Nibiru, a New Public Chain with Over $20 Million in Funding, Will Go Live, Explaining Its Technical

Beosin has launched an auditing program for the Nibiru ecosystem
Cover by Nibiru
Layer1 public chain Nibiru Chain launched its airdrop incentive at the end of January 2024, and after a month of airdrop activity, its community has grown more than 3x with more than 500,000 Twitter followers. as a new public chain with more than $20 million in funding, Nibiru Chain is focused on solving the problem of security and speed in DeFi applications, and will be a potential competitor to dYdX.

Nibiru Chain is planning to launch its mainnet this week, what are the technical features and competitive advantages of Nibiru Chain as a fast-growing Layer1, and what are the security issues that need to be taken care of for the development of its ecosystem. today Beosin will explain all of them to you.

Nibiruxa0Chain Protocol Explanation

Nibiru Chain mainly focuses on DeFi transactions and has 4 core components:
1.xa0 Nibi-Perps
On-chain perpetual contract trading that allows users to trade up to 10x leverage on popular crypto assets such as BTC, ETH, and ATOM. $NIBI pledgers will have governance of Nibi-Perps and a discount on trading fees.
2.xa0 Nibi-Swap
Nibiru's automated market maker protocol is planned to support 2 types of LP pools: stablecoin exchange pools and regular constant multiplier pools.
3.xa0 $NUSD
Nibiru is a fully collateralized stablecoin for the Nibiru ecosystem. the Nibiru program initially supports the minting of NUSD using $USDC and $NIBI, with the exact ratio of the two being determined by the Collateral Ratio (CR). if CR=80%, meaning that to mint 100 $NUSD, the user would need to provide 80xa0$USDC and the equivalent of 20 NUSD of NIBI.
In the future, Nibiru Chain will support more types of collateral, and for now xa0$NUSD is more like xa0$FRAX for the Cosmos ecosystem.
4.xa0 Nibi-Oracles
Nibi-Oracles is Nibiru's native predicator solution that allows validator operators to actively participate in predicator consensus voting, integrating off-chain data with high fidelity onto the blockchain, providing low-latency feedback from external APIs and smart contracts.
In 2024, Nibiru Chain will focus on expanding the ecosystem, with key developments including initiatives such as integrating with major DeFi projects across multiple chains, listing on leading centralized exchanges, completing parallel optimistic execution, and achieving full EVM compatibility.
Secure Development Practices
If you are developing an application on the Nibiru Chain, the development process and required language is almost identical to that of other Cosmos public chains, and you can improve the contractual security of your project by following the security guidelines below:
1.xa0 Being prepared for attacks
Similar to developing contracts with Solidity, developers need to consider how they will face attacks and fix vulnerabilities, so they need to build smart contracts that are scalable and have a risk response plan in place.
2.xa0 Note the standardization of address validation
Any valid Cosmos SDK address has two valid representations: all lowercase and all uppercase, e.g., cosmos1uzwqa88hcqe5gs7u7lgjxekz7xc6sm0f7xwp6a with COSMOS1UZWQA88HCQE5GS7U7LGJXEKZ7XC6SM0F7XWP6A are all the same address, and so is Nibiru. we need to take this property of addresses into account when dealing with addresses in contracts.
As shown in the code above, since dest is not standardized and usually uses lowercase addresses, anyone can bypass BLACKLIST by providing an uppercase address.
3.xa0 Note arithmetic and overflow
In CosmWasm contracts, developers should be aware of the risk of integer overflow or division by 0. It is recommended that developers use CosmWasm's Uint256 and Uint512 types and use the math function full_mul(), which does not overflow.
4.xa0 Access control issues
Access control is one of the major issues in program security, and the number of security incidents caused by access control issues is numerous, and needs to be taken seriously in Cosmwasm contracts as well.The following is a typical example:
The above code, because of the missing check and restriction on the caller's address, allows anyone to call update_config() and set their address as the vault address to receive all rewards generated by the contract.