[Update: The bug bounty has concluded.]
We are taking another step in making Lido for Solana more secure by announcing a bug bounty in partnership with Immunefi. To date, we have had two audits done on our source code. The first one has been done by Bramah Systems and the second one, which is ongoing at the moment, by Neodyme. This bug bounty is a step further in fortifying the security of Lido for Solana ahead of its launch in September.
The bounty amount of $100,000 could be soon revised to $2,000,000 if the proposal to bump it up gets accepted. The $2m proposal is getting voted upon and as of now has received 100% votes in favour of increasing the bounty. The voting is still open though and ends on the 1st of September.
Immunefi is a bug bounty platform for smart contracts and projects to protect them against catastrophic exploits by rewarding white hats who find bugs in the system. Rewards are distributed according to the level of the vulnerability exposed, with levels varying on a 5-point scale based on Immunefi Vulnerability Severity Classification System.
The bug bounty covers smart contracts as well as the lido app website. The primary focus of the bug bounty program is the Lido Program’s smart contracts but there are generous rewards for discovering bugs in the Lido web app as well.
Payouts are done in either ETH, DAI, RAI, or LDO
All the web app bug reports require an accompanying PoC in order to be considered for a reward. Payouts are handled by the Lido for Solana department of the Lido team directly and are denominated in USD. Payouts are done in either ETH, DAI, RAI, or LDO, as per the bug bounty hunter’s preference.
For a list of assets in scope please refer to the bug bounty page at Immunefi
immunefi.com
Note: For researchers who want to start their research early, a development version is available at https://solana-dev.testnet.lido.fi/, but this devnet deployment is not in scope. Additionally, any web/app bugs not directly related to what is in the Assets in Scope table but relevant for lido.fi, should be submitted in their main bug bounty program, assuming it fulfills all other requirements.
Lido for Solana is a Lido-DAO governed liquid staking protocol for the Solana blockchain. Anyone who stakes their SOL tokens with Lido will be issued an on-chain representation of SOL staking position with Lido validators, called stSOL. Lido for Solana will integrate stSOL widely into the Solana DeFi ecosystem to enable stSOL users to make use of their staked assets in a variety of applications.
medium.com
With a proposal to increase and expand Lido’s bug bounty program to $2m underway, it is clear the Lido DAO is very serious about maintaining the security of its projects.
research.lido.fi
Lido for Solana is going to be a very mission-critical project and consequently a lucrative target for attacks. We take security seriously and this bug bounty is an effort to battle-test our codebase. We encourage all white hats to participate in this program and be rewarded with handsome bounty amounts.
For applying to the bug bounty and for further information, please visit the Immunefi bug bounty page
immunefi.com
Chorus One is offering staking services and building protocols and tools to advance the Proof-of-Stake ecosystem.
Website: https://chorus.one
Twitter: https://twitter.com/chorusone
Telegram: https://t.me/chorusone
Newsletter: https://substack.chorusone.com
Our content is intended to be used and must be used for educational purposes only. It is not intended as legal, financial or investment advice and should not be construed or relied on as such. The information is general in nature and has not taken into account your personal financial position or objectives. Before making any commitment of financial nature you should seek advice from a qualified and registered financial or investment adviser. Chorus One does not recommend that any cryptocurrency should be bought, sold, or held by you. Any reference to past or potential performance is not, and should not be construed as, a recommendation or as a guarantee of any specific outcome or profit. Always remember to do your own research.
Chorus One is delighted to sponsor 5 full scholarships ($2000 each) to
Chorus One is committed to gender diversity in the Crypto Space. We actively run, support, and fund initiatives that help more women enter the industry. Preethi’s drive to provide scholarships to Indian women resonates with our values — which is why we decided to fund 5 women from across the world to be able to attend this Bootcamp.
You can apply for the scholarship in 5 easy steps
The last date to apply AND submit your coding assessment is Tuesday, August 17th.
In this supercharged week-long Bootcamp you will get a hands-on experience on how to design, develop, and scale a Web 3.0 app on Ethereum. You will have the opportunity to collaborate with like-minded peers and world-class founders with experience in building successful apps on Ethereum You will get to understand the best practices and common pitfalls.
Learning how to build Dapps on Ethereum is overwhelming and frustrating. The architecture, tooling, and even the programming language are different from traditional Web 2.0 development. It requires unlearning and subsequent relearning blockchain development concepts from the ground up. Keeping this in mind, Preethi has designed the course in a step-by-step manner!
Preethi is an entrepreneur, writer, engineer, and investor. She was an early engineer at Coinbase, later worked at a16z, and then quit one of the most sought-after jobs to teach herself coding and start TruStory.
Lido, the largest liquid staking project on Eth2 and Terra, is looking to expand its offering to the high-performance blockchain Solana. Chorus One is building this service for Lido. 3 months ago we submitted the proposal to build Lido for Solana. The proposal received support from an overwhelming majority of LDO holders.
