Background
Incentivised testnets have been one of the significant innovations in the crypto space. Cosmos led the way with Game of Stakes, and since then, it’s become a core activity for bootstrapping new networks.
Incentivized testnets are powerful in many ways. They enable validators to build up the skills they need to deploy, upgrade, and maintain the new network. But more than that, testnets help the validators learn how to operate as a community, where they work together to solve problems and make the network more robust. Often the incentives include rewards for maintaining high uptime or for passing a security audit. They may even include activities besides running validators e.g., rewards for content production. Incentivized testnets also give token holders a chance to evaluate the skills of each validator, to help them decide with whom to stake once the mainnet is launched.
A key part of running testnets is to break things. The premise is that the more successful attacks there are on a testnet, the more prepared a network is for mainnet. The best sign that a network has been put through its paces is to find the Holy Grail of bugs: a priority one, severe bug that is a showstopper for the network launch.
This week Chorus One engineer, Reisen, did just that. He demonstrated a critical flaw with the Solana network that allowed him to steal 500M Sol tokens on the testnet. What follows is the story of how he did it.
A Step Back
To start the story, we must go back to when Reisen joined the Chorus One team in June of 2019. Over the summer, Chorus was contracted by Solana to build out StrongGate, a solution that enables high-availability validators on the Solana network. This involved Reisen getting deep into some of the core Solana code. The Solana codebase would challenge any developer, even for a very experienced Rust and functional programming expert like Reisen. That is because the Solana project has innovated on so many fronts in parallel. Solana is built around eight vital technological innovations in one project (as described in this blog post). All these innovations were delivered in Version 1 of the Solana codebase, so when Reisen dove into the codebase, there was still a lot of development activity going on. And none of the eight technologies are easy to grasp. Proof of History is a new model for distributed timekeeping, Tower BFT is a new consensus algorithm, Turbine is a block propagation protocol influenced by BitTorrent, Archivers are a decentralized file system, and that’s only half of them. Anyone of these on its own would challenge any developer. So it was no easy task to dive into the codebase.
When Solana’s incentivized testnet (Tour de SOL) came around, Reisen was determined to come up with the best exploit. It was always in the back of his mind as we looked through the codebase in late 2019. But it wasn’t until Tour de SOL kicked off in February that he focused his attention on the problem.
The First Attacks
Designing distributed computing protocols in Byzantine environments is especially hard. The typical attacks we see on these networks involve crafting malformed packets or launching denial of service attacks. So this is where Reisen started.
His first attack was a joint effort with Certus One. Reisen had identified an issue at network launch time. Each node announces the height of the last block they have seen. The node with the most recent block is then responsible for sharing the latest block(s) to bootstrap the nodes that are joining the network. Reisen realized that this could be used to sabotage the network. By advertising a very high block height, he could control the launch. But the question was how best to exploit this? This is where the amazing Certus One team come in. They built a superb mechanism to slow down the snapshot delivery so that nodes would be effectively stalled trying to get access to the latest chain data before the network could start. They also prepared a compression (or zip) bomb that we deployed but unfortunately was never activated. And they designed the pièce de résistance, a beautiful piece of ASCII art to add to the mischief:
The attack worked! We had successfully attacked the network. Independently, Certus also launched other denial of service attacks on the network. It was such a pleasure for us the partner with Certus on this, as they have long been the rock stars of testnet attacks.
The fun had begun!
The Search For The Big Attack
So far, so good. But Reisen wanted more. He sensed there was a more significant attack possible. And then, last week, he spotted an issue in the code. At this point, it was just a suspicion that an attack might be possible. But he wasn’t sure.
So over a couple of sleepless nights, he set about setting up a test environment to build and test the exploit. Over the weekend, the Chorus team got early indications that the attack was viable. But could Reisen make it happen in the Tour de SOL testnet? We had to be patient as Reisen waited for the right opportunity.
