Following extensive security review, we’ve come to the conclusion that the major threats to EigenLayer exist outside of the protocol, specifically at the level of AVSs and Operators, some of which are no longer in operation but still have delegations. As currently implemented, redistribution can be triggered instantaneously. We’re proposing to take a proactive approach to improve security by adding a delay between slashing and redistribution to allow time for a security response should external participants become compromised.
Executive Summary:
This proposal aims to add a 7-day delay between the time of slashing by an AVS and the transfer of assets out of EigenLayer in the case of redistribution. An additional pausing function is added to allow the pauser multisig to prevent redistribution in the case of security events.
As always, full text is viewable in the ELIP repo.
Hi Matt, the proposal clearly explains why a resolution delay is needed: without it, slashing and redistribution can occur atomically, leaving no reaction window in case of erroneous or malicious slashing. One point I would be interested to understand better is why 7 days was selected as the appropriate period. Given that the rationale also refers to the 14-day escrow period and the risk created by operators setting allocation delays to 0 days, is the 7-day period mainly intended as a practical emergency-response window for the pauser multisig, or is it considered sufficient for stakers/operators to detect and escalate a malicious redistribution scenario? Kind regards, Dave
Building on Dave’s question above – whether 7 days is sufficient for stakers to act depends entirely on whether they’re notified that the window has opened. Right now there’s no mechanism that tells a delegator their operator has been slashed. SlashResolutionBlockSet fires on-chain, but nothing surfaces it to the person whose funds are at risk.
The 7-day delay is a meaningful improvement, but only for delegators with an alert layer on top of it. We posted a grant proposal for exactly that: Delegator Shield – a real-time monitoring service that watches for SlashResolutionBlockSet and pushes alerts to registered delegators the moment their operator is slashed. Builds directly on the getSlashResolutionBlock view function this ELIP introduces.