ethereum
Anti-correlation slashing penalties should ideally work on a per-committee basis
If a committee publishes a bad crosslink, ideally we would want every member of the committee that participated to be heavily penalized and even lose their entire deposit (as the probability that honest validators in the same committee would have a bug at the same time is astronomically tiny, and the collective failure of a committee caused great harm).
However, the current anti-correlation penalty structure only increases penalties in response to a significant fraction of all validators being slashed.
Unfortunately, because committees get reshuffled so frequently, there is no easy way to fix this. But we should still flag this as something to think about and try to improve.
Would it work to add a second kind of slashing for "really bad" failures like this, that could be invoked on a crosslink? Of course, it would be necessary that it can be applied to slashed validator while waiting for withdrawal.
One proposal I have is to remove the current collective penalty scheme, and instead only rely on a per-committee anti-correlation slashing mechanism (if a large portion of all validators misbehave, generally a large portion of all committees will misbehave). Then the mechanism would work as follows: you can submit an epoch and seed to generate a committee (or for more security a historical Merkle branch proving that it was a committee), and if you can show that M of N members of the committee have been slashed, you increase every member's penalty to M/N (if any specific member's penalty was already higher than M/N, it stays unchanged).