Risks

The following document contains a list of notes how to make the overall operation process safer for everyone.

For Networks

Collateral value: choose collateral with real economic value (e.g., ETH) and alignment to your protocol; otherwise profit from attacking you can exceed the cost or griefing becomes cheap.
Vault diversification: use a diversified set of Vaults; otherwise a single Vault failure can rapidly cut stake.
- Ensure third-party Vaults’ Curators are trustworthy for the diversification you target.
Veto/epoch spacing: avoid VetoSlasher veto duration that is too close to the vault epoch duration.
- Example safe config: Vault Epoch 7d, Network Epoch 3d, Veto Duration 1d (leaves 2d to execute).
Epoch duration vs capture windows: set Vault Epoch noticeably greater than validatorSetCaptureDelay + Network Epoch duration + Network slashing window.
- Example: Vault Epoch 14d, capture delay 15m, Network Epoch 5d, maxSlashRequestDelay 2d, Veto 2d, maxSlashExecutionDelay 2d ⇒ ~3d buffer.
Vault deployment completeness: ensure Delegator and Slasher are set (Vault.isInitialized()). Missing pieces can return unsupported stake data or prevent slashing.
Operator diversification: diversify operators to avoid a concentrated attack surface.
- Prefer trustworthy operators, especially in small validator sets.
Neighbor network risk: only restake alongside networks you trust; a malicious neighbor can slash shared stake and wipe your security.
Stake readings: stakeAt() functions count pending slashings as real stake. Cover this in middleware based on Vault type and slashing logic.
Slash ordering: execute slashing requests for a single operator in capture-timestamp order to avoid reverts and under-slashing.
Epoch length limit: Slashers do not support Vault Epoch Duration greater than the current timestamp (~55 years); long epochs may break slashing.

For Curators

Use valuable collateral: otherwise networks may refuse it as economic security while you claim operational costs.
Pick sensible epoch duration (24h–30d): extremes deter networks or stakers.
Keep veto shorter than vault epoch: networks need time to slash; long veto close to epoch length blocks security guarantees.
Work with trustworthy networks: malicious networks can slash stakers’ money and damage your reputation.
- Ensure rewards they provide have real value.
Work with trustworthy operators: poor operator behavior risks staker funds and your reputation; diversify stake across operators where appropriate.
Avoid invalid/deprecative contract states under your management.
Redeploy after 100% slashing: repeated full slashings leave the Vault unusable.
Fee-on-transfer collateral breaks redistribution mechanics: expect losses if you try to redistribute slashed funds with such tokens.

For Stakers

Deposit valuable collateral: avoid low-value or predatory tokens to reduce loss risk.
Choose trustworthy vault curators: an honest, immutable, permissionless setup reduces burn/steal/lock risk.
Use a trustworthy burner: suitability depends on collateral.
- Immutable burner contracts fit some assets; a dead address may be unsuitable for LSTs where third parties have incentives to lock supply.
Trust the vault’s networks: malicious networks can slash your entire delegated stake.
- Prefer networks offering valuable rewards.
- Prefer networks with trustworthy resolvers to prevent invalid slashes.
Pick meaningful epoch durations (≤ ~1 year): very long epochs can lock funds too long.
Know deposits are instantly slashable: new deposits can be slashed by existing events without rewards; align deposits with your yield strategy and vault state.

For Operators

Work with trustworthy vault curators: dishonest curators can destabilize vaults you vouch for, harming reputation and stake.
Serve trustworthy networks: malicious networks can slash stake under your management and still fail to pay meaningful rewards, wasting time and costs.