SUI report Section 2 and 3 (Node.Monster) #14
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
puhtaytow
approved these changes
Dec 26, 2024
| @@ -49,20 +49,56 @@ The desirable properties related to Sui’s architecture and its integration wit | |||
|
|
|||
| ## Section 2: Network and Protocol Integrity [Common Prefix, Eiger, NodeMonster] | |||
| ### 2.1 Network Architecture | |||
| - Assessment of Sui's architecture, consensus mechanism, and staking requirements. | |||
| - Assessment of the Sui team, governance structure, and decentralization status. | |||
| Sui is a Layer 1 blockchain that supports scalable, high-performance decentralized applications. Unlike traditional blockchain architectures, Sui employs an object-based accounting model and a modified Delegated Proof-of-Stake (DPoS) consensus mechanism. Transactions are categorized into "simple" and "complex," with simple transactions bypassing traditional consensus steps, enhancing performance. Complex transactions leverage Narwhal for data availability and Bullshark for ordering, ensuring efficiency and resilience. | |||
There was a problem hiding this comment.
Suggested change
| Sui is a Layer 1 blockchain that supports scalable, high-performance decentralized applications. Unlike traditional blockchain architectures, Sui employs an object-based accounting model and a modified Delegated Proof-of-Stake (DPoS) consensus mechanism. Transactions are categorized into "simple" and "complex," with simple transactions bypassing traditional consensus steps, enhancing performance. Complex transactions leverage Narwhal for data availability and Bullshark for ordering, ensuring efficiency and resilience. | |
| Sui is a Layer 1 blockchain that supports scalable, high-performance decentralised applications. Unlike traditional blockchain architectures, Sui employs an object-based accounting model and a modified Delegated Proof-of-Stake (DPoS) consensus mechanism. Transactions are categorized into "simple" and "complex," with simple transactions bypassing traditional consensus steps, enhancing performance. Complex transactions leverage Narwhal for data availability and Bullshark for ordering, ensuring efficiency and resilience. |
| - **Sponsored Transactions:** Unique mechanism allowing third parties to pay transaction fees, promoting accessibility. | ||
| All computation fees and reward subsidies earned by a validator, minus its chosen commission rate, are shared with delegators. The validator receives the tokens charged as commission and a percentage of the rewards after removing the commission. This percentage equals the ratio of self-staked SUI against the total SUI staked to the validator. The second part of a validator’s rewards is sourced from the Storage Fund, which is funded by the storage fees involved in each transaction. Today’s validators process transactions occurring today and create data. If new validators join tomorrow, they will have to store data they were not rewarded to create. Storage fees included in each transaction fee are sent to the fund, which is used to reward tomorrow's validators with the storage fees paid today. Of note, the tokens held in the Storage Fund accrue rewards from its proportionate amount of the total staked supply. | ||
|
|
||
| Sui’s staking mechanism requires validators to hold a minimum of 30 million SUI (high barrier relative to the market). Validators share computational rewards with delegators, fostering ecosystem-wide engagement. Sui currently operates with approx. 108 active validators, ensuring robust security and incentivizing network participation. The total number of staked assets on Sui is approximately 7.8B SUI (78.33% of total assets), The top 10 validators (inc. Mysten Labs) are operating approx 22% of the total staked assets. |
There was a problem hiding this comment.
Suggested change
| Sui’s staking mechanism requires validators to hold a minimum of 30 million SUI (high barrier relative to the market). Validators share computational rewards with delegators, fostering ecosystem-wide engagement. Sui currently operates with approx. 108 active validators, ensuring robust security and incentivizing network participation. The total number of staked assets on Sui is approximately 7.8B SUI (78.33% of total assets), The top 10 validators (inc. Mysten Labs) are operating approx 22% of the total staked assets. | |
| Sui’s staking mechanism requires validators to hold a minimum of 30 million SUI (high barrier relative to the market). Validators share computational rewards with delegators, fostering ecosystem-wide engagement. Sui currently operates with approx. 108 active validators, ensuring robust security and incentivising network participation. The total number of staked assets on Sui is approximately 7.8B SUI (78.33% of total assets), The top 10 validators (inc. Mysten Labs) are operating approx 22% of the total staked assets. |
|
|
||
| ### 2.2 Governance and Compliance | ||
| - Assessment of Sui's governance framework, key decision-making processes, and regulatory considerations. | ||
| Sui’s governance framework is currently centralized, with decisions predominantly directed by the Sui Foundation and Mysten Labs. The network lacks an active decentralized governance model as of December 2024. However, plans to integrate governance through staked SUI tokens have been proposed, where voting power would correspond to combined self-staked and delegated tokens, capped at 10% per validator to prevent centralization. |
There was a problem hiding this comment.
