Slashing & the Inactivity Leak
The last three pages built the machinery of agreement. Attestations and LMD-GHOST told us how validators vote for a head; checkpoints and Casper FFG told us how those votes harden into finality — a state the protocol promises never to revert. And The Merge swapped the engine that produces blocks. But every one of those mechanisms assumed something we never justified: that validators actually vote honestly, and that they show up. Rewards alone do not guarantee either. A rational validator with nothing to lose would vote for every fork at once — hedging its bets — and finality would become impossible.
This page is about the sticks. Proof-of-stake secures the chain not by rewarding good behaviour but by making bad behaviour provably expensive. There are three distinct penalties, and confusing them is one of the most common mistakes newcomers make: slashing (destroying stake for provable cheating), ordinary offline penalties (small dings for being absent), and the inactivity leak (a bleed that recovers finality when too much of the network goes dark at once). Each answers a different threat. This is the page where the throughline gets its sharpest answer for consensus: what does it cost to run one? — it costs your stake if you lie, and it costs the idle their stake if the chain stalls.
Three penalties, three threats
Section titled “Three penalties, three threats”Before any mechanism, fix the vocabulary, because the words are routinely swapped and the differences are enormous — a factor of a billion between the smallest and largest.
THREAT PENALTY SEVERITY ───────────────────────────── ──────────────────────── ───────────────── being offline (honest, absent) missed-attestation penalty tiny (missed reward) provable equivocation (lying) SLASHING + ejection large, scales w/ others >1/3 offline, chain can't INACTIVITY LEAK grows over days until finalize (idle stakes bleed) finality resumesThe design principle underneath all three: penalise what you can prove, and scale the punishment to how correlated it is. Being absent is honest and cheap to forgive. Signing two conflicting votes is provable cheating and is punished hard. And a coordinated fault by thousands of validators is punished far harder than the same fault by one — because coordination is the signature of an attack, not an accident.
Slashing — the answer to nothing-at-stake
Section titled “Slashing — the answer to nothing-at-stake”The nothing-at-stake problem
Section titled “The nothing-at-stake problem”Recall from attestations that consensus is a voting game. Under proof-of-work, voting for two competing chains is self-punishing: your hashpower is a physical resource, and splitting it between forks halves your chances on both. You cannot mine two chains for the price of one.
Proof-of-stake breaks that automatic discipline. A signature is nearly free to produce. So a purely self-interested validator, faced with two competing forks, has an obvious dominant strategy: sign both. Whichever fork wins, its vote was on the winning side; it collects the reward either way. If everyone reasons this way, no fork ever accumulates a decisive majority, and finality never comes. This is the nothing-at-stake problem: when voting is free, rational validators hedge across every history at once, and the chain cannot choose.
Slashing is the fix. It manufactures the “something at stake” that a signature otherwise lacks: if you sign two conflicting votes, anyone can submit both signatures as a proof, and the protocol destroys part of your stake and ejects you. Hedging stops being free. It becomes the one action guaranteed to cost you.
nothing-at-stake (no slashing) with slashing ────────────────────────────── ───────────────────────────── fork A ◄── validator signs both fork A ◄─┐ signing BOTH is fork B ◄── fork B ◄─┘ a publishable proof → vote costs nothing, so hedge → the two signatures burn your → finality never accrues stake and eject you → hedging is the losing moveWhat is actually slashable
Section titled “What is actually slashable”Slashing is deliberately narrow. It fires only on offences that are objectively provable from signatures alone — no judgment call, no “was the network slow?” ambiguity. There are exactly two:
- Double proposal. A validator selected to propose a block for a slot signs two different blocks for that same slot. The two signed headers are the proof.