Over the last 3 months, we have made rapid progress behind the scenes. This is the story of our journey in building the liquid staking solution for the fastest blockchain in the world
‘Lido for Solana’ is a Lido-DAO governed liquid staking protocol for the Solana blockchain. Anyone who stakes their SOL tokens with Lido will be issued an on-chain representation of their SOL staking position with Lido validators, called stSOL. This will allow Solana token holders to get liquidity on their staked assets which can then be traded, or further utilized as collateral in DeFi products
On the 30th of April, 2021, Chorus One submitted a development proposal to the Lido DAO as a snapshot vote. The proposal was to build a Lido-operated liquid staking protocol for the Solana blockchain
The proposal was put to vote on the 6th of May and every LDO holder was invited to participate. The proposal received overwhelming support. 79 LDO holders holding 96.85m LDO voted exclusively in favor of the proposal.
The proposed design is centered around a liquid staking token, called stSOL, that will accrue staking rewards and represent staking positions with Lido validators on Solana.
medium.com
The stake deposited to the Lido contract on Solana will be distributed to these validators following a logic similar to the Lido Ethereum liquid staking solution. Lido on Solana will have a fee mechanism similar to that on Ethereum which allows splitting of fees between node operators and the Lido treasury (e.g. to be used for the insurance fund). Lido node operators, as well as parameters such as the fee, will be controlled via the governance of LDO holders on Ethereum. Additionally, in the initial version, governance decisions will be carried out via a Multisig controlled by Lido stakeholders on Solana.
We started building Lido for Solana in April 2021. Towards the end of June, we made the codebase audit-ready and we got it audited by Bramah Systems. We have now made the source code public for the whole world to review. In line with the design, we are performing a Multisig ceremony with 7 participants on the Solana testnet. Soon we will be announcing a bug bounty on Lido for Solana.
Lido’s first design was inspired by the Stake Pool program in the Solana Program Library (SPL). In fact, our first version wrapped over the SPL stake pool. However, over time we swapped out the Stake Pool program for a different approach. The end result is a Lido program — similar to the Stake Pool program — but with key differences.
#2 — By doing so all validators get the same fee percentage, which may be lower than that of the node they operate publicly, and by making it 100% commission, we encourage delegations to Lido.
After extensive in-house testing, we commissioned an audit from Bramah Systems. We addressed all issues identified during the audit and re-enforced the security of the Solana program. However, in order to hold Lido to the highest security standards, we are looking for an additional audit.
In a nutshell, the audit covered the following aspects
In order to trust any program with your funds, two things need to be true:
A prerequisite for these is having access to the source code. Therefore, we have made our codebase public for everyone to view. Anyone can visit the Lido for Solana repository, where we have published the source code under the GPL V3 license — https://github.com/ChorusOne/solido
github.com
The documentation for the project can be found here.
To make our project even more robust, we are going to announce a bug bounty for developers to test the project for exploits.
We will be announcing the exact scope, prioritized vulnerabilities, and rewards categorized by threat level on our web page and on Twitter in the coming weeks.
We decided on using multisig governance for the Lido program. Before we get to the details of our Multisig program, let us see why we need it in the first place.
Programs on Solana can be upgraded unless upgrades are explicitly disabled, and this gives the upgrade authority (the address that can sign upgrades) a lot of power. After all, it could upload a new version of the Lido program that withdraws all Lido funds into some address and runs away with the funds. On the other hand, if we don’t allow the program to be upgraded at all, and then if it turns out to contain a critical bug, we can’t fix it. A multisig is a good middle ground, where no single entity can take control over the programs and their funds, but we can still enable upgrades.
Multisig Programs/addresses require multiple signatures to approve a transaction. These are smart contracts that enable multiple signers to review an action on the blockchain before it is executed. This allows for decentralized governance. Chorus One used the Serum Multisig program to introduce decentralization in Lido for Solana. This multisig has N=7 participants and requires at least M=4 of them to sign for a transaction to be approved.
The complete multisig ceremony will be covered in a later post dedicated to just that.
It is important to note that the role of the multisig is not to make independent decisions regarding Lido for Solana, but only to execute decisions made by the Lido DAO. The 7 parties that comprise the multisig are
Node operators are crucial to the success of this project. Evaluating and onboarding a responsible node operator is an important step. Shortly after the Lido DAO was initiated, the Lido Node Operator Subgovernance Group (LNOSG) was formed. This group was tasked to onboard and represent node operators in the DAO structure.
With the announcement of a proposal for Lido for Solana, we also announced the onboarding of operators for it. Any node operator that wants to apply could do so by filling up a form.
The frontend for interacting with Lido for Solana (currently pointing to Devnet) is here. We have integrated 5 Solana wallets with the frontend — Phantom, Solflare, Ledger, Solong, and Sollet.
