Security Risks of Reducing Polkadot's Unbonding Period to 24-48 Hours

Translation: Economic Security and Unbonding Period in Polkadot

In a Proof-of-Stake (PoS) system like Polkadot, the Unbonding Period is not just an arbitrary number; it is the network’s primary economic defense mechanism.

Currently, on the Polkadot Mainnet, the unbonding period is 28 days. The transition toward a 24-48 hour window in March 2026 is a massive leap that carries serious security consequences.

1. The Concept of “Cost of Attack”

In cryptoeconomics, network security is measured by the magnitude of the loss an attacker must incur if they attempt to cheat (e.g., double spending or forging blocks).

Slashing Mechanism: If a validator acts maliciously, the system slashes (confiscates) their staked DOT.

The Function of the Long Unbonding (28 Days): This extended duration provides ample time for governance systems and automated detection to identify fraud, verify it, and execute penalties before the funds can be withdrawn from the network.

The Risk of Fast Unbonding (24-48 Hours): If an attacker commits a malicious act, they have an extremely narrow window to withdraw their assets before being caught. If the detection and governance voting process takes longer than 48 hours, the attacker could escape with assets that should have been “seized.”

Peringkat Risiko: Tinggi (High) > Alasan: Memperpendek waktu unbonding secara drastis mengurangi “Detection Window”. Jika skrip slashing otomatis gagal atau tertunda, penyerang bisa menarik modal mereka sebelum hukuman dijatuhkan.

2. “Flash Governance” Risks & Vote Manipulation

With a significantly shorter unbonding time, DOT becomes much more liquid. This creates new systemic risks:

Asset Borrowing for Voting: Someone could borrow a large amount of DOT (e.g., via lending protocols), use it to vote on decisions that benefit them (or harm the network), and then immediately unbond and return the loan within a very short timeframe.

Security Instability: In the event of market panic, a 24-hour unbonding period allows for a mass simultaneous withdrawal (bank run). This could drastically reduce the total economic security (Total Value Locked for staking) within a single day.

Peringkat Risiko: Sangat Tinggi (Very High) > Alasan: Likuiditas yang terlalu instan pada token tata kelola (governance token) mempermudah serangan manipulasi suara (Governance Attacks) dan mempercepat volatilitas keamanan jaringan saat terjadi sentimen negatif.

Asset Borrowing for Voting: Someone could borrow a large amount of DOT (e.g., via lending protocols), use it to vote on decisions that benefit them (or harm the network), and then immediately unbond and return the loan within a very short timeframe.

This won’t work. Voting creates its own lock, though, anywhere from the time of the Referendum (with 0.1x worth of the vote) to 224 days. Polkadot OpenGov - Polkadot Wiki

Security Instability: In the event of market panic, a 24-hour unbonding period allows for a mass simultaneous withdrawal (bank run). This could drastically reduce the total economic security (Total Value Locked for staking) within a single day.

This also won’t work, since there are limits to how much DOT can be unbonded in a 24 hour period due to the Unbonding Queue. See RFC-0097: Unbonding Queue - Polkadot Fellowship RFCs

The Risk of Fast Unbonding (24-48 Hours): If an attacker commits a malicious act, they have an extremely narrow window to withdraw their assets before being caught. If the detection and governance voting process takes longer than 48 hours, the attacker could escape with assets that should have been “seized.”

In terms of individual accounts - This would only be true if malicious acts were done with staked DOT. This is really only limited to getting a copy of someone’s private key or otherwise controlling their account. However, in this case, the problem is just pushed back since you have two “owners” of the account (according to the rules of the chain). You are correct, though, in this particular instance, the owner would have less time to react.

In terms of malicious acts by validators (backed by staked DOT of nominators), you are correct that the nominators could move that DOT away after nominating a malicious validators. However, note that validators have their own staked DOT which would also be at risk here. See Proposal: Dynamic Allocation Pool (DAP)

Ah sorry, it looks like the unbonding queue won’t be implemented now.

However, consensus violations should be caught close-to-immediately and validators have their own stake which can be slashed.

"Hi Bill,

Thank you for the detailed clarification and for pointing out the nuances of Conviction Locking in OpenGov. I appreciate the correction regarding how voting locks work; it effectively mitigates the immediate risk of ‘Flash Governance’ through borrowed assets.

However, I am particularly concerned about your second point regarding the Unbonding Queue (RFC-0097). If this safety mechanism is not being implemented as initially planned, doesn’t this leave a significant gap in our ‘Economic Defense-in-Depth’?

Without a dynamic queue to throttle mass exits during periods of high volatility or potential network-level exploits, a 24-48 hour window seems to rely heavily on the assumption that all consensus violations will be detected and slashed almost instantly.

As I am currently diving deeper into Rust and Substrate pallets, I am curious: if a sophisticated attack or a bug in the automated slashing logic occurs, what secondary ‘circuit breaker’ exists to protect the network’s Total Value Locked (TVL) once the 28-day buffer is reduced to such a short window?

Looking forward to your thoughts on how we can balance user liquidity with this heightened systemic risk.

Best regards,

muh. mughni syarif.

The point is that most if not all offenses would be detected within 24-48 hours and therefore the involved validators can be slashed. In addition with the increase of the self-stake requirement and the minimum commission, it causes the necessary economic costs to make such an attack unlikely.