Nibiru is about to launch its mainnet. What are its technical characteristics and security development practices.

Nibiru Chain launched its airdrop incentives at the end of January 2024. After a month of airdrop activities, its community grew more than three times and the number of Twitter followers exceeded 500,000. As a new chain with over $20 million in financing, Nibiru Chain focuses on solving the security and speed of DeFi applications.

Nibiru Chain plans to launch its mainnet this week. As a fast-growing Layer 1, what are the technical features and competitive advantages of Nibiru Chain? What safety issues need to be paid attention to in the development of projects on Nibiru Chain? Here is Beosin's analysis on it.

Nibiru Chain Analysis

Nibiru Chain mainly focuses on DeFi and trading. It has the following four components:

1. Nibi-Perps

On-chain perpetual contract trading allows users to trade with up to 10 times leverage on crypto assets such as BTC, ETH and ATOM. $NIBI stakers will have Nibi-Perps governance rights and trading fee discounts.

2. Nibi-Swap

Nibiru's automated market maker protocol plans to support two types of LP pools: stablecoin pools and constant product model pools.

3. $NUSD

$NUSD is a fully collateralized stablecoin of the Nibiru ecosystem. Nibiru plans to first support users to use $USDC and $NIBI to mint $NUSD. The specific ratio between the two is determined by Collateral Ratio. If CR= 80%, which means to mint 100 $NUSD, users need to provide 80 $USDC and $NIBI equivalent to 20 $NUSD.

In the future, Nibiru Chain will support more types of collateral. Currently, $NUSD is more like $FRAX of the Cosmos ecosystem.

4. Nibi-Oracles

Nibi-Oracles is its native oracle solution that allows validators to actively participate in oracle consensus voting, integrate off-chain data into the blockchain with high fidelity, and provide low-latency feeds from external APIs and smart contracts.

In 2024, Nibiru Chain will focus on the growth of its ecosystem and its main developments include integrating with major DeFi projects on multiple chains, listing on first-tier centralized exchanges, completing parallel optimistic execution, and achieving comprehensive EVM compatibility.

Secure Development Practices

If you develop an application on Nibiru Chain, the following security guidelines can help improve the contract security of your project:

Contract development security

1. Be prepared for attacks

Similar to developing Solidity contracts, developers need to consider how to face attacks and fix vulnerabilities. Therefore, developers need consider to build upgradable smart contracts and develop risk response plans.

2. Pay attention to the standardization of address verification

There are two valid representations of any valid Cosmos SDK address: all lowercase and all uppercase, such as: cosmos1uzwqa88hcqe5gs7u7lgjxekz7xc6sm0f7xwp6a vs.

COSMOS1UZWQA88HCQE5GS7U7LGJXEKZ7XC6SM0F7XWP6A are the same address, and Nibiru is the same. When dealing with addresses in contracts, we need to consider this characteristic of addresses.

As shown in the above code, since dest is not standardized and the addresses commonly used are lowercase addresses, anyone can bypass BLACKLIST by providing uppercase addresses.

3. Pay attention to operations and overflow

In the CosmWasm contract, developers need to pay attention to the risk of integer overflow or division by zero. It is recommended that developers use CosmWasm's Uint256 and Uint512 types and use the mathematical function full_mul().

4. Access control issues

Access control is one of the main issues in program security . There are countless security incidents caused by access control issues, which also need to be paid attention to in the Cosmwasm contract. The following is a typical case:

Due to the lack of checks and restrictions on the caller's address, the above code allows anyone to call update_config(), set their own address as the treasury address, and receive all rewards generated by the contract.

5. Beware of infinite loops

CosmWasm contracts may get stuck in an infinite loop by calling itself back in the ACK handler. If developers transfer data packets between two CosmWasm contracts, they should be aware that this may cause an infinite loop and consume a lot of gas fees.

Project safety practices

1. Smart contract audit

Smart contract audit is to systematically test and review the smart contract code to discover potential security issues, eliminate security risks, and ensure that the code has no business logic vulnerabilities and conforms to the expected running process and results. Regular security audits of the project's smart contracts are crucial.

2. Use a multi-signature wallet

Project parties need to consider using multi-signature wallets to manage project treasury and smart contracts. Multi-signature accounts need to be held by multiple entities to avoid potential access control risks and internal evil. At present, Nibiru Chain has adopted Nomos multi-signature solution, and projects can consider using Nomos for asset management.

Summary

As a new Layer 1, Nibiru Chain provides an innovative platform for DeFi, games, RWA and other fields. It aims to solve the accessibility, security and performance issues of Web3 applications and provide developers and ordinary users with comprehensive and excellent services.

Currently, Beosin has established a strategic partnership with Nibiru Chain , aiming to significantly improve the security of the Web3 ecosystem and conduct cutting-edge joint research to create a more secure and innovative blockchain ecological environment.

Beosin will provide professional services in smart contract auditing and risk monitoring for projects built on Niburu Chain. Through Beosin's security solution, projects can identify and repair potential vulnerabilities and security risks to ensure the stability and security of its smart contracts and systems. This not only protects users' assets, but also provides users with a more reliable experience, further promoting the safe development of the Nibiru Chain ecosystem.