- Surround or double attestation votes. Attestations carry a source checkpoint and a target
checkpoint (from Casper FFG). Two of your attestations are
slashable if they are a double vote (two different targets at the same height) or a surround
vote (one attestation’s
(source, target)span strictly contains another’s). Both are ways of voting for conflicting histories.
surround vote (slashable):
attestation 1: source s1 ──────────────────► target t1 attestation 2: source s2 ──► target t2 └──── contained within 1's span ────┘
voting for a wider checkpoint span that surrounds a narrower one you also signed is equivocation — it tries to finalise two incompatible chains.Notice what is not here: being slow, being offline, proposing an empty block, or disagreeing with the majority about the head. Honest mistakes and honest absence are never slashable. Only equivocation — signing two things that cannot both be true — is. That narrowness is what makes slashing safe to automate: a client can detect it mechanically and no honest validator running correct software can trigger it.
The mechanism: burn, eject, and a delayed second hit
Section titled “The mechanism: burn, eject, and a delayed second hit”A slashing is not a single event. It unfolds over the ~36 days after the offence:
- Immediate: an initial penalty is burned (historically
1/32of the effective balance, i.e. up to ~1 ETH for a 32-ETH validator; post-Electra parameters lowered the initial penalty), and the validator is queued for forced exit — it can no longer earn rewards and will be removed from the active set. - Mid-exit, at ~day 18: the correlation penalty is applied — the part that scales with how many other validators were slashed around the same time. This is the teeth of the whole design, and it has its own section below.
- ~Day 36: the validator’s remaining balance is fully withdrawable and it is gone.
The offender cannot stop this by going offline — the exit is forced and the correlation penalty lands regardless.
Ordinary offline penalties — absence is not cheating
Section titled “Ordinary offline penalties — absence is not cheating”Now the penalty people most fear and least need to. If your validator is simply offline — the machine crashed, your ISP dropped, you rebooted for an update — you are not slashed. You are penalised the reward you would have earned for the attestations you missed, and roughly a symmetric amount on top.
The design goal is a clean symmetry: the penalty for missing a duty is about the same size as the reward for performing it. Miss an epoch and you lose roughly what you would have gained by being online for it. There is no ejection, no publishable proof, no correlation multiplier. The instant you come back online, you resume earning.
The inactivity leak — recovering finality after a mass outage
Section titled “The inactivity leak — recovering finality after a mass outage”Slashing and offline penalties handle individual behaviour. But there is a network-wide failure mode they cannot address: what if a third or more of all validators go offline at once?
Why finality can stall
Section titled “Why finality can stall”From Casper FFG, finalising a checkpoint requires attestations from a 2/3 supermajority of the staked ETH. If more than 1/3 of validators are offline — a cloud region outage, a client bug taking down a major implementation, a geopolitical event partitioning a big staking jurisdiction — then the online validators, even voting perfectly, cannot reach 2/3. Finality stalls. The chain keeps producing blocks (the fork choice still has a head), but no checkpoint finalises, and the promise the whole system rests on — finalised means irreversible — is frozen.
Ordinary offline penalties do not solve this. They are tiny and symmetric; they would nibble at the absent validators for years before the online set ever regained 2/3. The chain would be stuck, non-finalising, indefinitely. Something stronger is needed.
The mechanism: bleed the absent until the present reach 2/3
Section titled “The mechanism: bleed the absent until the present reach 2/3”The inactivity leak (sometimes called the “quadratic leak”) is the recovery mechanism. When the chain has failed to finalise for several epochs, the protocol changes the rules:
- Validators that are participating stop losing rewards for the non-finalisation.
- Validators that are not participating begin leaking their stake — and the leak grows over time (it accumulates via an “inactivity score” per validator, so the drain accelerates the longer they stay absent).
The effect is arithmetic and inevitable. Finality needs the online set to be 2/3 of the total stake. The online set is fixed at (say) 60%. But the total is shrinking, because the offline 40% is bleeding away. Eventually the offline stake shrinks enough that the still-online validators cross back over the 2/3 threshold — and finality resumes.
start: online 60% | offline 40% → 60% < 2/3, cannot finalise | leak → offline stake bleeds, TOTAL shrinks each epoch | later: online 60% | offline ~28% → 60% now ≥ 2/3 of what's left ▼ FINALITY RESUMES — the chain heals by shedding the absentThis is the elegant, and slightly brutal, insight: the chain does not need the missing validators to come back. It removes them from the denominator. The leak is what lets Ethereum survive the permanent loss of a large fraction of its validators — a war, a ban, a catastrophic client failure — and still, on its own, recover a finalising chain. An honest validator caught in the outage pays a real cost; but the network as a whole regains liveness rather than freezing forever.