This was the big one. It was the most critical exploit you can imagine in a crypto network: stealing unlimited funds. Reisen had found a bug that allowed a block producer to inject a transaction that could steal funds from any account without knowing the private key. And the network was utterly oblivious to anything being wrong.
But could we launch such a severe attack on Tour De SOL? Reisen felt that we should run it by one of the Solana team first. So we showed the exploit to Michael Vines, Head of Engineering at Solana. And it didn’t work at first. Reisen thought he’d messed up. Maybe there was something wrong with his test environment. He couldn’t reproduce it with Michael. But then, after seven attempts — it worked! We had reproduced it on the Solana Soft Launch testnet.
Now the big question. Could we make it work on Tour De SOL? Again the answer at first was no. It failed. Then it failed again. But at least Michael had seen the exploit working, so we still marked it down as a big success.
But as you may have guessed by now, this wasn’t good enough for Reisen. He needed to see this through. So he left the exploit on a loop. And an hour after we demonstrated the issue to Michael… The transaction went through. WE DID IT! We stole 500 Million SOL tokens from the genesis account on the Tour de SOL testnet.
Deep Dive Into the Issue
Let’s start with some terminology. Solana has slots, periods where a particular validator adds transactions. It’s helpful to think of a slot as a block in a more traditional blockchain context. Leaders are elected for a slot. They get to decide which transactions to include in that slot, during which time they broadcast these transactions to the other validators. Validators run in one of two modes: Broadcast and Replay. The leader broadcasts, while the other validators are in replay mode.
As is typical in blockchains, each transaction contains a set of public keys for the relevant accounts involved in the transaction. In the case of a simple token transfer, this is the sender and receiver public keys. For the token transfer transaction to be valid, it must be signed by the sender’s private key.
Simplified Transaction Format: [Signature, Sender Key, Receiver Key, Payload].
Check: Does Signature belong to Sender Key.
If you sign a transaction with a key that isn’t the correct one, then validators will fail the signature verification step. But this is not what happens when the leader injects a transaction.
The leader broadcasts the transactions they have included in the slot. Each validator receives those transactions, in what’s called replay mode. When transactions are replayed to a validator from the leader, the signature of each transaction should be verified. Instead the validator does a “light” check on the fields of the transaction. It looks to confirm that the correct keys are in place. There is a field in the transaction to indicate if the signatures have been previously checked (presumably by the node that accepted the transaction). But — and this is the critical flaw — the receiving validator does not actually re-run this validation of the signature i.e. there is no explicit check by the validator to verify that the owner of the account from which funds are being withdrawn has signed the transaction. In effect, the receiving validator trusts the transaction coming from the leader. This was the critical issue Reisen identified.
The steps he took were as follows:
But how come we had trouble reproducing the attack on the two testnets? The issue was that sometimes the malicious transaction the leader submitted never made it into the chain. The Solana network is so fast that it’s hard for a leader to inject transactions fast enough. But by retrying in a loop, the transaction was finally accepted into the chain. Reisen had succeeded through sheer grit and determination and found a way to steal 500M SOL on the Tour De SOL testnet.
The Solana Team Response
The Solana team’s response has been great.
The Solana codebase is excellent. The Rust compiler ensures type safety, which rules out whole classes of bugs. And the code is written defensively so that all inputs are checked. We just happened to find the one case where the robust checks we see everywhere else in the code were missed.
And now the hard work for Solana starts. Of course, questions must be asked on how this issue was missed in the recent security audit. But Anatoly (the Solana CEO) has given clear instructions to the team to review all the code, especially the crypto signing pieces.
We think this is the shock that every network needs as it prepares for the mainnet launch. We do not doubt that the Solana team will rise to the challenge to ensure that an issue like this never occurs again.
But at Chorus One we’re thrilled with our work! Reisen got his attack. And he got the much-deserved kudos from Anatoly (which is always lovely!):
And he got a new nickname: Reisen Hood, Prince of Crypto Thieves.
