Shardeum’s consensus mechanism is Proof of Quorum (PoQ) while its sybil deterrence mechanism is Proof of Stake (PoS). Read more about them in our whitepaper.
Proof of Quorum means to generate a receipt showing that a majority of the consensus group has voted for the transaction. Each node in the consensus group signs the transaction hash and gossips it to other nodes in the consensus group. Nodes collect these votes, and when the number of votes is more than 50%, these votes form a receipt that can prove consensus on the transaction. Note Shardeum will use both PoQ and PoS (Proof of Stake) consensus algorithms to keep the network safe, where validating nodes can be expected to stake a minimum amount of network coin to ensure they operate as per network protocols while getting slashed for misbehavior.
Further, the consensus algorithm also plays a key role in assigning a ‘node ID’ randomly to validator nodes before they join the network. On Shardeum, there will be a third set of nodes apart from validator and archive nodes, called ‘standby nodes’. These are nodes waiting for their turn to be validator nodes. Standby nodes use-case on Shardeum is not limited to just accommodating more capacity when the demand surges. With the help of node IDs, the network will constantly auto-rotate the validator and standby nodes to make it even more difficult for bad actors to take over at any given point in time.
Because of cycle rotation and a random but deterministic lottery to accept nodes into the network, an attacker would have to take over 51% of all nodes in the list waiting to join a network and the usual 51% of nodes that would be in a network. Nodes waiting to join a network are not part of the consensus. To ever have a majority of nodes in the network, an attacker would also need to have > 51% of nodes waiting to join for a sustained period. To illustrate, consider a scenario where there are 10,000 nodes in the network but 100,000 waiting to join. In this case, the attacker would need to maintain control of more than 50,000 nodes for an extended duration, as the network continually cycles its complete set of nodes in and out. Only after this sustained control, would over 5,000 of these nodes eventually become integrated into the network. You can find more interesting details in our recently released whitepaper.
Besides enabling average users to run nodes on the network permissionlessly, Shardeum will use Proof of Quorum (PoQ), as an innovative consensus mechanism and Proof of Stake (PoS) as a Sybil deterrence mechanism. Proof of Quorum means to generate a receipt showing that a majority of the consensus group has voted for the transaction. Each node in the consensus group signs the transaction hash and gossips it to other nodes in the consensus group. Nodes collect these votes, and when the number of votes is more than 50%, these votes form a receipt that can prove consensus on the transaction. Shardeum will be a distributed network with a solid consensus algorithm.
Further, staking native coins will be mandatory for validators to participate in the transaction validation process in return for rewards. Nodes that act maliciously will be slashed or penalized. Note, the staking amount will be determined when we get closer to the mainnet. However you can expect it to be reasonable enough, among other techniques, to mitigate and/or nullify bot attacks. Proof of Quorum, in a nutshell, allows the network validators of a transaction to approve it only if it receives more than 50% of votes which is then followed by batching such transactions to blocks. And a key element with respect to security and scalability is, Shardeum introduces ‘standby nodes’ to randomly rotate ‘validator nodes’ in and out of the system, which will make it extremely difficult for bad actors to attack the network by compromising nodes.
Shardeum has launched bug bounty on Immunefi on July 8, 2024 at 6 AM UTC. Shardeum is offering two tiers of bug bounty via boosts on Immunefi: Core and Ancillaries, with a total reward up to $700,000. The boosts will run through August 14, 2024.
The Core Boost will run from July 8 – August 16, 2024, and offers rewards of up to $500,000 for critical vulnerabilities identified in its blockchain/DLT codebase. This code is largely written in TypeScript, and the boost is ideal for elite white hats specializing in large validator and server-like competitions.
In addition to the Core Boost, Shardeum is also launching the Ancillaries Boost, offering rewards of up to $200,000. The Ancillaries Boost will run from July 8 – August 2, 2024. This competition focuses on a 55,000-line Web2 codebase that includes elements of Rust, opening the door to a broader range of security researchers, including those specializing in traditional web applications. This is the first boost on Immunefi specifically focused on Web2 code.
Join the bug bounty today!
