From e22f76382bd04c92a2a6e9a4ce1a718de94460a9 Mon Sep 17 00:00:00 2001 From: Adrian Lanzafame Date: Thu, 10 Jul 2025 17:00:33 +1000 Subject: [PATCH] Update fault fees and recovery mechanics per FIP-0002 This commit updates the Filecoin specification to reflect the changes introduced by FIP-0002 (Free Faults on Newly Faulted Sectors of a Missed WindowPoSt). The key changes include: 1. Updated Sector Fault Fee from 2.14 to 3.51 days of expected block reward 2. Added DeclaredFaultProjectionPeriod constant (3.51 days) 3. Removed Sector Fault Detection Fee references 4. Updated fault detection behavior: - 100% healthy partitions incur no immediate fee when missing WindowPoSt - Only already faulty/recovering sectors are charged 5. Removed recovery fees - successful recovery no longer incurs penalties 6. Updated skipped fault handling to defer penalties to next proving period These changes better accommodate operational failures while maintaining incentives for reliable storage. Reference: FIP-0002 --- content/algorithms/cryptoecon/_index.md | 6 +++--- content/glossary/_index.md | 9 +++++---- .../onchain_storage_market/storage_deal_flow.md | 10 +++++----- .../systems/filecoin_mining/sector/sector-faults.md | 2 +- .../systems/filecoin_mining/sector/sector-recovery.md | 2 +- .../systems/filecoin_mining/storage_mining/_index.md | 8 ++++---- 6 files changed, 19 insertions(+), 18 deletions(-) diff --git a/content/algorithms/cryptoecon/_index.md b/content/algorithms/cryptoecon/_index.md index dd5a995d7..a85cd144e 100644 --- a/content/algorithms/cryptoecon/_index.md +++ b/content/algorithms/cryptoecon/_index.md @@ -37,8 +37,8 @@ The following table summarizes initial parameter recommendations for Filecoin. M | Maximum sector lifetime | 540 days | | Minimum deal duration | 180 days | | Maximum deal duration | 540 days | -| Sector Fault Fee | 2.14 days worth of block reward | -| Sector Fault Detection Fee | 1.5 days worth of estimated block reward | +| Sector Fault Fee | 3.51 days worth of block reward (per FIP-0002) | +| Declared Fault Projection Period | 3.51 days (per FIP-0002) | | Sector Termination Fee | Estimated number of days of block reward that a sector has earned; capped at 90 days | | Minimum Client Deal Collateral | 0 | | Minimum Provider Deal Collateral | share of 1% raw byte-normalised circulating supply | @@ -56,6 +56,6 @@ The following table summarizes initial parameter recommendations for Filecoin. M **Sector Fault Fee:** If stored sectors are withdrawn from the network only temporarily, a substantial fraction of those sectors' value may be recovered in case the data storage is quickly restored to normal operation — this means that the network need not levy a termination fee immediately. However, even temporary interruptions can be disruptive, and also damage confidence about whether the sector is recoverable or permanently lost. In order to account for this situation, the network charges a much smaller fee per day that a sector is not being proven as promised (until enough days have passed that the network writes off that sector as terminated). -**Sector Fault Detection Fee:** If a sector is temporarily damaged, storage miners are expected to proactively detect, report, and repair the fault. An unannounced interruption in service is both more disruptive for clients and more of a signal that the fault may not have been caught early enough to fully recover. Finally, dishonest storage miners may have some chance of briefly evading detection and earning rewards despite being out of service. For all these reasons, a higher penalty is applied when the network detects an undeclared fault. +**Sector Fault Fee (Post FIP-0002):** If a sector is temporarily damaged, storage miners are expected to proactively detect, report, and repair the fault. Following FIP-0002, detected faults on 100% healthy partitions incur no immediate fee, while sectors that were already faulty or recovering are charged a Sector Fault Fee. The fee structure now provides a grace period for operational failures while maintaining incentives for reliable storage. The Sector Fault Fee is set at 3.51 days worth of expected block reward, calculated to maintain a break-even uptime of 60%. **Sector Termination Fee:** The ultimate goal of the Filecoin Network is to provide useful data storage. Use-cases