Under the hood — the leak protects against censorship, too
Section titled “Under the hood — the leak protects against censorship, too”The inactivity leak has a second, subtler role: it makes censorship self-defeating. Suppose a malicious coalition controlling just over 1/3 of the stake refuses to attest to the honest chain, trying to prevent finality (they cannot forge it — they lack 2/3 — but they can stall it). Under the leak, their non-participation on the honest chain drains their stake, epoch after epoch, until the honest majority’s share climbs back above 2/3 and finalises without them. The attacker’s leverage is temporary and self-liquidating: the very act of withholding votes destroys the stake that gave them the veto. This is why the leak is a security mechanism, not merely a reliability one — it turns a liveness attack into a slow-motion forfeiture.
Correlation penalties — punishing coordination, not accidents
Section titled “Correlation penalties — punishing coordination, not accidents”Return to the slashing correlation penalty, because it is the single most important idea for understanding why proof-of-stake resists pooled attacks.
An isolated slashing — one validator, one bad config, one double-sign — is treated as an accident. The penalty is real but modest: you lose a fraction of your stake and your validator. But the protocol also asks a sharper question: how many other validators were slashed at around the same time?
The correlation penalty scales with that count. Concretely, the mid-exit penalty is proportional to the
fraction of total stake that was slashed in a surrounding window — historically implemented so that the
penalty is roughly 3 × (slashed_stake / total_stake) of your effective balance. Run the extremes:
isolated fault: 1 validator slashed of ~1,000,000 → slashed fraction ≈ 0.0001% → correlation penalty ≈ negligible; you lose ~0.5–1 ETH total
mass coordinated: 1/3 of all validators slashed together → slashed fraction ≈ 33% → 3 × 0.33 = ~1.0 → the multiplier saturates → correlation penalty approaches the ENTIRE 32 ETH per validatorThe economics this creates are precisely aimed at large staking pools and coordinated cartels. If a single pool operating a third of the network’s validators tried a chain-splitting equivocation attack, they would not lose a bit of stake per validator — they would lose essentially all of it, on every validator at once. The same fault distributed across many independent, uncorrelated operators would cost each of them almost nothing. The message is unambiguous: the protocol fears coordination far more than it fears error. Decentralisation is not just encouraged socially; it is priced into the penalty function, because a fault that looks like an attack is punished like one.
How the sticks make the earlier pages true
Section titled “How the sticks make the earlier pages true”Every mechanism from the earlier consensus pages quietly depends on this one:
- LMD-GHOST fork choice assumes attestations reflect a validator’s honest single view of the head. Slashing for double votes is what makes “one honest vote per slot” the rational choice.
- Casper FFG finality promises finalised checkpoints never revert. That promise is backed by slashing: reverting a finalised checkpoint would require a 2/3 supermajority to have signed conflicting finalising votes — which is provable equivocation, so at least 1/3 of all stake would be slashed to do it. Finality is not a guarantee of physics; it is a guarantee of cost.
- The whole validator economy — who stakes, who pools, who runs their own node — is shaped by the penalty function: correlation penalties push toward independent operators, and the offline/slashing gap tells solo stakers that uptime matters far less than never double-signing.
Slashing is why “finalised” can mean “irreversible” at all. The next page, withdrawals, rewards, and the validator economy, turns from the sticks to the carrots — and to how staked capital finally comes back out.
The architect’s lens
Section titled “The architect’s lens”- Why does it exist? Because a signature is nearly free, so proof-of-stake cannot rely on physics to stop validators from voting for every fork at once. Slashing manufactures a cost for equivocation that proof-of-work got for free from spent electricity.
