6.2. Staking Contract. This contract maintains the validator set. It manages:
- which accounts are currently validators;
- which are available to become validators at short notice;
- which accounts have placed stake nominating to a validator;
- properties of each including staking volume, acceptable payout-rates and addresses and shortterm (session) identities.
It allows an account to register a desire to become a bonded validator (along with its requirements), to nominate to some identity, and for preexisting bonded validators to register their desire to exit this status. It also includes the machinery itself for the validation and canonicalisation mechanism.
6.2.1 Stake-token Liquidity. It is generally desirable to have as much of the total staking tokens as possible to be staked within the network maintenance operations since this directly ties the network security to the overall “market capitalisation" of the staking token. This can easily be incentivised through in ating the currency and handing out the proceeds to those who participate as validators. However, to do so presents a problem: if the token is locked in the Staking Contract under punishment of reduction, how can a substantial portion remain suciently liquid in order to allow price discovery?
One answer to this is allowing a straight-forward derivative contract, securing fungible tokens on an underlying staked token. This is dicult to arrange in a trustfree manner. Furthermore, these derivative tokens cannot be treated equally for the same reason that dierent Eurozone government’s bonds are not fungible: there is a chance of the underlying asset failing and becoming worthless. With Eurozone governments, there could be a default. With validator-staked tokens, the validator may act maliciously and be punished. Keeping with our tenets, we elect for the simplest solution: not all tokens be staked. This would mean that some proportion (perhaps 20%) of tokens will forcibly remain liquid. Though this is imperfect from a security perspective, it is unlikely to make a fundamental dierence in the security of the network; 80% of the reparations possible from bond-conscations would still be able to be made compared to the \perfect case" of 100% staking.
The ratio between staked and liquid tokens can be targeted fairly simply through a reverse auction mechanism. Essentially, token holders interested in being a validator would each post an oer to the staking contract stating the minimum payout-rate that they would require to take part. At the beginning of each session (sessions would happen regularly, perhaps as often as once per hour) the validator slots would be lled according to each would-be validator’s stake and payout rate. One possible algorithm for this would be to take those with the lowest oers who represent a stake no higher than the total stake targeted divided by the number of slots and no lower than a lowerbound of half that amount. If the slots cannot be lled, the lower bound could be repeatedly reduced by some factor in order to satisfy.
6.2.1 质押代币的流动性。一般来说，网络维护运营中最好能有尽可能多的质押代币，因为这直接将网络安全与质押代币的整体 "市值 "挂钩。这可以很容易地通过入驻货币，并将收益派发给作为验证者参与的人来激励。然而，这样做会带来一个问题：如果代币在减持惩罚下被锁定在质押合约中，那么如何保持相当一部分的流动性，以便允许价格发现？
其中一个答案是允许直接的衍生品合约，在底层的质押代币上确保可互换的代币。这是很难以无信任的方式安排的。此外，这些衍生代币不能被平等对待，原因与不同欧元区政府的债券不可互换一样：有可能出现基础资产失败并变得毫无价值。对于欧元区政府，可能会出现违约。对于验证者标记的代币，验证者可能会采取恶意行为并受到惩罚。秉承我们的宗旨，我们选择最简单的解决方案：不是所有的代币都被盯上。这将意味着有一部分（可能是20%）的代币会被强制保持流动性。虽然从安全的角度来看，这是不完美的，但它不可能对网络的安全性产生根本性的影响；与100%被质押的 "完美情况 "相比，担保合约可能产生的80%的补偿仍然可以进行。
6.2.2. Nominating. It is possible to trustlessly nominate ones staking tokens to an active validator, giving them the responsibility of validators duties. Nominating works through an approval-voting system. Each would-be nominator is able to post an instruction to the staking contract expressing one or more validator identities under whose responsibility they are prepared to entrust their bond.
Each session, nominators’ bonds are dispersed to be represented by one or more validators. The dispersal algorithm optimises for a set of validators of equivalent total bonds. Nominators’ bonds become under the effective responsibility of the validator and gain interest or suer a punishment-reduction accordingly.
6.2.3. Bond Confiscation/Burning. Certain validator behaviour results in a punitive reduction of their bond. If the bond is reduced below the allowable minimum, the session is prematurely ended and another started. A nonexhaustive list of punishable validator misbehaviour includes:
- Being part of a parachain group unable to provide consensus over the validity of a parachain block;
- actively signing for the validity of an invalid parachain block;
- inability to supply egress payloads previously voted as available;
- inactivity during the consensus process;
- validating relay-chain blocks on competing forks.
Some cases of misbehaviour threaten the network’s integrity (such as signing invalid parachain blocks and validating multiple sides of a fork) and as such result in effective exile through the total reduction of the bond. In other, less serious cases (e.g. inactivity in the consensus process) or cases where blame cannot be precisely allotted (being part of an ineective group), a small portion of the bond may instead be fined. In the latter case, this works well with sub-group churn to ensure that malicious nodes suer substantially more loss than the collaterallydamaged benevolent nodes.
In some cases (e.g. multi-fork validation and invalid sub-block signing) validators cannot themselves easily detect each others’ misbehaviour since constant verfiication of each parachain block would be too arduous a task. Here it is necessary to enlist the support of parties external to the validation process to verify and report such misbehaviour. The parties get a reward for reporting such activity; their term, ”fishermen" stems from the unlikeliness of such a reward.
Since these cases are typically very serious, we envision that any rewards can easily be paid from the confiscated bond. In general we prefer to balance burning (i.e. reduction to nothing) with reallocation, rather than attempting wholesale reallocation. This has the effect of increasing the overall value of the token, compensating the network in general to some degree rather than the specic party involved in discovery. This is mainly as a safety mechanism: the large amounts involved could lead to extreme and acute behaviour incentivisation were they all bestowed on a single target.
In general, it is important that the reward is sufficiently large to make verification worthwhile for the network, yet not so large as to oset the costs of fronting a well-financed, well-orchestrated “industrial-level” criminal hacking attack on some unlucky validator to force misbehaviour.
In this way, the amount claimed should generally be no greater than the direct bond of the errant validator, lest a perverse incentive arise of misbehaving and reporting oneself for the bounty. This can be combated either explicitly through a minimum direct bond requirement for being a validator or implicitly by educating nominators that validators with little bonds deposited have no great incentive to behave well.
- 作为平行链组的一部分，无法对平行链区块的有效性提供共识 ；