It’s been an amazing week for us. By a strange coincidence, Monday also saw some other big news for Chorus One. We launched Anthem, our multi-network staking platform, which allows token holders to track and manage Proof of Stake portfolios and earnings. Users can create a personalized staking dashboard for any Cosmos address, with detailed data and charts to cover your ATOM staking portfolio. Support for other networks is underway and will be coming soon. So please check it out at https://anthem.chorus.one.
When Kyle Samani first arrived on the crypto scene many were sceptical of this entrepreneur-turned-hedge-fund-manager. Kyle’s unique Crypto Twitter style made him hard to ignore. He would often throw out difficult to answer questions or make provocative statements of “fact”, which seemed designed to trigger the crypto idealists. In the process the community would fight out the ideas, and everyone gained more insight into the issues. Twitter became his crowd-sourced research tool. Later Multicoin built out a great research team to augment the crowd-sourced research, which lead to great insights we can see in their published research.
Since then, Kyle and Tushar have proved to be two of the hardest working fund managers in crypto. Their research has been excellent. Their focus on real business value and on identifying genuine customer needs has been a welcome relief in a sea of idealistic visions. Their deep strategic analysis of how this plays out has been second to none. So it was with great pleasure that we sat down with Kyle to explore the Multicoin mega theses on our podcast. Below are my five key takeaways.
While it’s early days in crypto, it will be hard for new players to get traction in DeFi. Binance is moving quickly in many different areas. They are leveraging their customer base to launch new products. So only new players who can build highly effective customer acquisition funnels will have a chance of competing. The best strategy for new entrants is a novel go-to-market focused on a narrowly defined customer segment, e.g. Bakkt super high-end institutional, FTX in derivatives.
A different approach is to leverage an existing distribution advantage. There are many products that already have millions of users that could leverage this to launch new crypto services. Social networks like Reddit or fintech upstarts can pivot into crypto in this way. Facebook / Libra is the obvious example here. What’s interesting here is that this option is open to any major corporation who is brave enough to take on the regulatory risk and who can overcome the innovator’s dilemma.
It’s hard to see how DeFi aggregators can create network effects. As a thin layer on top of other protocols (Compound, Maker etc.) it seems clear that the protocols have network effects but the UI layer does not. It will be interesting to see if any aggregation service can find a way to build in their own network effects. But maybe this feeds in (2) above: potentially the best strategy is to build a network effect elsewhere and then leverage that to resell DeFi services to a captive audience.
Samani argues (pretty convincingly) that the Cosmos vision of thousands of self-sovereign blockchains may be too complex to achieve. Do developers really want to build their own blockchains or would they prefer to focus on building services? Can the complexities of cross-chain messaging ever we abstracted away? Can all of these chains be secured? It seems like a concerted effort to build out shared security on Cosmos would be a meaningful first step to address this, followed by great libraries for building cross-chain dapps.
So maybe the future isn’t thousands of inter-operating chains. And if we haven’t solved the interchain complexity, then we probably haven’t solved the complexity of sharded chains either (as it’s pretty much the same problem).
One outcome is that Ethereum 2.0 wins out and retains its dominance. A second potential answer: Solana takes over from Ethereum as the platform of choice.
If it delivers on it’s promise, then we will get tens of thousands of transactions per second, with sub-second block times and very cheap fees. It could feasibly meet the needs of almost all use cases. And it can get faster — GPU cores are doubling every 18 months and so is bandwidth, so Solana validators could add more capacity at any time.
With the Ethereum 2.0 release looking so far away, will Solana have an opportunity to take over? Instead of an interchain world, could we see a return to a single chain dominating the space?
While we may not agree with all of what Kyle has to say, there is no doubt that he has thought deeply about all of these issues and his arguments are well reasoned.
We hope you enjoy the podcast: https://chorusone.libsyn.com/episode-25
Humanity’s strive for economic growth fueled by carbon-based energy sources has led to the warmest 5-year period on record according to a recent report by the World Meteorological Organization (WMO). Our planet’s atmosphere is reaching record high greenhouse gas concentrations and there are no signs of these trends slowing down. It’s becoming clear that major actions are required to avoid an impending crisis.
