[Pools] Build a pool slashing monitoring bot to apply pending slashes to the affected pool members.

[Ank4n]

Related to: #454 | #4537

Nomination Pools currently work with a Transfer and Stake strategy, i.e. members transfer their funds to a pool account, and pool stakes. With #4537, we are moving to a Delegate and Stake strategy where funds remain in member account, delegated to pool account, and pool account can use these delegated funds to it to stake.

Since number of pool members are unbounded, eager slashing as before becomes unfeasible. Therefore, along with this change, we are also moving to a lazy slashing mechanism. When there is a slash, it is book kept in a register of the Agent (pool) account. There is a permissionless extrinsic Pools::apply_slash() to apply pending slash to a member by calculating how much balance the member is expected to have and what they actually have, slashing the difference. The reporter also gets a cut from the slashed funds.

We need a bot that monitors slashing events for pool accounts, and when there is a slash, it applies slash to all affected members. There are runtime apis that can help with determining which members need slash.

In future, there will hopefully be multiple bots from community monitoring this (since there is an incentive to apply pending slash).

[Ank4n]

We could very well use tasks and OCW for this (thanks @mordamax for the suggestion).

[mustermeiszer]

@Ank4n We are also very interested in running Tasks+OffchainWorkers in combination. What are the plans to stabilize this feature?

[bkchr]

We need a bot that monitors slashing events for pool accounts, and when there is a slash, it applies slash to all affected members. There are runtime apis that can help with determining which members need slash.

Wait. What happens otherwise if the slash is not applied? Would they be able to withdraw their funds without a slash? Would they be able to continue voting with their full balance?

[gpestana]

Wait. What happens otherwise if the slash is not applied? Would they be able to withdraw their funds without a slash?

The members of the slashed pools should not be able to withdraw their funds before the slashes were applied, thus there's no risk that funds that should have been slashed are used elsewhere outside the pools/staking context.

A pool member will be able to withdraw funds from a pool IIF the pool does not have pending slashes. When calling withdraw_unbonded the will try to apply pending slashes on the pool if there are, but it increases the call weight.

Would they be able to continue voting with their full balance?

With the new lazy slashing mechanism is pools, that will be the case yes. It's one of the downsides of this delegated staking approach (that allows using pool funds in governance) but since now the slash needs to be applied for each account of the member in the slashed pool (as opposed to 1 slash per pool account as before), it may be too expensive to apply all the pool slashes in one go. So yes, the pool members are able to vote with yet-to-be slashed funds in a pool. This is a tradeoff we discussed about/decided when designing the new delegated pools system.

So this bot would be used for convenience and to reduce the downside of letting pool members to vote with more power than the expected, in case the deferred slash was not applied yet. The security assurances that you expect wrt to withdrawing, etc, should hold true.