Slashing mechanism for POS blockchains is a critical feature. Its implementation must have a strong test suite.
Shardeum has the concept of a penalty, to slash nodes if they have malicious behaviour. For example if a node goes offline while it is in active mode, and stops processing transactions, then other nodes confirm it is a lost node and apply a configurable penalty to that nodes staked tokens. But there is a bug in the shardeum repository which causes the network to apply a penalty 2x of configured value. So when penalty of leaving network early is configured to be 20% of staked value, if a validator leaves it loses 40% of its stake.
I will explain the cause of the bug here and provide a POC after.
Vulnerability Details
One way of getting a penalty is to leave network early, in the shardeum/shardus-core repository if a node removed because it lefts network early, a node-left-early event would be triggered
src/p2p/NodeList.ts
if (isNodeLeftNetworkEarly(node)) {constemitParams:Omit<ShardusEvent,'type'> = { nodeId:node.id, reason:'Node left early', time:cycle.start, publicKey:node.publicKey, cycleNumber:cycle.counter, }emitter.emit('node-left-early', emitParams)}
this event is handled in src/shardus/index.ts file of same repository
which calls the injectPenaltyTX function. injectPenaltyTX function creates an internal penalty transactions and puts into shardus by calling shardus.put function