Suggested change
| Sui’s governance framework is currently centralized, with decisions predominantly directed by the Sui Foundation and Mysten Labs. The network lacks an active decentralized governance model as of December 2024. However, plans to integrate governance through staked SUI tokens have been proposed, where voting power would correspond to combined self-staked and delegated tokens, capped at 10% per validator to prevent centralization. | |
| Sui’s governance framework is currently centralised, with decisions predominantly directed by the Sui Foundation and Mysten Labs. The network lacks an active decentralised governance model as of December 2024. However, plans to integrate governance through staked SUI tokens have been proposed, where voting power would correspond to combined self-staked and delegated tokens, capped at 10% per validator to prevent centralisation. |
| Key Governance Insights: | ||
| - Community proposals follow the SIP (Sui Improvement Proposal) process. While the community can signal support, the project team makes the final decisions. | ||
| - Regulatory considerations are actively managed by Mysten Labs, which maintains compliance with U.S. legal frameworks. | ||
| - The absence of a robust, decentralized governance mechanism may limit community-driven innovation but ensures streamlined decision-making during the network’s early stages. |
There was a problem hiding this comment.
Suggested change
| - The absence of a robust, decentralized governance mechanism may limit community-driven innovation but ensures streamlined decision-making during the network’s early stages. | |
| - The absence of a robust, decentralised governance mechanism may limit community-driven innovation but ensures streamlined decision-making during the network’s early stages. |
| - Assessment of Sui's programming language, smart contract features, and security measures. | ||
| Sui’s smart contracts are written in Sui Move, a Rust-based programming language derived from the Move language developed at Meta. This language offers enhanced safety features, including: | ||
| - **Type Safety:** Reduces vulnerabilities by ensuring strict data type adherence. | ||
| - **Resource-Oriented Programming:** Prevents double-spending and unauthorized state changes by enforcing ownership and access rules. |
There was a problem hiding this comment.
Suggested change
| - **Resource-Oriented Programming:** Prevents double-spending and unauthorized state changes by enforcing ownership and access rules. | |
| - **Resource-Oriented Programming:** Prevents double-spending and unauthorised state changes by enforcing ownership and access rules. |
| - **Type Safety:** Reduces vulnerabilities by ensuring strict data type adherence. | ||
| - **Resource-Oriented Programming:** Prevents double-spending and unauthorized state changes by enforcing ownership and access rules. | ||
| - **Formal Verification:** Facilitates rigorous testing and validation of smart contracts to minimize bugs. | ||
| Testing and debugging mechanisms for Sui’s smart contracts include modular code organization, ownership rules, and structured data flow that allow developers to easily test and debug contracts. Developers are encouraged to employ local testing environments, implement explicit error-handling mechanisms, and regularly verify contracts using Move Prover. Recent updates to development tools also enhance debugging processes and streamline integration with Sui's broader ecosystem. |
There was a problem hiding this comment.
Suggested change
| Testing and debugging mechanisms for Sui’s smart contracts include modular code organization, ownership rules, and structured data flow that allow developers to easily test and debug contracts. Developers are encouraged to employ local testing environments, implement explicit error-handling mechanisms, and regularly verify contracts using Move Prover. Recent updates to development tools also enhance debugging processes and streamline integration with Sui's broader ecosystem. | |
| Testing and debugging mechanisms for Sui’s smart contracts include modular code organisation, ownership rules, and structured data flow that allow developers to easily test and debug contracts. Developers are encouraged to employ local testing environments, implement explicit error-handling mechanisms, and regularly verify contracts using Move Prover. Recent updates to development tools also enhance debugging processes and streamline integration with Sui's broader ecosystem. |
| - **July 6, 2024:** Public RPC nodes were crashed when attempting to submit a transaction. | ||
| - **November 12, 2024:** Sui testnet validators don't accept new user transactions. The issue has been resolved. | ||
| - **November 21, 2024 Mainnet Outage:** A major outage occurred due to a critical bug in the consensus mechanism, an unexpected issue in the transaction validation pipeline caused intermittent disruptions, <ins>and led to a halt in transaction processing for over 24 hours.</ins> The problem was [traced to an edge case](https://blog.sui.io/sui-mainnet-outage-resolution/) in transaction ordering and was resolved in version 1.8.2 of the protocol, but it exposed vulnerabilities in handling high-throughput scenarios. The incident also highlighted the need for improved disaster recovery mechanisms and validator coordination. | ||
| SUI has engaged with [third-party auditors](https://sui.io/security), including Zellic, Halborn,Common Prefix, OtterSec, and others, which conducted multiple audits focusing on core components. Its worth noting that no further audits were made from April 2023. |
There was a problem hiding this comment.
