Explore the Future of Web3: Shardeum's Whitepaper Released!

Security

What is the consensus mechanism/consensus algorithm used in Shardeum?

Proof of Quorum (PoQ) is the primary consensus mechanism used by Shardeum and Proof of Stake (PoS) will be its Sybil deterrence mechanism. Read more about them in our whitepaper.

What is a Proof of Quorum (PoQ)? How does consensus work technically on the network? #

Proof of Quorum means to generate a receipt showing that a majority of the consensus group has voted for the transaction. Each node in the consensus group signs the transaction hash and gossips it to other nodes in the consensus group. Nodes collect these votes, and when the number of votes is more than 50%, these votes form a receipt that can prove consensus on the transaction. Note Shardeum will use both PoQ and PoS (Proof of Stake) consensus algorithms to keep the network safe, where validating nodes can be expected to stake a minimum amount of network coin to ensure they operate as per network protocols while getting slashed for misbehavior.

Further, the consensus algorithm also plays a key role in assigning a ‘node ID’ randomly to validator nodes before they join the network. On Shardeum, there will be a third set of nodes apart from validator and archive nodes, called ‘standby nodes’. These are nodes waiting for their turn to be validator nodes. Standby nodes use-case on Shardeum is not limited to just accommodating more capacity when the demand surges. With the help of node IDs, the network will constantly auto-rotate the validator and standby nodes to make it even more difficult for bad actors to take over at any given point in time.

Are we safe from someone taking over 51% of nodes?

Because of cycle rotation and a random but deterministic lottery to accept nodes into the network, an attacker would have to take over 51% of all nodes in the list waiting to join a network and the usual 51% of nodes that would be in a network. Nodes waiting to join a network are not part of the consensus. To ever have a majority of nodes in the network, an attacker would also need to have > 51% of nodes waiting to join for a sustained period. To illustrate, consider a scenario where there are 10,000 nodes in the network but 100,000 waiting to join. In this case, the attacker would need to maintain control of more than 50,000 nodes for an extended duration, as the network continually cycles its complete set of nodes in and out. Only after this sustained control, would over 5,000 of these nodes eventually become integrated into the network. You can find more interesting details in our recently released whitepaper.

Since there won’t be a high entry barrier to run nodes on Shardeum, does it affect security?

Besides enabling average users to run nodes on the network permissionlessly, Shardeum will use Proof of Quorum (PoQ), as an innovative consensus mechanism and Proof of Stake (PoS) as a Sybil deterrence mechanism. Proof of Quorum means to generate a receipt showing that a majority of the consensus group has voted for the transaction. Each node in the consensus group signs the transaction hash and gossips it to other nodes in the consensus group. Nodes collect these votes, and when the number of votes is more than 50%, these votes form a receipt that can prove consensus on the transaction. Shardeum will be a distributed network with a solid consensus algorithm.

Further, staking native coins will be mandatory for validators to participate in the transaction validation process in return for rewards. Nodes that act maliciously will be slashed or penalized. Note, the staking amount will be determined when we get closer to the mainnet. However you can expect it to be reasonable enough,  among other techniques, to mitigate and/or nullify bot attacks. Proof of Quorum, in a nutshell, allows the network validators of a transaction to approve it only if it receives more than 50% of votes which is then followed by batching such transactions to blocks. And a key element with respect to security and scalability is, Shardeum introduces ‘standby nodes’ to randomly rotate ‘validator nodes’ in and out of the system, which will make it extremely difficult for bad actors to attack the network by compromising nodes.

What is the Shardeum Bug Bounty Program, and how can I participate in it?

The Shardeum Bug Bounty Program will be an initiative designed to enhance the security and robustness of the Shardeum blockchain (testnet) by engaging with the community to identify and report potential vulnerabilities (in Q1 of 2024). And this is how it may look in general. As part of our security audit, we will invite developers, security experts, and community members to actively participate in this program and contribute to making Shardeum secure. While exploring the testnet, if you discover any security vulnerabilities or issues, you are expected to document them in detail that include steps to reproduce the issue, potential impact, and any suggestions for mitigation. Our team will review your submission, assess the vulnerability, and respond with the next steps. If your report qualifies for a reward, we’ll provide details on the reward process. Stay tuned to our socials for an official announcement regarding bug bounty.