for unreliable data storage, which may vanish without warning, are much rarer than use-cases for reliable data storage, which is guaranteed in advance to be maintained for a given duration. So to the extent that committed sectors disappear from the network, most of the value provided by those sectors is canceled out, in most cases. If storage miners had little to lose by terminating active sectors compared to their realized gains, then this would be a negative externality that fails to be effectively managed by the storage market; termination fees internalize this cost. diff --git a/content/glossary/_index.md b/content/glossary/_index.md index ab7e7ef2f..4ef4de3ac 100644 --- a/content/glossary/_index.md +++ b/content/glossary/_index.md @@ -318,11 +318,12 @@ The [_Storage Power Actor_](sysactors) is responsible for keeping track of the s ## Storage Fault Slashing -Storage Fault Slashing is a term that is used to encompass a broader set of penalties, including (but not limited to) Fault Fees, Sector Penalties, and Termination Fees. These penalties are to be paid by miners if they fail to provide sector reliability or decide to voluntarily exit the network. +Storage Fault Slashing is a term that is used to encompass a broader set of penalties, including (but not limited to) Fault Fees and Termination Fees. These penalties are to be paid by miners if they fail to provide sector reliability or decide to voluntarily exit the network. -- **Fault Fee (FF):** A penalty that a miner incurs for each day a miner's sector is offline. -- **Sector Penalty (SP):** A penalty that a miner incurs for a faulted sector that was not declared faulted before a WindowPoSt check occurs. - - The sector will pay FF after incurring an SP when the fault is detected. +- **Fault Fee (FF) (Post FIP-0002):** A penalty that a miner incurs for each proving period a sector is faulty, set at 3.51 days worth of expected block reward. For newly faulted sectors in 100% healthy partitions, this fee is waived for the first proving period after fault detection. +- **Fault Detection (Post FIP-0002):** When a partition misses a WindowPoSt submission deadline: + - For 100% healthy partitions (no previously faulty or recovering sectors), sectors are marked as faulty with no immediate fee + - For partitions with faulty or recovering sectors, those sectors are charged the Fault Fee - **Termination Penalty (TP):** A penalty that a miner incurs when a sector is voluntarily or involuntarily terminated and is removed from the network. ## Ticket or VRF Chain diff --git a/content/systems/filecoin_markets/onchain_storage_market/storage_deal_flow.md b/content/systems/filecoin_markets/onchain_storage_market/storage_deal_flow.md index d9e504133..af1ea81e4 100644 --- a/content/systems/filecoin_markets/onchain_storage_market/storage_deal_flow.md +++ b/content/systems/filecoin_markets/onchain_storage_market/storage_deal_flow.md @@ -33,17 +33,17 @@ dashboardTests: 0 ## Declare and Recover Faults -6. Miners can call `DeclareFaults` to mark certain Sectors as faulty to avoid paying Sector Fault Detection Fee. Power associated with the sector will be removed at fault declaration. -7. Miners can call `DeclareFaultsRecovered` to mark previously faulty sector as recovered. Power will be restored when recovered sectors pass WindowPoSt checks successfully. -8. A sector pays a Sector Fault Fee for every proving period during which it is marked as faulty. +6. Miners can call `DeclareFaults` to mark certain Sectors as faulty before their proving deadline. Power associated with the sector will be removed at fault declaration. +7. Miners can call `DeclareFaultsRecovered` to mark previously faulty sector as recovered. Power will be restored when recovered sectors pass WindowPoSt checks successfully. Following FIP-0002, no recovery fee is charged. +8. A sector pays a Sector Fault Fee (3.51 days worth of expected block reward) for every proving period during which it is marked as faulty, starting from the second proving period after initial fault detection. ## Skipped Faults -9. After a WindowPoSt deadline opens, a miner can mark one of their sectors as faulty and exempted by WindowPoSt checks, hence Skipped Faults. This could avoid paying a Sector Fault Detection Fee on the whole partition. +9. After a WindowPoSt deadline