funds go to the Treasury, and there’s a grace period for governance to revert faulty slashes. (wiki.polkadot.com)

Tezos

  • Tezos uses PoS (Tenderbake) with slashing for events like double-baking/attesting, and has introduced/iterated adaptive slashing so penalties scale with incident severity. Documentation notes proportional slashing and rare historical incidents; specifics evolve via protocol upgrades (e.g., Oxford/Paris). (octez.tezos.com)

Cardano

  • Cardano’s design emphasizes security without requiring slashing. The project’s research/engineering arm (IOHK) argues Cardano remains operationally secure up to defined thresholds without slashing being necessary. In short: Cardano does not implement slashing today. (IOHK)

Solana

  • The Solana docs describe slashing conceptually, and ecosystem discussion has explored foundations for slashing; historically, automatic slashing hasn’t been active on mainnet (e.g., downtime didn’t incur automated slashes), though proposals exist and policy may change via governance. Always check current docs/governance. (solana.com)

Why Slashing Exists: Security Rationale

PoS inherits two core risks: safety (agreeing on the same history) and liveness (keeping the chain progressing). Slashing provides verifiable, automatic consequences for safety-breaking actions (e.g., equivocation) and, on some chains, for liveness failures (e.g., prolonged downtime). The economic design is simple but powerful:

  • Before the fact: Knowing that one mistake can burn substantial stake motivates careful ops, client diversity, and key hygiene.
  • During an attack: If many collude and get caught, correlation-sensitive penalties can wipe most or all of the offending stake (Ethereum, Polkadot). (ethereum.org)
  • After the fact: The penalty and forced exit purge bad actors, restoring health and trust in the validator set. (ethereum.org)

How Much Can You Lose?

It depends on the chain and the event. Examples:

  • Ethereum: Immediate small burn, slow bleed during forced exit, and a mid-period correlation penalty that can—if many are slashed together—reach the full effective balance. (ethereum.org)
  • Polkadot/Kusama: Offenses map to penalties from 0.01% to 100%. If your validator is slashed, nominators who backed that validator are slashed proportionally too. (wiki.polkadot.com)
  • Cosmos chains: Slash fractions and jail durations are chain parameters set by governance (and can differ per chain); double-signing usually tombstones the validator. (docs.cosmos.network)
  • Tezos: Protocol upgrades introduced adaptive/proportional slashing for double-events; slashing is rare but possible. (octez.tezos.com)
  • Cardano: No slashing; instead, misbehavior primarily results in missed rewards and reputational/economic pressure via delegation dynamics. (IOHK)

Do Delegators (Stakers) Get Slashed Too?

  • Yes, on many networks. On Polkadot, when a validator is slashed, their nominators also lose a proportional amount of stake associated with that validator. This makes validator selection critical for delegators. (wiki.polkadot.com)
  • Varies elsewhere. Cosmos chains, Tezos, and others have different delegator risk models—read your chain’s slashing docs and parameters carefully before delegating. (docs.cosmos.network)
  • Ethereum note: Retail users who stake through liquid staking tokens or pools are indirectly exposed to validator slashing in the pool; operators and risk frameworks differ by provider. (Consult your provider’s docs/policies.)

Most Common Real-World Causes of Slashing

Even honest operators can get slashed if their setup is unsafe:

  1. Duplicate keys / double signing during failover. Running active-active validators or restoring from disk images that copy keystores can trigger equivocation. Use dupe-sign protection and single-signer architectures. (wiki.polkadot.com)
  2. Misconfigured high availability. Split-brain scenarios where both primaries think they’re active. (wiki.polkadot.com)
  3. Long validator downtime on chains that slash for liveness. Monitor aggressively; set up paging and auto-healing where appropriate. (docs.cosmos.network)
  4. Client bugs or monoculture risk causing many validators to fail simultaneously (which can amplify correlation penalties on chains like Ethereum and Polkadot). Run diverse clients where possible. (ethereum.org)

How To Avoid Getting Slashed (Operator Checklist)

  • One active validator key at a time. Design for active-passive failover with rigid fencing, not active-active. Use remote signers/HSMs that enforce single-sign semantics. (Coinbase)
  • Double-sign protection. Many custodians and validator clients offer sentry/guard features to block duplicate signatures. Configure and test them. (Coinbase)
  • Harden your stack. Restrict access, rotate keys, verify binaries from official repos, and isolate validator duties. (Polkadot docs list concrete hygiene tips that apply broadly.) (wiki.polkadot.com)
  • Instrument & monitor. 24/7 monitoring for liveness, peers, CPU/disk, and network; alerts that wake you up.
  • Client diversity. Avoid correlated failures that trigger bigger penalties; diversify clients and infrastructure. (ethereum.org)
  • Know your chain’s parameters. Slash fractions, jail durations, “tombstone” rules, grace periods, and governance reversion windows differ by chain. (docs.cosmos.network)

What Happens After a Slash?