- What problem does it solve? The nothing-at-stake problem for slashing (making hedged, conflicting votes provably punishable), and the liveness-after-mass-outage problem for the inactivity leak (recovering finality when >1/3 of validators vanish, by draining the absent from the denominator).
- What are the trade-offs? Objective, automated punishment is merciless: honest operational mistakes (running keys twice) are slashed exactly like malice. The inactivity leak likewise penalises honest validators trapped in an outage. The system trades forgiveness for unambiguous, un-gameable enforcement.
- When should I avoid it? You don’t remove slashing from a public proof-of-stake chain — but a permissioned or single-operator chain with trusted validators has no nothing-at-stake problem and can use cheaper accountability (identity, legal contracts) instead of burning capital.
- What breaks if I remove it? Finality. Without slashing, conflicting finalising votes carry no cost, so “finalised” no longer implies “irreversible” — the entire safety argument of Casper FFG collapses, and without the leak the chain would freeze permanently the first time a third of validators went offline.
Check your understanding
Section titled “Check your understanding”- Name the three distinct penalties in Ethereum proof-of-stake and the specific threat each one answers. Why is it a mistake to lump them together?
- State the nothing-at-stake problem in one sentence, and explain precisely how slashing dissolves it. What are the only two categories of slashable offence?
- A solo staker’s node goes offline for a day, then comes back. What happens to their stake? Contrast that with what happens if, panicking, they had instead started a second copy of the validator with the same keys.
- The chain has failed to finalise because 40% of validators are offline. Explain, step by step, how the inactivity leak restores finality without any of the absent validators coming back.
- Two scenarios: (a) one validator of a million is slashed for double-signing; (b) a pool controlling a third of the network is all slashed for the same offence at once. Roughly how does the stake lost per validator differ, and what design goal does that difference serve?
Show answers
- Slashing answers provable equivocation (lying — signing conflicting votes): it burns stake and ejects the validator. Ordinary offline penalties answer honest absence: a tiny loss of the missed reward, fully recoverable. The inactivity leak answers a network-wide outage where >1/3 are offline and the chain cannot finalise: it drains the absent until the online set regains a 2/3 supermajority. Lumping them together is a mistake because being offline is not cheating — it costs a rounding error — while equivocation costs your entire validator; the severities differ by many orders of magnitude.
- Nothing-at-stake: because signing is nearly free, a rational validator maximises reward by voting for every competing fork at once, so no fork ever accumulates a decisive majority and finality never comes. Slashing dissolves it by making two conflicting signatures a publishable proof that burns the signer’s stake and ejects them — hedging becomes the one guaranteed-to-lose move. The two slashable offences are double block proposal (two blocks signed for one slot) and double/surround attestation votes (two attestations whose source/target checkpoints conflict).
- Offline for a day, they lose only the rewards they would have earned (roughly a symmetric small penalty) and resume earning the moment they reconnect — no ejection, fully recoverable. Starting a second copy with the same keys, by contrast, causes the two instances to double-sign, which is provable equivocation: the validator is slashed and force-ejected, losing far more (and the whole point of the “one key, one signer” rule). Downtime is a rounding error; double-signing is fatal.
- Finalising needs a 2/3 supermajority of total stake, but only 60% is online, so finality stalls. Under the leak, the online validators stop being penalised while the offline 40% bleeds stake, growing over time. Because the offline stake shrinks, the total stake shrinks, so the fixed 60% online set becomes a larger and larger fraction of the remaining total. Eventually the offline share drops enough that the online 60% crosses back above 2/3 of what’s left — and finality resumes, without any absent validator returning. The chain heals by removing the missing from the denominator.
- In (a) the correlation penalty is negligible — the slashed fraction is ~0.0001% — so the validator loses
only ~0.5–1 ETH plus its ejection. In (b) the correlation penalty scales with the slashed fraction
(roughly
3 ×it), which at ~1/3 saturates, so each validator loses close to its entire 32 ETH. The difference serves decentralisation and anti-collusion: the protocol punishes coordinated faults (the signature of an attack or a single dominant pool) far more harshly than isolated accidents, pricing the risk of concentration directly into the penalty function.