There are many theories regarding the best way to deliver peaceful social and political change. Most can be grouped into one of the following categories:
Change can and does come from each of these strategies (to different degrees, of course!). They are all useful in their own way. But in this time of climate catastrophe, where urgent action is required, the real challenge is to ensure that the efforts of all these strategies can be channelled so that they can mutually reinforce each other. In this post, we argue that the Regen Network can act as the coordination mechanism to align all of these efforts.
It’s worth noting that the Regen Network didn’t spontaneously arise. It builds on an existing global movement whose origins can be traced back to crypto-anarchism of the late-eighties and early nineties. More recently the thinking behind crypto-anarchism was reborn in communities that formed around the Bitcoin project, particularly with the ideas that led to Ethereum in late 2013. Regen Network is built using technologies from the Cosmos and Tendermint ecosystem, which are grounded in the vision brought forth by Ethereum. There are now tens of thousands (maybe even hundreds of thousands) of developers across the globe working to build out a new internet that is sometimes called Web3 or the decentralized web.
The Web3 philosophy is based on the sovereignty of the individual as a route to political and economic freedom. Projects like Ethereum and Cosmos are also built around ideas of community, where sovereign individuals can achieve their goals by working together with others. This results in new forms of economic interactions mediated by smart contracts, new financial mechanisms (“DeFi”), new social structures (Decentralized Autonomous Organizations or DAOs), new models of democracy and governance, new forms of property rights, etc.
The Regen Network vision starts with the question: what if we could reliably measure the health of every inch of the planet? If we could, then we would notice when things got better or worse in any locality. We could know when soil health improves, when wildlife is reintroduced, when land use is diversified, when water quality improves, when forests are expanded etc. Once we know these things, we can use this information to create incentives rewarding anyone who can make a positive change. This is where capital comes in. Governments, corporations, citizens and communities all have a vested interest in helping to solve this problem. So Regen looks to attract investment capital from those who desperately need to see the problem solved (all of us!) and channel it to the projects that can have the most impact. Various sensors, satellite imagery, drones, data analytics and AI, etc. are used to verify the ecological data. Blockchains provide an open, transparent record of this data and how funds are being spent. The Regen Network is a shared commons: it is owned and operated by the Regen community.
The Regen Network gives us the one thing we are missing right now: trust. We can trust that change is happening as the data is verified at source and recorded on the blockchain. We can trust that the people that are making it happen are getting rewarded appropriately, as smart contracts set the rules regarding how and when people get paid. We can trust that the network cannot be taken over by vested interests, as the governance rules of the system are clear and transparent.
Let’s look at the how Regen fits into the categories of change introduced at the start of this post:
Petitioners are fearless warriors but they face two big challenges: complexity and an aversion to markets. Petitioners typically rely on governments to effect change. But this time governments don’t know how to fix the problem without the wheels coming off the global economy. The solutions required are too complex for any one government to solve and the global systems to manage this (G20, IMF, World Bank, UN) are not equipped to take on the challenge. A failed top-down attempt to reconfigure the global economy could easily slide into global conflict.
So what tools do we have to manage complexity? It turns out we already have a coordination mechanism that has been proven to work on a global scale. It takes inputs from every actor in the system and aggregates that raw data into usable information that is used to make informed decision making. It has enabled sustained growth in human well-being over centuries. This mechanism is called a market.
Unfortunately, petitioners don’t trust markets as they tend to get co-opted by vested interests. Luckily, we now have a solution to this: blockchain technology. The Regen Network uses blockchain technology to build market-mechanisms that are resistant to co-option. These networks are owned and governed by the community. They are carefully designed to avoid attacks by powerful players.
The Regen Network also provides a way for governments to play their part to enable a robust solution to the problem. Governments can’t solve the problem alone, but they can certainly provide funding, supporting infrastructure, regulatory assistance, and rally their citizens behind these efforts.
