Not panicking can cause consensus failure.

[batconjurer]

Certain errors in Namada, if squashed, can lead to validators arriving at different notions of the block chain state. This can lead validators to become suddenly byzantine, and in the worse case scenario, consensus failure.

The type of errors that can cause this are necessarily undeterministic since they will occur for some validators and not others. The most obvious place for such errors to occur at program boundaries, i.e. file system/IO, IPC connections, and (de)-serialization.

If an error can cause state divergence, it should lead to an immediate panic (whenever possible) so that nodes are immediately made aware that they may have become byzantine.

An example: In a world with whitelisted wasm's, all validators should be able to compile any wasm blob it encounters. However, a validator may be running on a machine whose architecture is incompatible with wasm compiler. If the compilation error that results is squashed, that validator will reject all transactions with wasm. This will cause it to diverge from other validators who can compile wasm successfully. It will reject all block proposals from then on and all of it's block proposals will be rejected by other validators because the app hash check will not pass. It is better to crash that validator on such errors.