PolkaDot-6.2-Staking Contract

6.2. Staking Contract. This contract maintains the validator set. It manages:

  • which accounts are currently validators;
  • which are available to become validators at short notice;
  • which accounts have placed stake nominating to a validator;
  • properties of each including staking volume, acceptable payout-rates and addresses and shortterm (session) identities.

It allows an account to register a desire to become a bonded validator (along with its requirements), to nominate to some identity, and for preexisting bonded validators to register their desire to exit this status. It also includes the machinery itself for the validation and canonicalisation mechanism.

6.2. 质押合约。该合约维护着验证人集群。它管理:

  • 那些目前是验证人的账户;
  • 那些可以在短时间内成为验证人的账户;
  • 那些已将权益提名给验证人的账户。
  • 每个账户的属性,包括质押量,可接受的支付率和地址以及短期(会话)身份。


6.2.1 Stake-token Liquidity. It is generally desirable to have as much of the total staking tokens as possible to be staked within the network maintenance operations since this directly ties the network security to the overall “market capitalisation" of the staking token. This can easily be incentivised through in ating the currency and handing out the proceeds to those who participate as validators. However, to do so presents a problem: if the token is locked in the Staking Contract under punishment of reduction, how can a substantial portion remain suciently liquid in order to allow price discovery?

One answer to this is allowing a straight-forward derivative contract, securing fungible tokens on an underlying staked token. This is dicult to arrange in a trustfree manner. Furthermore, these derivative tokens cannot be treated equally for the same reason that dierent Eurozone government’s bonds are not fungible: there is a chance of the underlying asset failing and becoming worthless. With Eurozone governments, there could be a default. With validator-staked tokens, the validator may act maliciously and be punished. Keeping with our tenets, we elect for the simplest solution: not all tokens be staked. This would mean that some proportion (perhaps 20%) of tokens will forcibly remain liquid. Though this is imperfect from a security perspective, it is unlikely to make a fundamental dierence in the security of the network; 80% of the reparations possible from bond-conscations would still be able to be made compared to the \perfect case" of 100% staking.

The ratio between staked and liquid tokens can be targeted fairly simply through a reverse auction mechanism. Essentially, token holders interested in being a validator would each post an oer to the staking contract stating the minimum payout-rate that they would require to take part. At the beginning of each session (sessions would happen regularly, perhaps as often as once per hour) the validator slots would be lled according to each would-be validator’s stake and payout rate. One possible algorithm for this would be to take those with the lowest oers who represent a stake no higher than the total stake targeted divided by the number of slots and no lower than a lowerbound of half that amount. If the slots cannot be lled, the lower bound could be repeatedly reduced by some factor in order to satisfy.

6.2.1 质押代币的流动性。一般来说,网络维护运营中最好能有尽可能多的质押代币,因为这直接将网络安全与质押代币的整体 "市值 "挂钩。这可以很容易地通过入驻货币,并将收益派发给作为验证者参与的人来激励。然而,这样做会带来一个问题:如果代币在减持惩罚下被锁定在质押合约中,那么如何保持相当一部分的流动性,以便允许价格发现?

其中一个答案是允许直接的衍生品合约,在底层的质押代币上确保可互换的代币。这是很难以无信任的方式安排的。此外,这些衍生代币不能被平等对待,原因与不同欧元区政府的债券不可互换一样:有可能出现基础资产失败并变得毫无价值。对于欧元区政府,可能会出现违约。对于验证者标记的代币,验证者可能会采取恶意行为并受到惩罚。秉承我们的宗旨,我们选择最简单的解决方案:不是所有的代币都被盯上。这将意味着有一部分(可能是20%)的代币会被强制保持流动性。虽然从安全的角度来看,这是不完美的,但它不可能对网络的安全性产生根本性的影响;与100%被质押的 "完美情况 "相比,担保合约可能产生的80%的补偿仍然可以进行。


6.2.2. Nominating. It is possible to trustlessly nominate ones staking tokens to an active validator, giving them the responsibility of validators duties. Nominating works through an approval-voting system. Each would-be nominator is able to post an instruction to the staking contract expressing one or more validator identities under whose responsibility they are prepared to entrust their bond.

Each session, nominators’ bonds are dispersed to be represented by one or more validators. The dispersal algorithm optimises for a set of validators of equivalent total bonds. Nominators’ bonds become under the effective responsibility of the validator and gain interest or suer a punishment-reduction accordingly.

6.2.2. 提名。可以将自己的质押代币无信任地提名给一个活跃的验证者,给他们以验证人的职责。提名工作通过审批投票制度实现。每个潜在的提名人能够向质押合同发布指令,明示一个或多个验证者身份,准备将自己的担保金委托到其名下。


6.2.3. Bond Confiscation/Burning. Certain validator behaviour results in a punitive reduction of their bond. If the bond is reduced below the allowable minimum, the session is prematurely ended and another started. A nonexhaustive list of punishable validator misbehaviour includes:

  • Being part of a parachain group unable to provide consensus over the validity of a parachain block;
  • actively signing for the validity of an invalid parachain block;
  • inability to supply egress payloads previously voted as available;
  • inactivity during the consensus process;
  • validating relay-chain blocks on competing forks.