Localists are the doers. They work hard to get things done. They find solutions that work on a local level. They share these ideas across the Internet with others. Their model has also proved to be effective.
But it’s too slow for what we need right now. And because they haven’t been able to get access to capital, they haven’t been able to scale their ideas.
The decentralized nature of the Regen Network aligns well with the localist approach. With Regen you don’t need to get permission to act. You just need to prove that what you are doing is effective. This aligns well with localists, who are naturally results-focused.
Regen can add value by routing capital to the most effective localists and by providing a mechanism to quickly spread proven models across the globe.
Self-helpers need purpose. They need a mission. They want to build a better life for themselves and those around them. Yes, that includes a safe planet to live in. But they also want a comfortable life for them and their families. A purpose with no income is a life sentence of poverty. So they need purpose that also gives them opportunities to create wealth.
To date all we’ve heard about climate change is that it will cost us. We have to travel less, eat less meat, buy less goods, spend time recycling… It’s all cost and no rewards.
Regen is looking to change that. People should get paid for the value they create. And saving the planet is valuable for all of us. The people who are provably contributing to ecological well-being should be generously rewarded.
The paradigm shift model was proposed by Thomas Kuhn to explain changes in scientific interpretations in the world. The basic idea is that science resists new ideas, until at some point the old interpretation becomes untenable and a sudden and fundamental change occurs. The classic example is the shift from the geo-centric model of the solar system to the heliocentric model of Copernicus.
It is possible that a similar phenomenon is happening with public blockchains, where a new alternative economic and political model is evolving in parallel to our existing social structures. For some people, the old system cannot be reformed. It is destined to lead us to dire ecological consequences. They argue that the only way forward is to build a parallel economic model that can step in to take over from the existing system before it’s too late. In this view, the world will shift over to Web3 once the technology is ready.
Regen Network is one of the most promising projects that delivers on this Web3 vision. For those who believe the current system is doomed, Regen gives them hope and a viable way to contribute to solving climate change.
But you don’t have to be a paradigm-shifter to believe in the Regen vision. For those who think the solution is a pragmatic mix of the existing system with some ideas from Web3, then Regen can also fulfil their needs.
A solution that can align these groups needs to have the following:
The Regen Network has all of the above. They have a viable, credible and pragmatic vision. Regen Network (once it’s fully operational) will show us all a very clear path to contribute in whatever way we can (time, effort, money, education, etc.) Saving the planet gives us all a sense of purpose. Regen channels this purpose into ecological improvement.
You can think of Regen Network as an ecological commitments network. Just like the electricity grid moves electrical power to where it’s needed, their ecological commitments network acts like a grid to route money and effort to where it can have the maximum ecological impact. People plug into the grid. They commit to doing some work that contributes to our ecological well-being. The grid matches them with people who are willing to pay for that task. A binding contract is agreed. Other entities commit to act as auditors. They confirm that commitments were delivered upon by providing proof (e.g. satellite imagery, sensor data). When commitments are verified, the people performing the work are paid.
The solution is powered by blockchain technology, which provides three key enablers that we didn’t have before:
The biggest challenge for the Regen Network to overcome is prejudice within the activist community against market-based approaches to solving the climate crisis.
For a long time, capital has been a dirty word in social activism. For some, money is the fuel of the corruption that protestors have spent decades fighting against. Some contend that the desire to financialize everything has destroyed communities, cultures and the planet. But it’s time to let go of that notion. Capital is not the enemy. Markets are not the enemy. Capital and markets are the solution.
The problem with markets to date is that they were often co-opted to serve the needs of corporations. The rules were crafted to ensure favourable outcomes to those who controlled them. Blockchain networks have changed that. Now anyone can design a market. Anyone can invent their own incentives mechanism and build it in a few lines of code. People can opt into the market mechanism that they believe are the most effective at enabling the change they want to see in the world. This is a profound transformation in the global power structure that the activist community should embrace.
