Check out this blog post in español, 简体中文, 繁體中文, 日本語, हिंदी, 한국인, tiếng-việt, deutsch, português, français, русский, українська, persian, türkçe, and indonesian.

ZetaChain is excited to announce the launch of our official bug bounty program in partnership with Immunefi, the leading bug bounty platform for Web3. This initial program is focused on testnet and further strengthening the security of ZetaChain’s smart contracts and web applications. It’s the first of subsequent, higher-reward programs. Security in the cross-chain space is crucial considering the number of and magnitude of exploits that transpired in 2022. As the industry becomes more multichain, demand for liquidity and data between chains will persist. Accordingly, advancements in blockchain interoperability are needed to support a truly fluid web3 ecosystem. In this post, we share a brief technical and security overview of ZetaChain including how its network is secured. Details on the Immunefi bug bounty program can be found here.

Brief ZetaChain Technical Overview

ZetaChain is a public L1 blockchain that enables generic cross-chain programmability across all chains, and thus omnichain interoperability of any value or data. At a high-level, together, three core functions make this possible:

• Cross-chain Messaging: This function is responsible for observing relevant events, transactions, and states at a point in time on any connected external blockchain e.g. Ethereum, BSC, Polygon, Bitcoin, L2s, Etc. The cross-chain message relay verifies and reaches consensus on those observations.

• Omnichain Smart Contracts: This new smart contracts primitive describes ZetaChain’s ability to hold accounts and custody assets on external chains with the ability to execute arbitrary logic in response to external chain events. These smart contract actions are initiated under certain conditions, controlled by the third function described next.

• Decentralized Transaction Signing: In a distributed fashion, mutating states on external blockchains is authenticated and secured by GG20 leaderless Threshold Signature Scheme (TSS). How this works is that ZetaChain nodes collectively hold a private key and with a certain threshold of signatures, they can sign and initiate smart contract actions in a way that does not reveal any secrets to participating nodes. This is made possible via MPC (Multi-party Computation) digital signature. Key generation and signature signing by the ZetaChain protocol enable things like non-smart chain connectivity (Bitcoin, Dogecoin, Monero, Etc.).

ZetaChain Security Overview: How is the Network Secured?

ZetaChain is a Proof of Stake (PoS) blockchain built on Cosmos SDK and Tendermint consensus, which can connect to external blockchains (e.g., Ethereum, BSC, Solana, Avalanche, Terra, Bitcoin) and layers (e.g., Polygon, Optimism, Arbitrum) in a decentralized (without a single point of failure, trustless, permissionless), transparent, and efficient way.

The ZetaChain architecture consists of validators, observers, and signers. Validators participate in block production and receive rewards proportional to their bonded staking coins. Observers reach consensus on external chain events and states. Signers, in a distributed fashion, hold standard ECDSA/EdDSA keys to sign messages on behalf of ZetaChain.

ZetaChain utilizes GG20 leaderless Threshold Signature Scheme (TSS), which does distributed key generation and key signing. No single ZetaChain node or other individual has access to the complete private key at any point in time. All of the inbound/outbound transactions and decisions made (through state change) are recorded in the ZetaChain blocks, which are available, immutable, verifiable, and completely transparent.

Security of the Cross-chain ZETA Token & Message Passing

The ZETA token is the native gas token on ZetaChain and also issued on connected external chains such as Ethereum, Binance Smart Chain, and Polygon as an ERC20 token. The total supply of ZETA token across all chains at genesis is 2.1 billion. The ZetaChain protocol natively supports moving ZETA tokens across all connected chains via on-chain transactions. The ZetaChain protocol also ensures the total supply invariance when moving ZETA token cross-chain by observing supplies of ZETA token on all connected chains.

On sufficiently capable smart contract chains, the ZetaChain protocol deploys Connector contracts which allow smart contracts on different chains to call each other with arbitrary messages. The messages left by the user contract are relayed by ZetaChain observers and signers according to consensus rules defined on ZetaChain. The dApp developers and ZetaChain protocol each shares their own responsibility to secure the cross-chain application.

Security of ZRC-20 & Fungible Module

Apart from cross-chain message passing via the Connector contract on connected chains, ZetaChain’s own smart contract platform (zEVM) provides a different mechanism for cross-chain applications that deals only with fungible tokens (such as the swap app, borrow/lending, Etc.). The dApp developer needs only to develop and deploy an Omnichain Smart Contract on ZetaChain, leveraging the ZRC-20 contracts and fungible module on ZetaChain, to manage foreign fungible tokens, including native gas (Ether, BNB, Matic, BTC) and custom tokens such as USDC, USDT, BUSD. The user is able to trigger arbitrary contracts calls on ZetaChain zEVM by appending a memo to the transactions on external chains. This allows developers to easily build cross-chain dApps that transact native assets without wrapping such that dApp users do not bear the risk of de-pegged wrapped assets.

The omnichain smart contracts on ZetaChain inherits the security of the DPoS Cosmos sovereign chain and the observer and MPC signers.

About ZetaChain

ZetaChain is the foundational layer to a multichain future. The novel blockchain enables multichain functionality without using bridges or wrapped tokens and the easy deployment of omnichain-dApps, or odApps. These applications can manage and connect data and value across all smart contract platforms as well as non-smart contract platforms like Bitcoin and Dogecoin.

Categories