Shardeum’s consensus mechanism is Proof of Quorum (PoQ) while its sybil deterrence mechanism is Proof of Stake (PoS). Read more about them in our whitepaper.
Proof of Quorum means to generate a receipt showing that a majority of the consensus group has voted for the transaction. Each node in the consensus group signs the transaction hash and gossips it to other nodes in the consensus group. Nodes collect these votes, and when the number of votes is more than 50%, these votes form a receipt that can prove consensus on the transaction. Note Shardeum will use both PoQ and PoS (Proof of Stake) consensus algorithms to keep the network safe, where validating nodes can be expected to stake a minimum amount of network coin to ensure they operate as per network protocols while getting slashed for misbehavior.
Further, the consensus algorithm also plays a key role in assigning a ‘node ID’ randomly to validator nodes before they join the network. On Shardeum, there will be a third set of nodes apart from validator and archive nodes, called ‘standby nodes’. These are nodes waiting for their turn to be validator nodes. Standby nodes use-case on Shardeum is not limited to just accommodating more capacity when the demand surges. With the help of node IDs, the network will constantly auto-rotate the validator and standby nodes to make it even more difficult for bad actors to take over at any given point in time.
Because of cycle rotation and a random but deterministic lottery to accept nodes into the network, an attacker would have to take over 51% of all nodes in the list waiting to join a network and the usual 51% of nodes that would be in a network. Nodes waiting to join a network are not part of the consensus. To ever have a majority of nodes in the network, an attacker would also need to have > 51% of nodes waiting to join for a sustained period. To illustrate, consider a scenario where there are 10,000 nodes in the network but 100,000 waiting to join. In this case, the attacker would need to maintain control of more than 50,000 nodes for an extended duration, as the network continually cycles its complete set of nodes in and out. Only after this sustained control, would over 5,000 of these nodes eventually become integrated into the network. You can find more interesting details in our recently released whitepaper.
Besides enabling average users to run nodes on the network permissionlessly, Shardeum will use Proof of Quorum (PoQ), as an innovative consensus mechanism and Proof of Stake (PoS) as a Sybil deterrence mechanism. Proof of Quorum means to generate a receipt showing that a majority of the consensus group has voted for the transaction. Each node in the consensus group signs the transaction hash and gossips it to other nodes in the consensus group. Nodes collect these votes, and when the number of votes is more than 50%, these votes form a receipt that can prove consensus on the transaction. Shardeum will be a distributed network with a solid consensus algorithm.
Further, staking native coins will be mandatory for validators to participate in the transaction validation process in return for rewards. Nodes that act maliciously will be slashed or penalized. Note, the staking amount will be determined when we get closer to the mainnet. However you can expect it to be reasonable enough, among other techniques, to mitigate and/or nullify bot attacks. Proof of Quorum, in a nutshell, allows the network validators of a transaction to approve it only if it receives more than 50% of votes which is then followed by batching such transactions to blocks. And a key element with respect to security and scalability is, Shardeum introduces ‘standby nodes’ to randomly rotate ‘validator nodes’ in and out of the system, which will make it extremely difficult for bad actors to attack the network by compromising nodes.
Yes. Following the success of our first bug bounty held from July 8 to August 14, 2024, Shardeum has launched its second bug bounty program in partnership with Immunefi on September 4. This round of bug bounty, with rewards up to $250K, will run from September 4 to October 2, 2024, and we look forward to continuing this journey with your support. With over 5 million transactions recorded on our ongoing incentivized testnet so far, coupled with valuable bug reports from the community, our engineering team has been working diligently to address identified gaps. Therefore, the objective for bug bounty II is to further secure the network so we are mainnet-ready.
Similar to bug bounty I, bug bounty II offers two tiers of Boosts on Immunefi: Core and Ancillaries. Core Boost II is a successor of Shardeum’s Core Boost I and will cover two components: Shardus Core Protocol and Shardeum Validator Nodes. It offers rewards of up to $150,000 for critical vulnerabilities identified in its blockchain/DLT codebase. This code is largely written in TypeScript, and the boost is ideal for elite white hats specializing in large validator and server-like competitions.
Ancillaries Boost II is a successor of Shardeum’s Ancillaries Boost I and will only cover the Web2 aspects of the project that includes elements of Rust, opening the door to a broader range of security researchers, and those specializing in traditional web applications. This boost offers rewards up to $100,000.
When the Boost has ended, Immunefi will publish an event-specific leaderboard and bug reports from the event. Also, Shardeum team will give a live technical walkthrough, hosted in the Immunefi Discord few days after the launch.
Join the bug bounty II today!
