<aside> 💬 TLDR: the staker's undelegations funds may be slashed incorrectly. It can be over-slashed partially or entirely, depending on the slash factor and the undelegation amount.

</aside>

When a validator needs to be slashed, the SlashRedelegation function iterates over all the redelegations and deducts the staker’s share on the destination validator address. For example, if a staker performs a redelegation from validatorA to validatorB, and validatorA needs to be penalized, the staker’s funds on validatorB will be slashed instead. This is because when the staker’s funds are in validatorA, they contributed to the slash violation. Hence, the funds must be slashed even after being redelegated to validatorB.

https://github.com/cosmos/cosmos-sdk/blob/f63e5fdf7c96bed01e7a40a0f993005dbbb78444/x/staking/keeper/slash.go#L313-L404

The staker may trigger an undelegation request in validatorB after the redelegation. In this case, both the undelegations and redelegations must be slashed.

• Slash undelegations: https://github.com/cosmos/cosmos-sdk/blob/f63e5fdf7c96bed01e7a40a0f993005dbbb78444/x/staking/keeper/slash.go#L352-L361
• Slash redelegations: https://github.com/cosmos/cosmos-sdk/blob/f63e5fdf7c96bed01e7a40a0f993005dbbb78444/x/staking/keeper/slash.go#L369-L387

After slashing the undelegations, the function will continue to slash the redelegations. However, it does not ensure the total amount slashed on undelegations and redelegations (unbondingSlashAmount and sharesToUnbond) does not exceed the slash amount required (slashAmountDec).

https://github.com/cosmos/cosmos-sdk/blob/f63e5fdf7c96bed01e7a40a0f993005dbbb78444/x/staking/keeper/slash.go#L339-L369

Impact

The incorrect slashing penalty only occurs if the slash fraction exceeds the percentage of (undelegation/(undelegation + redelegation)). The over-slashed amount will be the undelegation amount.

Scenario: validatorA will be slashed. Alice redelegates 1_000_000 funds to validatorB and performs an undelegation.

Here are a few examples:

1. Alice gets over-slashed (slash fraction > undelegation percentage)
   1. The slash fraction is 50%.
   2. Alice undelegated 400_000 funds. The undelegation percentage is 40% (400_000 / 1_000_000).
   3. The intended slash amount should be 500_000 (1_000_000 * 50% = 500_000), and the remaining balance should be 500_000 (1_000_000 - 500_000).
   4. The actual slash amount is 900_000, with the excess being the undelegation amount (400_000). The actual remaining balance is 100_000 (1_000_000 - 900_000).
   • Test case
2. Alice gets over-slashed (slash fraction > undelegation percentage)
   1. The slash fraction is 20%.
   2. Alice undelegated 100_000 funds. The undelegation percentage is 10% (100_000 / 1_000_000).
   3. The intended slash amount should be 200_000 (1_000_000 * 20% = 200_000), and the remaining balance should be 800_000 (1_000_000 - 200_000).
   4. The actual slash amount is 300_000, with the excess being the undelegation amount (100_000). The actual remaining balance is 700_000 (1_000_000 - 300_000).
   • Test case
3. Alice gets over-slashed (slash fraction > undelegation percentage)
   1. The slash fraction is 51%.
   2. Alice undelegated 500_000 funds. The undelegation percentage is 50% (500_000 / 1_000_000).
   3. The intended slash amount should be 510_000 (1_000_000 * 51% = 510_000), and the remaining balance should be 490_000 (1_000_000 - 510_000).
   4. The actual slash amount is 1_000_000, with the excess being the undelegation amount (500_000). The actual remaining balance is 0 (1_000_000 - 510_000 - 500_000).
   • Test case
4. Alice does not get over-slashed (slash fraction equals to undelegation percentage)
   1. The slash fraction is 20%.
   2. Alice undelegated 200_000 funds. The undelegation percentage is 20% (200_000 / 1_000_000).
   3. The intended slash amount should be 200_000 (1_000_000 * 20% = 200_000), and the remaining balance should be 800_000 (1_000_000 - 200_000).
   • Test case
5. Alice does not get over-slashed (slash fraction < undelegation percentage)
   1. The slash fraction is 50%.
   2. Alice undelegated 600_000 funds. The undelegation percentage is 60% (600_000 / 1_000_000).
   3. The intended slash amount should be 500_000 (1_000_000 * 50% = 500_000), and the remaining balance should be 500_000 (1_000_000 - 500_000).
   • Test case

Consequently, the staker’s undelegation funds may be slashed incorrectly, causing a loss of funds issue.

Workarounds

Consider only slashing the remaining amount required for redelegations after slashing undelegations.