Modification to downtime window proposal

We propose increasing SignedBlocksWindow from 5000 to 22,500. Currently SignedBlocksWindow is 5000 and MinSignedPerWindow is 50%.

Therefore validators must sign at least 2500 blocks out of the last 5000 blocks to prevent being slashed because of downtime. With the current block time of 6.4 seconds, validators cannot be offline for more than 4.4 hours.

If this proposal will pass:

Validators will be able to sign at least 11,250 blocks out of the last 22,500 blocks to prevent being slashed because of downtime.

Validators will be able to be offline for 19.8 hours at a time without being slashed, which will give more time for maintenance and chain updates. If the network ends up hitting a target avg blocktime of 6 seconds, then Validators will be able to be offline for 18.75 hours at a time.

This would bring us in line with the window for downtime on the CosmosHub & SentinelHub.

This proposal will be submitted on April 21, 2021. This modification has been discussed casually in Telegram: Contact @secretgovernance with no serious pushback on multiple occasions and has been deemed to not be a dangerous or risky change.

1 Like

Hi Ian,

As node runners we do support the increase of downtime before slashing.

Why dont we make it 14400 blocks? That is 24hours at 6s. We can offset network negligence by increase the minsignedwindow to 60%.

So that would be 28800 blocks with 50%

I dont see much increase in risk compared to your original numbers.

Reasons

  • 24 hour window gives developers a full day to fix any issues and push patches on their validators.
  • New nodes take a while to sync up (although this will go away with the new network upgrade with quicksync)

Mohammed,

18 hours is enough time for node runners to sync a new node or fix issues. Quicksync exists today and pushing patches is not something that could happen suddenly without notice. Both SGX patches and new binaries have always come with advanced warning.

If more node runners really push for longer than 18 hours then I would change it, otherwise there is no real technical reason to need more than this and this change is enough to bring us in line with CosmosHub and SentinelHub.

Agree. This would bring us in line with other chains. Its good that node runners have time to act before slash - it can take many hours just to sync.

1 Like

Don’t forget, quick sync exists today and can be done in less than an hour.

I do think the additional time is good though for a range of reasons.

The proposal was submitted here after discussion in the secret governance telegram, on the governance call, and making the post to the forums.

https://secretnodes.com/secret/chains/secret-2/governance/proposals/30