Suggested change
| SUI has engaged with [third-party auditors](https://sui.io/security), including Zellic, Halborn,Common Prefix, OtterSec, and others, which conducted multiple audits focusing on core components. Its worth noting that no further audits were made from April 2023. | |
| SUI has engaged with [third-party auditors](https://sui.io/security), including Zellic, Halborn, Common Prefix, OtterSec, and others, which conducted multiple audits focusing on core components. Its worth noting that no further audits were made from April 2023. |
| Additional notable considerations for the Axelar community include the nuances of Sui's consensus mechanism and upgrade processes. The Narwhal and Tusk consensus mechanism used by Sui integrates a Directed Acyclic Graph (DAG)-based mempool with a Byzantine Fault Tolerant (BFT) protocol. This architecture is inspired by cutting-edge research but has seen limited external audits. While the foundational papers validating these approaches are rigorous, the specific implementations in Sui may include optimizations that require further review and validation. | ||
|
|
||
| Sui has introduced significant upgrades, such as version 1.9.0, aimed at improving performance and enhancing fault tolerance. However, these updates often bring added complexity, which, if not thoroughly tested, could introduce new vulnerabilities. Notably, recent findings by security firms have identified edge cases in Sui's transaction validation pipeline that require further mitigation efforts. | ||
| Finally, while the Narwhal and Tusk mechanisms provide high throughput and resilience, their reliance on validator coordination in high-load scenarios remains a critical area of focus. Ensuring decentralized participation and seamless fallback mechanisms will be essential to maintaining trust and security across the network. |
There was a problem hiding this comment.
Suggested change
| Finally, while the Narwhal and Tusk mechanisms provide high throughput and resilience, their reliance on validator coordination in high-load scenarios remains a critical area of focus. Ensuring decentralized participation and seamless fallback mechanisms will be essential to maintaining trust and security across the network. | |
| Finally, while the Narwhal and Tusk mechanisms provide high throughput and resilience, their reliance on validator coordination in high-load scenarios remains a critical area of focus. Ensuring decentralised participation and seamless fallback mechanisms will be essential to maintaining trust and security across the network. |
| Sui has introduced significant upgrades, such as version 1.9.0, aimed at improving performance and enhancing fault tolerance. However, these updates often bring added complexity, which, if not thoroughly tested, could introduce new vulnerabilities. Notably, recent findings by security firms have identified edge cases in Sui's transaction validation pipeline that require further mitigation efforts. | ||
| Finally, while the Narwhal and Tusk mechanisms provide high throughput and resilience, their reliance on validator coordination in high-load scenarios remains a critical area of focus. Ensuring decentralized participation and seamless fallback mechanisms will be essential to maintaining trust and security across the network. | ||
|
|
||
| Mitigation strategies include expanding the bug bounty program to incentivize community-driven vulnerability identification, enhancing decentralization by encouraging broader validator participation, and conducting periodic audits to ensure security and protocol integrity. Proactive measures such as threat monitoring, disaster recovery planning, and regular protocol upgrades aim to address these risks and foster long-term resilience. |
There was a problem hiding this comment.
Suggested change
| Mitigation strategies include expanding the bug bounty program to incentivize community-driven vulnerability identification, enhancing decentralization by encouraging broader validator participation, and conducting periodic audits to ensure security and protocol integrity. Proactive measures such as threat monitoring, disaster recovery planning, and regular protocol upgrades aim to address these risks and foster long-term resilience. | |
| Mitigation strategies include expanding the bug bounty program to incentivise community-driven vulnerability identification, enhancing decentralisation by encouraging broader validator participation, and conducting periodic audits to ensure security and protocol integrity. Proactive measures such as threat monitoring, disaster recovery planning, and regular protocol upgrades aim to address these risks and foster long-term resilience. |
k4m4
reviewed
Dec 26, 2024
|
|
||
| Key Architectural Features: | ||
| - **Object-Based Accounting Model:** Combines features of UTXO and account-based models to enable granular state management, making it particularly suitable for complex dApps. | ||
| - **Consensus:** The Sui Network uses a Narwhal and Tusk consensus mechanism, which combines DAG-based mempool design (Narwhal) with a Byzantine Fault Tolerant (BFT) consensus algorithm (Tusk). Validators individually validate transactions and generate certificates of finality, optimizing for throughput and latency. |
There was a problem hiding this comment.
Suggested change
| - **Consensus:** The Sui Network uses a Narwhal and Tusk consensus mechanism, which combines DAG-based mempool design (Narwhal) with a Byzantine Fault Tolerant (BFT) consensus algorithm (Tusk). Validators individually validate transactions and generate certificates of finality, optimizing for throughput and latency. | |
| - **Consensus:** The Sui Network relies on the Mysticeti DAG-based consensus algorithm, which improves upon Narwhal-Tusk. Mysticeti has been formalized in the form of [an academic research paper](https://arxiv.org/pdf/2310.14821) published on arXiv, with rigorous proofs of safety and liveness. Notably, Mysticeti achieves the optimal consensus latency of three network round trips, resulting in a ~4x latency reduction to Sui mainnet. Rather than relying on a single leader to propose a block, Mysticeti supports multiple validators proposing blocks in parallel, making use of the full bandwidth of the network. Moreover, validators who attempt to censor valid transactions are accountable. |
There was a problem hiding this comment.
Sui has switched to Mysticeti: https://sui.io/mysticeti
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.