Regen’s vision is to use these new capabilities to build markets based on provable ecological outputs. Avoiding climate catastrophe is a multi-trillion dollar problem. We need a big ambitious vision that can scale. We need a model that can align all stakeholders.
It must channel the energies of the petitioners who can build awareness and spread the word. They can march, lobby, strike to get governments to provide financing for Regen-based projects. Self-helpers will find their life’s purpose and a meaningful way to build wealth for them and their families. These will be the entrepreneurs and individual contributors, the farmers, the data scientists, the IoT experts, the people building AI for analyzing satellite imagery. Localists can plug into the grid and get paid for the work they are doing. They can share this knowledge with other communities across the globe. For sure, some people will only focus on their ability to make money. That could be a global corporation or a poor farmer in sub-Saharan Africa. The Regen Network doesn’t filter people out based on their motivations. The incentives structure and blockchain-enforced rules will ensure that only legitimate activities improving ecological health will be rewarded. People, tools and technology will work together to prevent fraud, scams and collusion.
This is a crisis. It needs urgency. It needs everyone to work together. Regen Network is building the grid that aligns all these efforts at effecting change, and channels them into effective ecological action.
Check out https://regen.network for more information on how you can help.
Regen are currently raising additional funding. If you are a VC, crypto investor or accredited investor, then please visit this page or contact gregory@regen.network for more information.
Chorus One is currently running a validator on Regen’s testnet and will offer staking services on the upcoming Regen Network mainnet. We have partnered with the team building the Regen Network to help fulfill their vision and will own and stake XRN tokens.
Images taken from Wikipedia, a Regen Network slide deck, and Daniel Clay, Markus Spiske, Biegun Wschodni from Unsplash.
Originally published at https://blog.chorus.one on November 5, 2019.
Blockchain fees are an underexplored topic that plague the UX of decentralized applications. Currently, Ethereum users need to hold a balance of ETH to pay for gas fees. There are many workarounds like meta transactions to make onboarding users easier. An often discussed concept is “economic abstraction” — letting users pay fees in other tokens aside from ETH. The Cosmos multi-token fee model aims to embrace this concept. In this model, validators are able to accept different token denominations as fees by whitelisting tokens and configuring minimum fees they are willing to accept per denomination. But using this model also comes with UX implications for the network, especially for stakers that will receive paid transaction fees as compensation.
In the Cosmos ecosystem, transactions will be routed through the Cosmos Hub via the inter-blockchain communication protocol (IBC). Since transaction fees are paid out as rewards to stakers, a world where users pay in multiple tokens also means that those staking will, by design, receive a fraction of these tokens as rewards.
In this world, the UX problem lies on the side of those providing their capital and services to secure the network. Small delegators might end up with tiny balances of fee tokens worthless to them. So how do we get rid off this dust? 🧹
As part of the Cosmos Seoul hackathon, we conceptualized a solution to this problem and won third prize with it. Babelfish is a protocol designed to accumulate fee tokens across a period of time (number of blocks) and to automatically auction them off in a batch. Our design uses Atoms as the auction pair. It distinguishes between individual auctions for popular payment tokens and basket auction for niche tokens.
The hackathon implementation uses a first price open bid auction. The following will walk through a hypothetical cBTC (BTC on a Cosmos peg zone) auction:
For a more detailed description and discussion of potential issues check out our in-depth writeup on Babelfish here.
Babelfish could provide a business model to the Cosmos Hub to offer fee auctions as a service to other blockchains. Additionally, the protocol also enables delegation vouchers to work in a multi-token environment. There are quite possibly some alterations and alternatives to this design. Making use of second price, dutch, or closed auctions is possible. An interesting alternative to our solution could also lie in an automatic conversion of fees using a Uniswap-style DEX. We are excited to contribute our research to making a user-friendly internet of blockchains a reality.