Apart from that, we are exploring integrations with the following DeFi applications to utilize stSOL’s liquidity.
Any projects that want to reach out for integration can do so by sending us an email at support@chorus.one
Going ahead we are looking for another audit of our code. That coupled with the results of bug bounty will put us on the path to the mainnet launch. Stay tuned for the latest announcements at https://twitter.com/ChorusOne
Our content is intended to be used and must be used for educational purposes only. It is not intended as legal, financial or investment advice and should not be construed or relied on as such. The information is general in nature and has not taken into account your personal financial position or objectives. Before making any commitment of financial nature you should seek advice from a qualified and registered financial or investment adviser. Chorus One does not recommend that any cryptocurrency should be bought, sold, or held by you. Any reference to past or potential performance is not, and should not be construed as, a recommendation or as a guarantee of any specific outcome or profit. Always remember to do your own research.
Chorus One is offering staking services and building protocols and tools to advance the Proof-of-Stake ecosystem.
Website: https://chorus.one
Twitter: https://twitter.com/chorusone
Telegram: https://t.me/chorusone
Newsletter: https://substack.chorusone.com
Helium network, coined ‘The People’s Network’’ is taking real-world adoption of cryptocurrencies to new heights. Helium’s native cryptocurrency (HNT) is used to incentivise individuals around the world to provide coverage on a global peer-to-peer wireless network. This is done using a Helium compatible hotspot, which to date provides coverage for low-power IoT devices.
Traditional networks such as WiFi do not suit IoT devices well because of their lower range compared to other types of networks such as LoRaWaN. To solve this problem, Helium pioneered LongFi, which represents a mixture of LoRaWaN and blockchain technology. In the past, there were not enough incentives for participants to operate LoRaWaN hotspots resulting in higher costs for companies using IoT devices. With the introduction of LongFi and using HNT to reward participants to grow the decentralised network, IoT companies now have a cheaper alternative to use. Helium has already secured multiple partnerships with IoT companies, such as Salesforce, Lime, Airly, Nobel Systems, and more.
Previously on Helium, hotspots used to not only transmit data to IoT devices, but also play a role in the consensus of valid transactions. In recent times, Helium has experienced immense growth, which has impacted network performance whilst hotspots were involved in consensus. As 86,540 Helium-compatible hotspots have been set-up around the world (at 39% MoM growth), it has been harder for hotspots to secure the network. This is because Helium-compatible hotspots had built-in hardware specifications that limited the number of hotspots that could take part in consensus per epoch and the addresses of hotspots were not static, making it harder to reconnect if a block producer (hotspot) crashed during consensus. Low powered hardware (hotspots) using consumer-grade (personal) internet was a risk to Helium network and exposed to attacks such as DoS. Not only was network security at risk but incentives to secure the network in consensus also decreased as more hotspots joined the network (because new hotspots diluted consensus rewards from other hotspots).
For these reasons, Helium governance proposed in HIP-25 to introduce validators that use high-end servers and enterprise-grade internet with specialised experience in securing networks to help improve block performance and alleviate the consensus pressure from hotspots. The governance proposal passed and validators are now live on Helium network as of July 8th. There are now 1802 validators online on Helium network as of time of writing, translating to 19.96% of the whole network (HNT) being staked (18.02m).
We recently released research into the updated staking economics of Helium and how it improves the utility of HNT. Introducing validators into Helium network importantly assists network performance and block propagation and results in reliable returns for stakers.
We are excited that Helium governance has voted on introducing validators into the Helium network ecosystem and we have every intention to contribute to the network’s long-term success by ensuring the security of it.
Helium’s network is unique in that delegations are not currently possible. For this reason, we support Helium network with our NaaS offering. For information on pricing, please contact whitelabel@chorus.one. To read about the benefits of our NaaS service for those interested in staking HNT, please visit: https://chorus.one/products/whitelabel-staking/
Epoch: An epoch in Helium is 30 blocks. A block occurs roughly every 60 seconds. Thus, each epoch is lasting around 30 minutes. Staking rewards are distributed at the end of each epoch.
Minimum Bond: 10,000 HNT
Helium APR (as of 14/07/2021): ~11%
Chorus Commission: Contact whitelabel@chorus.one for pricing of HNT NaaS offering
Withdrawal Delay: After withdrawing, your staked funds will only become accessible after a 5-month cooldown period has passed.
Slashing: Slashing is not currently possible on Helium.
Partial Staking: Partial staking of HNT is not possible with Chorus One as we are operating a non-custodial staking service.
Overstaking: Overstaking on Helium does not earn additional rewards (i.e. a node with 15,000 HNT staked and a node with 10,000 HNT staked earns the same rewards). To earn more rewards, HNT holders need to launch multiple nodes with 10,000 HNT each.
