Home /Restaking /Slashing Risks

Slashing Risks in Restaking

Restaking amplifies your ETH's utility — but also amplifies its risk. Unlike regular staking where slashing is limited to consensus-layer faults, restaking exposes your ETH to slashing from every AVS your operator runs. This page breaks down exactly how slashing works, how likely it is, and what the 'jail' mechanism means for your funds.

Slash → Confiscation Flow

Animated simulation of how a slash propagates from AVS fault to ETH being burned from your position

📐 Slashing Probability: The Math

Understanding slashing probability requires distinguishing between the probability of a slashing event and the expected annual loss. They are very different things:

The Binary Nature of Slashing

Slashing is not a gradual, predictable loss like yield decay. It is binary: in most years you lose nothing, and in some years you lose a meaningful chunk of your position all at once.

Expected Annual Loss Formula
E[loss] = P(slash) × E[loss | slash]

If P(slash) = 1% and E[loss|slash] = 3 ETH → E[loss] = 0.03 ETH/yr on a 32 ETH position

Correlated Risk Multiplier

When your operator runs N AVSs, the probability that at least one AVS triggers a slash is not N × P(single) — it's higher, because failures cluster.

Clustered Failure Probability
P(any) ≈ 1 − (1 − P_avs)^N × (1 − P_consensus)

If P_avs=0.5%/yr and N=8 → P(any AVS) ≈ 4% per year. Higher than it looks!

Consensus Faults
~0.5%/yr
Attestation/proposal failures
AVS Faults (avg)
~0.3–2%/yr
Varies by AVS type and operator
Combined (8 AVSs)
~2–4%/yr
Probability of any slash event

Types of Slashing in Restaking

Attestation Fault

Failing to attest to blocks or committee duties on Ethereum consensus layer. The most common slashing type — typically triggered by validator downtime or double attestation.

Min Penalty
1 ETH
Max Penalty
Full stake
Probability
Moderate (~0.5% of validators per year experience some attestation penalty)
Examples: Missed attestations, surround votes, attestation on wrong target block
Proposal Fault

Double block proposal — signing two different blocks at the same height/slot. One of the most serious consensus violations. Immediately noticed and reported by other validators.

Min Penalty
1 ETH
Max Penalty
Full stake (32 ETH)
Probability
Very low (extremely rare for honest validators; most often caused by software bugs or key mismanagement)
Examples: Running two validators with the same signing key, slashing oracle misconfiguration
AVS Data Availability Fault

Failing to respond to data availability sampling requests for EigenDA or similar DA AVSs. Operators must sample random data chunks and attest to availability. Missing these windows fires a slash.

Min Penalty
1–3 ETH
Max Penalty
10+ ETH depending on number of missed samples
Probability
Low if operator has good infrastructure, higher for operators with unreliable internet or underprovisioned nodes
Examples: EigenDA sampling missed windows, DAS node downtime during high-traffic periods
AVS Oracle Fault

Submitting incorrect or staleness-bound data to an oracle AVS. If price data deviates beyond allowed threshold from consensus, the oracle validator gets slashed.

Min Penalty
0.5–2 ETH
Max Penalty
10+ ETH (if correlated oracle failures cause large liquidations)
Probability
Medium — oracle failures can cascade and affect many validators simultaneously
Examples: Stale price data exceeding tolerance, incorrect data submission to Chainlink CCIP
AVS Bridge Fault

Confirming a fraudulent cross-chain message — authorizing a transfer that didn't exist on the source chain. The most dangerous AVS slashing type due to potential size of fraud exceeding operator stake.

Min Penalty
5 ETH
Max Penalty
Unlimited — operator's entire delegated stake if fraud amount exceeds bond
Probability
Low for well-audited bridges, higher during bridge protocol upgrades or novel attack vectors
Examples: LayerZero message forgery, Wormhole incorrect state verification
AVS Sequencer Fault

Reorganizing a rollup's transaction sequence or censoring transactions beyond allowed thresholds. A serious fault that can cause user losses exceeding the operator's bonded stake.