opens, a miner can mark one of their sectors as faulty and exempted by WindowPoSt checks, hence Skipped Faults. Following FIP-0002, skipped faults incur no immediate penalty, but will be charged the Sector Fault Fee starting from the next proving period. ## Detected Faults -10. If a partition misses a WindowPoSt submission deadline, all previously non-faulty sectors in the partition are detected as faulty and a Fault Detection Fee is charged. +10. If a partition misses a WindowPoSt submission deadline, all previously non-faulty sectors in the partition are detected as faulty. Following FIP-0002, if the partition was 100% healthy (no faulty or recovering sectors), no immediate fee is charged. However, sectors that were already faulty or recovering are charged the Sector Fault Fee. ## Sector Expiration diff --git a/content/systems/filecoin_mining/sector/sector-faults.md b/content/systems/filecoin_mining/sector/sector-faults.md index 9372b735e..5a0ae2f00 100644 --- a/content/systems/filecoin_mining/sector/sector-faults.md +++ b/content/systems/filecoin_mining/sector/sector-faults.md @@ -11,5 +11,5 @@ dashboardTests: 0 It is very important for storage providers to have a strong incentive to both report the failure to the chain and attempt recovery from the fault in order to uphold the storage guarantee for the networkʼs clients. Without this incentive, it is impossible to distinguish an honest minerʼs hardware failure from malicious behavior, which is necessary to treat miners fairly. The size of the fault fees depend on the severity of the failure and the rewards that the miner is expected to earn from the sector to make sure incentives are aligned. The two types of sector storage fault fees are: -- **Sector fault fee:** This fee is paid per sector per day while the sector is in a faulty state. This fee is not paid the first day the system detects the fault allowing a one day grace period for recovery without fee. The size of the sector fault fee is slightly more than the amount the sector is expected to earn per day in block rewards. If a sector remains faulty for more than 42 consecutive days, the sector will pay a termination fee and be _removed from the chain state_. As storage miner reliability increases above a reasonable threshold, the risk posed by these fees decreases rapidly. +- **Sector fault fee (Post FIP-0002):** This fee is paid per sector per day while the sector is in a faulty state. Following FIP-0002, newly faulted sectors in 100% healthy partitions incur no fee during their first proving period after fault detection. The sector fault fee is charged starting from the subsequent proving period if the sector remains faulty. The size of the sector fault fee is 3.51 days worth of expected block reward (updated from 2.14 days). If a sector remains faulty for more than 42 consecutive days, the sector will pay a termination fee and be _removed from the chain state_. As storage miner reliability increases above a reasonable threshold, the risk posed by these fees decreases rapidly. - **Sector termination fee:** A sector can be terminated before its expiration through automatic faults or miner decisions. A termination fee is charged that is, in principle, equivalent to how much a sector has earned so far, up to a limit in order to avoid discouraging long sector lifetimes. In an active termination, the miner decides to stop mining and they pay a fee to leave. In a fault termination, a sector is in a faulty state for too long, and the chain terminates the deal, returns unpaid deal fees to the client and penalizes the miner. Termination fee is currently capped at 90 days worth of block reward that a sector will earn. Miners are responsible for deciding to comply with local regulations, and may sometimes need to accept a termination fee for complying with content laws. Many of the concepts and parameters above make use of the notion of “how much a sector would have earned in a day” in order to understand and align incentives for participants. This concept is robustly tracked and extrapolated on chain. diff --git a/content/systems/filecoin_mining/sector/sector-recovery.md b/content/systems/filecoin_mining/sector/sector-recovery.md index 3ed0fc99b..b5db5740e 100644 --- a/content/systems/filecoin_mining/sector/sector-recovery.md +++ b/content/systems/filecoin_mining/sector/sector-recovery.md @@ -9,7 +9,7 @@ dashboardTests: 0 # Sector Recovery -Miners should try to recover faulty sectors in order to avoid paying the penalty, which is approximately equal to the block reward that the miner would receive from that sector. After fixing technical issues, the miner should call `RecoveryDeclaration` and produce the WindowPoSt challenge in order to regain the power from that sector. +Miners should try to recover faulty sectors in order to avoid paying ongoing penalties. Following FIP-0002, successful recovery no longer incurs a recovery fee. After fixing technical issues, the miner should call `DeclareFaultsRecovered` and produce the WindowPoSt challenge in order to regain the power from that sector. The sector fault fee (3.51 days worth of expected block reward) continues to accrue for each proving period the sector remains faulty. Note that if a sector is in a faulty state for 42 consecutive days it will be terminated and the miner will receive a penalty. The miner can terminate the sector themselves by calling `TerminationDeclaration`, if they know that they cannot recover it, in which case they will receive a smaller penalty fee. diff --git a/content/systems/filecoin_mining/storage_mining/_index.md b/content/systems/filecoin_mining/storage_mining/_index.md index 5260fa529..b32190813 100644 --- a/content/systems/filecoin_mining/storage_mining/_index.md +++ b/content/systems/filecoin_mining/storage_mining/_index.md @@ -97,16 +97,16 @@ There are four relevant epochs associated to a deadline: **Fault Recovery** -Regardless of how a fault first becomes known (declared, skipped, detected), the sector stays faulty and is excluded from future proofs until the miner explicitly declares it recovered. The declaration of recovery restores the sector to the proving set at the start of the subsequent proving period. When a PoSt for a just-recovered sector is received, power for that sector is restored. +Regardless of how a fault first becomes known (declared, skipped, detected), the sector stays faulty and is excluded from future proofs until the miner explicitly declares it recovered. The declaration of recovery restores the sector to the proving set at the start of the subsequent proving period. When a PoSt for a just-recovered sector is received, power for that sector is restored. Following FIP-0002, successful recovery no longer incurs a recovery fee. **Penalties** A Miner may accrue penalties for many reasons: - **PreCommit Expiry Penalty**: Occurs if a Miner fails to ProveCommit a PreCommitted Sector in time. This happens the first time that a miner declares that it proves a sector and falls into the PoRep consensus. -- **Undeclared Fault Penalty**: Occurs if a Miner fails to submit a PoSt for a Sector on time. Depending on whether the "Skipped Fault" option is implemented, this penalty applies to either a sector or a whole partition. -- **Declared Fault Penalty**: Occurs if a Miner fails to submit a PoSt for a Sector on time, but they declare the Sector faulty before the system finds out (in which case the fault falls in the "Undeclared Fault Penalty" above). **This penalty fee should be lower than the undeclared fault penalty**, in order to incentivize Miners to declare faults early. -- **Ongoing Fault Penalty**: Occurs every Proving Period a Miner fails to submit a PoSt for a Sector. +- **Fault Detection (Post FIP-0002)**: When a partition misses a WindowPoSt submission deadline, sectors are marked as faulty. For 100% healthy partitions (no previously faulty or recovering sectors), no immediate fee is charged. For partitions with faulty or recovering sectors, those sectors are charged the Sector Fault Fee. +- **Skipped Fault (Post FIP-0002)**: When a miner submits a WindowPoSt but skips proofs for specific sectors, those sectors are marked as faulty. No immediate penalty is charged, but the Sector Fault Fee applies starting from the next proving period. +- **Ongoing Fault Penalty**: Occurs every Proving Period a Miner fails to submit a PoSt for a Sector. The fee is 3.51 days worth of expected block reward per sector per proving period. - **Termination Penalty**: Occurs if a Sector is terminated before its expiration. - **Consensus Fault Penalty**: Occurs if a Miner commits a consensus fault and is reported.