  • Ethereum: The validator is forcibly exited, loses a small immediate amount, then bleeds over ~36 days; a mid-period correlation penalty may hit if others are also slashed. After exit, the operator can withdraw the remainder per protocol rules. (ethereum.org)
  • Polkadot/Kusama: The slash is recorded as an “unapplied slash” with a 27-day window where governance can revert in case of error; otherwise it’s applied and funds go to the Treasury. (wiki.polkadot.com)
  • Cosmos chains: Downtime usually means jail + unbond; operators must unjail and re-bond (subject to rules). Double-sign commonly results in a tombstone (permanent bar). (docs.cosmos.network)

Is Slashing “Good” for Users?

From an end-user perspective, slashing is a backstop for security. It ensures that validators have skin in the game, discouraging attacks that could undermine your transactions and dApps. The trade-off: delegators must be choosy about operators and understand the risk of loss in the worst case on certain networks (e.g., Polkadot). (wiki.polkadot.com)

FAQs

Does every PoS network have slashing?
No. Cardano is a notable example that pursues operational security without slashing; others take a hybrid approach or vary penalties by fault type. (IOHK)

Is being offline always slashable?
No. Some chains don’t slash for downtime (policy varies and can change). Cosmos-family chains often do, within a sliding window and with jail/unjail flows. Ethereum penalizes missed duties but reserves “slashing” for severe attestation/proposal misbehavior. (docs.cosmos.network)

Can delegators be slashed?
Yes, on some networks (e.g., Polkadot nominators). On others, delegators mainly miss rewards when their validator underperforms. Always review your chain’s docs. (wiki.polkadot.com)

What about Solana?
Solana documents slashing and community proposals exist; historically automatic slashing hasn’t been active, so downtime meant missed rewards rather than burning stake. Keep an eye on protocol updates. (solana.com)

Practical Tips for Delegators

  • Diversify across validators (and even networks) to reduce single-operator risk.
  • Research validator ops: uptime history, communication, client diversity, governance participation, and security practices (HSMs, remote signers, dupe-sign protection). (wiki.polkadot.com)
  • Understand provider terms if you use liquid staking or custodial solutions—some have insurance, coverage caps, or policies around slashing events.

Conclusion

Slashing is the economic backbone that keeps many PoS networks honest. While each protocol tunes its own triggers, fractions, and recovery paths, the shared objective is constant: protect safety and liveness by aligning validator incentives with the network’s health. If you run validators, invest in resilient operations and key hygiene. If you delegate, choose carefully and know the rules of the chain you stake on.

Sources & Further Reading

  • Ethereum.org — PoS rewards, penalties & slashing (updated Aug 25, 2025): overview of rewards, penalties, three slashable conditions, forced exit, correlation penalties. (ethereum.org)
  • Cosmos SDK — x/slashing module docs (v0.53): liveness tracking, downtime slashing & jail/unjail, double-sign tombstoning, parameterization. (docs.cosmos.network)
  • Polkadot Wiki — Offenses & Slashes: offense types, 0.01–100% slashing spectrum, Treasury destination, grace period, anti-correlation formula example. (wiki.polkadot.com)
  • Tezos Docs — Adaptive/Proportional Slashing: evolving slashing function and proportional penalties across upgrades. (octez.tezos.com)
  • IOHK (Cardano) — “To slash or not to slash” (June 23/24, 2025): Cardano’s security stance without slashing. (IOHK)
  • Solana Docs / Community: Slashing concept and historical note that automatic slashing wasn’t active; proposals under consideration. (solana.com)
  • Coinbase Dev / Operational Guidance: Double-signing protection and downtime vs. double-signing severity. (Coinbase)

Related Posts

Scroll to Top