Min Penalty
1 ETH
Max Penalty
Full stake (potentially more if user losses exceed stake)
Probability
Very low for properly designed sequencer AVS implementations
Examples: AltLayer sequencer reorg, censorship of transactions exceeding threshold

🔒 The Jail Mechanism

When an operator is slashed, they enter a "jailed" state — temporarily removed from the active operator set. Here is what the jail lifecycle looks like:

What happens during jail?
  • Operator cannot validate any AVS
  • Delegators' ETH is also 'frozen' — cannot be redelegated until jail ends
  • Slash penalty deducted from operator's自有 bond first
  • If自有 bond insufficient, delegators absorb remainder proportionally
  • Operator flagged in AVSDirectory with slashing history
How to exit jail
  • Pay unjail transaction fee (varies by protocol)
  • Pass re-registration verification (may require new audits)
  • Repeated slashing = permanent ban (no exit possible)
  • Delegators can choose to redelegate to non-jailed operators while waiting
  • Jail duration: 1–14 days for minor faults, permanent for serious ones

⏳ Unbonding Periods: Why It Takes So Long to Get Your ETH Back

Restaking withdrawal is not instant — it involves multiple sequential delays. Understanding each phase helps you plan for liquidity needs:

Initial Restaking
0

Deposit ETH/LST into EigenLayer StrategyManager or deploy EigenPod. ETH becomes available for AVS slashing immediately.

Delegation Active
Active

ETH is delegated to operator and active in AVS slashing pool. Slashing risk begins from this moment.

Withdrawal Request
Day 0

Call queueWithdrawal on DelegationManager. ETH enters 7-day escrow — still slashable during this window.

7-Day Escrow
Days 0–7

EigenLayer enforces 7-day hold to catch any pending attributable faults before releasing funds.

Validator Exit Queue
Days 7–21

For native restakers: validator must exit beacon chain. Takes 1–14 days depending on exit queue length.

Funds Released
Day 21+

completeQueuedWithdrawal executed. ETH returned to wallet minus any slashing deductions.

Minimum Exit Time
7 days
LST restaking only
Typical Exit Time
10–14 days
Native restaking (7-day + beacon queue)
Max Exit Time
2–3 weeks
Heavy beacon exit queue congestion

🛡️ Insurance & Confiscation Flow

When a slash occurs, the financial loss doesn't fall evenly. Here's how the loss waterfall works:

Operator's自有 Bond (First Loss)

Operators typically maintain 5–10% of their total delegated stake as自有 capital. This is burned first in any slash event — aligning operator incentives with delegators. A well-capitalized operator with 10%自有 bond can absorb many minor slashes before any delegator funds are at risk.

Delegator Loss (Residual)

If the operator's自有 bond is insufficient to cover the full slash, the remaining loss is distributed proportionally across all delegators' shares. This is where restaking risk diverges most significantly from solo staking — your loss as a delegator depends on how well-capitalized your operator is. An under-bonded operator taking a large slash could burn a significant portion of your delegated ETH.

📊 Historical Slash Size Distribution

Most slashing events are small (attestation penalties of 1–2 ETH), but a few catastrophic events dominate total slashed volume. This creates a highly skewed distribution:

~90% of slash events are minor (1–3 ETH, attestation faults)
~8% are medium (3–10 ETH, oracle or DA faults)
~2% are severe (10+ ETH, bridge/sequencer faults)

✅ How to Minimize Your Slashing Risk

Before Delegating

  • Research operator's historical slash record
  • Verify operator has adequate自有 bonding (5%+)
  • Check which AVSs the operator runs — avoid high-risk AVS heavy portfolios
  • Prefer operators with slashing insurance coverage
  • Start with a small delegation to test the operator's reliability
  • Avoid operators with less than 99.5% historical uptime

Ongoing Monitoring

  • Track your operator's slash history via EigenLayer's AVSDirectory
  • Set up alerts for operator jail events via the DelegationManager
  • Monitor your effective APY — sustained below-expected yields may indicate hidden slashing
  • Watch AVS news — new AVS slashing conditions often trigger incidents
  • Have a plan to redelegate quickly if your operator gets jailed
  • Don't over-concentrate delegation to a single operator
Slash Probability (consensus)
~0.5%/yr
Slash Probability (AVS, avg)
0.3–2%/yr
Expected Annual Loss
0.1–0.5 ETH
Min Unbonding Period
7 days

AVS Guide

See how different AVS types define their slashing conditions and which are riskiest.

AVS Guide →

Operator Economics

See how operators earn, what they charge, and how their自有 bond protects you.

Operator Economics →

Back to Restaking

See the full restaking picture — protocols, yield, and the complete risk landscape.

Restaking Overview →