About Chorus One
Website: https://chorus.one
Twitter: https://twitter.com/chorusone
Telegram: https://chorus.one/telegram
Discord: https://chorus.one/discord
Originally published at https://blog.chorus.one on August 5, 2019.
We are about to witness a wave of high-profile Proof-of-Stake projects launch their main networks. At Chorus One, we have spent more than a year researching the ecosystem, designing our infrastructure, and most importantly, actively participated in multiple PoS networks. This led us to experience different approaches to bootstrap a staking community.
A key question is how to transition from testnets to a permission-less, decentralized network with millions of dollars of value at stake. This post summarizes the problem statement and introduces the concept and value proposition of incentivized testnets. Another follow-on post will cover more concrete insights, learnings, and recommendations on how to ideally bootstrap a staking community utilizing testnet competitions.
The goal for a PoS network is to be maintained by a multitude of independent, geographically diversified entities (validators). Voting power should (ideally) be somewhat evenly distributed across these validators to minimize the likelihood of a small number of actors wielding outsized control over the network. A genuinely decentralized network will also assist with network stability and favorable regulatory treatment.
Operating blockchain nodes costs money. There are costs related to provisioning and configuring the infrastructure. But there are also, often overlooked, costs associated with the time and skill (human capital) that is required to set up, operate, and maintain a validator.
Proof-of-Stake networks have a token that is supposed to compensate validators for these costs. But rewards are only paid out once the network is live. Who is incentivized to run nodes on a testnet with no compensation?
One approach is to assume that the community aka investors holding the token will run nodes themselves and will prepare adequately for the mainnet by participating in testnets. In reality, it is likely that the best node operators aren’t already invested in the project. The skills and capacity for investing capital in early-stage projects can be totally orthogonal to the skills required to operate a node well. Also, having investors as node operators will probably result in a more centralized network, especially considering concentrated token distributions.
Some node operators will participate in testnets in expectation of delegations on the mainnet. This implies the existence of some form of delegation mechanism. But what about validator skin in the game? Many projects emphasize the need for validators to have some economic stake in the project. This mostly translates to requiring a minimum buy-in for validators, which narrows the set of potential node operators to those that have enough capital to invest relatively large amounts themselves.
Additionally, because there are no economic incentives to participate in testnets, operators won’t put in too much effort to seriously test the software or optimize their architecture and operations. Finally, the choices of networks to validate on for node operators are increasing. Joining a testnet has associated opportunity cost for validators. In conclusion, PoS projects need a way to convince good and dedicated node operators that will increase the value of the network to join their ecosystem.
As a summary, the high-level goals to accomplish before launching a PoS mainnet are:
An emerging trend is to run an incentivized testnet competition that rewards participants with tokens based on their performance during the competition. The idea is to bootstrap a community of high-quality node operators while at the same time testing and improving network performance, robustness, incentives, and other features in adversarial conditions that resemble a live network.
The project that first established and carried out such a competition is Cosmos with their “Game of Stakes” (GoS). Multiple PoS projects are currently exploring their own testnet competitions. We’re aware of the Enigma incentivized testnet and many others that didn’t announce their plans publicly yet.
The common thread across these competitions is the desire to battle test the protocol’s cryptoeconomic design, network performance, and features such as governance and delegation. Often additional rewards (bounties) are offered to participants that scrutinize each part of the system to uncover code or incentive flaws.
Going back to the PoS network launch goals stated above, we can see that an incentivized testnet competition is an amazing tool to realize them:
Another positive side-effect of a testnet competition is that it enables project teams and validators to test and establish communication channels and coordination processes that will persist to the mainnet. This can include announcement and discussion channels, upgrade processes, call schedules, etc.
While GoS worked out incredibly well on many fronts, we believe that there is room for improvements for future incentivized testnet competitions. We’re always happy to share our experiences and feedback, reach out to us to learn more! A follow-on post will go into detail covering learnings and recommendations gathered from the GoS experience, our research, and conversations with validators, protocol designers, as well as other players in the staking space.
