## Scope
This paper is exploring the effect of possible implementation of [EIP-7251: Increase the MAX_EFFECTIVE_BALANCE](https://eips.ethereum.org/EIPS/eip-7251) from the scope of how possible consolidation of Validators for up to 2048 ETH can change slashing risks.
This paper is based on excellent research provided in [MaxEB Slashing risks](https://hackmd.io/@dapplion/maxeb_slashing_risks#MaxEB-slashing-risks) and based on the same **assumptions:**
1. **Salshing for attestation double vote investigated**
> The most common cause of slashing due to operator error is running the same key in separate instances that could have different views of the chain. Specifically a slashing offence may occur when the `AttestationData` produced by each node diverges.
2. **Slashings reported only if double attestation happened in divergent slot**
> An attestation contains the following subjective data for an attestation at slot:
> * LMD Ghost head vote = what's the head of the chain at slot
> * FFG vote target = what's the checkpoint's of head chain at slot
> * FFG vote source = what's the latest justified checkpoint
>
> The head vote can diverge if at the 4 second mark each node has a different view of what's the head. In healthy network conditions that happens when blocks are produced late, and some node receives the block latter than others.
Therefore slashing doesn't happen for all slots with double attestation, but requires also *winning a "lottery"* of the slot being divergent, with observed frequency of such slots (*divergent rate*) ~1-4% (**~once ever 20 minutes**)
3. **In case of misconfiguration (double attesting) Node Operator react for this only after first slashing happens**
And share of validators slashed within that first slashing is a random variable, based on what part of all misconfigurated validators was assigned to
>slot that "wins" the divergent chain views lottery, signing conflicting messages and getting slashed
**Example:** If Node operator is running 32 misconfigurated validators, first slot that would lead to slashings could contain from 1 to 32 of that validators, depending on how many of that 32 validators were assigned specific divergent slot
4. **There is a response on slashing alert, mitigating possible slashings of misconfigurated validators that are still didn't win the divergent chain view lottery**
>In response to the alerts, some action is done to correct the operational error: such as a human operator stoping a docker container.
5. **Slashing penalties are linear to validator balances (*effective balance*) excluding correlation penalty from scope of this paper**
Therefore, valuating the risks *share of slashed indexes (validators)* is used, with the amount of actual penalties on 1 ETH of slashed ETh out of scope for this paper
**Note:** excluding correlation penalties, linear function from share of slashed ETH -> penalties could be estimated. For example within [RockLogic GmbH Slashing Incident (April 13 2023)](https://blog.lido.fi/loe-rocklogic-gmbh-slashing-incident/) the total projected impact for 11 validators is loss of 13.77 ETH which is 13.77 / (32*11) ~ 0.03911 ETH per slashed ETH .
6. **Each validator is assigned one slot each epoch for attestation independent to it's effective balance**
Based on those assumption this paper research **how concentration** (number of validators for the same amount of staked ETH) **impacts expected losses on double attestation slashing incidents** within different network parameters (divergent rate) and reaction time for incident
## Hot take 1: More validators -> less expected Initial loss
Initial loss - loss associated with validators slashed in initial observed slot (first divergent slot with double attestations)
Valuation of expected loss and it's variation is based on calculation properties of random variable: *Share of validators in the first divergent slot* - which has binomial distribution with condition that variable is greater than zero (representing the idea that slashing should actually be reported)
| Expected value | Variation |
| -------- | -------- |
| ![image](https://hackmd.io/_uploads/ryVL-qog0.png)| ![image](https://hackmd.io/_uploads/SkUU19jgA.png)|
We can observe through the model that after ~100 indexes decrease in **Expected loss** is almost insignificant, which is backed up by the properties of initial random variable (*X* - number of validators slashed, *M* - total number of validators on the cluster)
![image](https://hackmd.io/_uploads/BJqNE90WC.png)
With ***E(X)* = 1/32 * M**
And ***P(X=0)* = (31/32)^M** - responsible for the form of the function with increasing consolidation (and therefore reducing M).
As observed from the function form it starts from 1 (100% of validators slashed with M=1) and tends asymptotically to 1/32 in terms of validators share
Decrease in **Variance** still persists with increasing number of validators (indexes) with a maximum value at 14 validators with around 2% of indexes as standard deviation.
Observing cumulative distribution functions for different consolidation parameters also illustrates that with a major shift in share of ETH slashed for (2-128 indexes interval) and reduction in variance (less "stairy" form with increased number of indexes)
![image](https://hackmd.io/_uploads/HJV2_jjgC.png)
## Hot take 2: Greater divergent rate -> lesser the negative effect of consolidation
Valuating total slashing losses requires estimation of share of ETH slashed after initial slashing happens during *reaction time*, therefore:
*Additional assumption:*
7. Reaction time on incident: 10 epochs (*1 hour*)
An estimation of possible losses is based on 1000 simulations for different number of indexes and divergent rates.
| Low rate | High rate |
| -------- | -------- |
| ![image](https://hackmd.io/_uploads/ryWANijeR.png)| ![image](https://hackmd.io/_uploads/SJZYEsoxA.png)|
**Primary effect:** *Greater divergent rate -> more brutal slashings (as more expected to be slashed in reaction time)*
**Secondary effect:** *Greater divergent rate -> less importance of consolidation*
![image](https://hackmd.io/_uploads/rkc9ky3gR.png)
In terms of **variance** there is still a persistent effect of lower variance with greater number of validators:
![image](https://hackmd.io/_uploads/SJynkJ3eR.png)
With an interesting twist - as variance increases with divergent rate to some point and than decreases back with rate reaching up 20% - representing overall greater losses, but more predictable due to higher frequency of divergent slots
### Tweaking reaction time
7. Reaction time on incident: 225 epochs (*1 day*)
![image](https://hackmd.io/_uploads/r1FijoieC.png)
With less strict assumptions on reaction time effect on number of indices persist only within *good* (low divergent rate) network conditions, as with higher divergent rate huge reaction time leads to slashing of all indexes during the reaction period for all consolidation options.
## Hot take 3: Non-professional staker approach
The effect on Expected losses is most persistent on low amount of indexes on one host.
Considering up to 256 ETH of capital, the risks on different options between running 1 to 8 validators could be valuated:
![image](https://hackmd.io/_uploads/SyzM1hjeR.png)
**Illustrating that running more validators on one host rather than consolidating them would lead to lower expected losses in case of double attestation slashing. With most effect achieved with lower reaction time and low divergent rate within network.**
## Outtakes
1. **Consolidating to >100 Validators under same host is not impactful in terms of expected losses, therefore could be utilized by large staking actors. However consolidation leads to increase in variance for whole interval under consideration (1500 -> 1), therefore increasing uncertainty, even with almost the same expected values**
2. **Consolidating to lower amount of validators (for example running two 128 ETH validators instead of 8 X 32 ETH leads to significant increase in expected losses due to increase in expected initial losses)**
3. **In harsh network conditions or long reaction time negative effect of consolidating decreases (and could became insignificant), as more stake is expected to be slashed after the initial incident (within reaction time window)**