Some cases of misbehaviour threaten the network’s integrity (such as signing invalid parachain blocks and validating multiple sides of a fork) and as such result in effective exile through the total reduction of the bond. In other, less serious cases (e.g. inactivity in the consensus process) or cases where blame cannot be precisely allotted (being part of an ineective group), a small portion of the bond may instead be fined. In the latter case, this works well with sub-group churn to ensure that malicious nodes suer substantially more loss than the collaterallydamaged benevolent nodes.

In some cases (e.g. multi-fork validation and invalid sub-block signing) validators cannot themselves easily detect each others’ misbehaviour since constant verfiication of each parachain block would be too arduous a task. Here it is necessary to enlist the support of parties external to the validation process to verify and report such misbehaviour. The parties get a reward for reporting such activity; their term, ”fishermen" stems from the unlikeliness of such a reward.

Since these cases are typically very serious, we envision that any rewards can easily be paid from the confiscated bond. In general we prefer to balance burning (i.e. reduction to nothing) with reallocation, rather than attempting wholesale reallocation. This has the effect of increasing the overall value of the token, compensating the network in general to some degree rather than the specic party involved in discovery. This is mainly as a safety mechanism: the large amounts involved could lead to extreme and acute behaviour incentivisation were they all bestowed on a single target.

In general, it is important that the reward is sufficiently large to make verification worthwhile for the network, yet not so large as to oset the costs of fronting a well-financed, well-orchestrated “industrial-level” criminal hacking attack on some unlucky validator to force misbehaviour.

In this way, the amount claimed should generally be no greater than the direct bond of the errant validator, lest a perverse incentive arise of misbehaving and reporting oneself for the bounty. This can be combated either explicitly through a minimum direct bond requirement for being a validator or implicitly by educating nominators that validators with little bonds deposited have no great incentive to behave well.

6.2.3.没收/烧毁保证金。验证者的某些行为导致其保证金的惩罚性减少。如果保证金减少到可允许的最低限度以下,则该次会话提前结束,并开始另一次会话。可能受惩罚的验证者不当行为的非详尽清单,包括: 没收/烧毁保证金。验证者的某些行为导致其保证金的惩罚性减少。如果保证金减少到可允许的最低限度以下,则该次会话提前结束,并开始另一次会话。可受惩罚的验证者不当行为的非详尽清单包括。

  • 作为平行链组的一部分,无法对平行链区块的有效性提供共识 ;
  • 主动为无效的平行链区块的有效性签名。
  • 无法提供出口有效载荷,而之前投票时为可用。
  • 在共识过程中不活动。
  • 验证竞争分叉上的中继链块。


在某些情况下(如多叉验证和无效的子块签名),验证者本身无法轻易地检测到对方的不当行为,因为对每个准链区块进行不断的验证将是一项过于艰巨的任务。在这里,有必要争取验证过程外部各方的支持,来验证和报告这种不当行为。当事人通过报告这种活动获得奖励,他们的术语 "钓鱼人"源于这种奖励的不可能性。




Tangle [18] is a novel approach to consensus systems. Rather than arranging transactions into blocks and forming consensus over a strictly linked list to give a globally canonical ordering of state-changes, it largely abandons the idea of a heavily structured ordering and instead pushes for a directed acyclic graph of dependent transactions with later items helping canonicalise earlier items through explicit referencing. For arbitrary state-changes, this dependency graph would quickly become intractable, however for the much simpler UTXO model this becomes quite reasonable. Because the system is only loosely coherent and transactions are generally independent of each other, a large amount of global parallelism becomes quite natural. Using the UTXO model does have the effect of limiting Tangle to a purely value-transfer “currency" system rather than anything more general or extensible. Furthermore without the hard global coherency, interaction with other systems|which tend to need an absolute degree knowledge over the system state|becomes impractical.

Tangle[18]是一种新颖的共识系统方法。它没有将交易排序后再打包入块,也没有在严格的链式列表上形成共识,以给出状态变化的全局规范排序,而是在很大程度上放弃了高度结构化排序的想法,而是推出一个有向无环图,后续的有依赖的交易通过明确的指向,来帮助前面的交易达成一致。对于任意的状态变化,这种依赖图很快就会变得难以处理,然而对于简单得多的UTXO模型来说,这就变得非常合理。由于系统只是松散的连贯性,而且交易一般都是相互独立的,因此大量的全局并发变得非常自然。使用UTXO模型的效果是将Tangle限制在一个纯粹的价值转移 "货币 "系统中,而不是任何更通用或可扩展的系统。此外,如果没有硬性的全局一致性,与其他系统的交互(这些系统往往需要对系统状态有绝对程度的了解)将变得不切实际。