docs: clarify validation slash model

This commit is contained in:
Dobromir Popov
2026-06-29 02:47:36 +03:00
parent e24c2e3cea
commit a2aa22fc08
2 changed files with 12 additions and 0 deletions

View File

@@ -82,6 +82,14 @@ _Avoid_: mock contract, fake chain, temporary hack
A trusted node (or the tracker itself) that re-runs a sample of inference requests to detect fraud. A trusted node (or the tracker itself) that re-runs a sample of inference requests to detect fraud.
_Avoid_: auditor, checker, referee _Avoid_: auditor, checker, referee
**Validation Event**:
A completed inference record that contains enough information for a validator to decide whether to sample and re-run the request: session id, model preset, messages, inference route, node wallets, and observed output.
_Avoid_: audit log, trace, receipt
**Slash Proof**:
The record submitted by a validator when a sampled re-run diverges from the observed output beyond tolerance. In the prototype this is deterministic local contract state; later it maps to an on-chain proof transaction.
_Avoid_: accusation, report, claim
### Client-facing ### Client-facing
**Client**: **Client**:

View File

@@ -2,6 +2,10 @@
All inference responses are trusted by default. Validators re-run a random sample (~5%) of requests on reference nodes and compare outputs. Nodes that fail are slashed (stake reduced). Enough strikes result in a permanent on-chain ban. All inference responses are trusted by default. Validators re-run a random sample (~5%) of requests on reference nodes and compare outputs. Nodes that fail are slashed (stake reduced). Enough strikes result in a permanent on-chain ban.
For the prototype, the gateway emits validation events after completed requests. A validation event records the session id, model preset, request messages, observed output, and the route metadata for each node that served the request. The validator samples events with a configurable rate and deterministic seed for tests. Sampled events are re-run against a trusted reference node/reference function; string outputs must match exactly for stub models, while future tensor/model outputs use a configurable floating-point tolerance.
A slash proof is local contract-boundary state in the prototype. Submitting one reduces the offending node's stake, increments its strike count, logs a clear warning, and bans the wallet when the strike threshold is reached. The tracker excludes banned wallets from route selection, but routing is still not based on node token balance or stake size.
New wallets must complete N jobs without earning (probationary period) to raise the economic cost of re-entering after a ban — a banned node can't just create a new wallet and immediately cheat again; it must fund a new stake and contribute N free jobs first. New wallets must complete N jobs without earning (probationary period) to raise the economic cost of re-entering after a ban — a banned node can't just create a new wallet and immediately cheat again; it must fund a new stake and contribute N free jobs first.
zkML (zero-knowledge proofs of inference) would give cryptographic guarantees but is 100010000× slower than inference for large models and is not production-ready. Redundant execution consensus (Gensyn's approach) gives stronger guarantees but costs 23× compute per request. TEE (trusted hardware attestation) is cryptographically strong but excludes most consumer GPUs, defeating the viral GPU-sharing goal. Optimistic + slash is the pragmatic choice that ships and can be calibrated economically. zkML (zero-knowledge proofs of inference) would give cryptographic guarantees but is 100010000× slower than inference for large models and is not production-ready. Redundant execution consensus (Gensyn's approach) gives stronger guarantees but costs 23× compute per request. TEE (trusted hardware attestation) is cryptographically strong but excludes most consumer GPUs, defeating the viral GPU-sharing goal. Optimistic + slash is the pragmatic choice that ships and can be calibrated economically.