Shentu Roadmap 2.0
⚠️This roadmap gives a general outline of the planned features & improvements for Shentu Chain. The contents or the order of the items in the roadmap may change. ⚠️
A Web3 Security Hub
Shentu is designed to be the security hub for blockchains from the beginning. It currently offers many different security-focused products, including certificates, insurance, and real time on-chain security score aggregation. Since its laucnh on October 24, 2020, Shentu has served hundreds of certificates, thousands of score aggregations, and millions of transactions. However, while the security related features are currently serving their purpose to some extent, it would be much better if we could enhance the modules’ general features and add on necessary improvements as well as connections that would make them into a truly unified security suite.
Current Security Features
Through the roadmap, we are aiming to connect the dots we currently have. Shentu has several different security products deployed on mainnet, which are cert, oracle, and shield. Interacting with the native Cosmos modules gives them a unique advantage over other blockchain-native security services, but they have not yet attracted lots of users looking for security services, mainly because the modules were designed as standalones instead of parts of an unified suite.
The cert module manages the on-chain identity and certificates. From a simple auditing or compilation certificates to certifier roles, it serves as a verification center where all reputation and status verification information is stored. As we build more features and interaction between different modules, the cert module will play a key platform where project and participants can build their reputations and credits.
Oracle module acts as a consensus platform for off-chain security score requests on various L1 blockchains, such as Ethereum and BNB Chain. Currently oracle module supports on-chain smart contract scores delivered upon requests, that can be used by other smart contracts of the same chain to get on-chain dynamic scores of monitored smart contracts and functions.
Shield is a decentralized pool of CTK that uses on-chain governance system of Shentu Chain to reimburse lost, stolen, or inaccessible assets from any blockchain network. There are two members of the Shield system: Collateral Providers and Shield Purchasers. Providers contribute cryptocurrency as collateral to fill the Shield Pool. In return, they receive a portion of the fees paid by Purchasers, in addition to the usual staking rewards. Purchasers gets a protection up to their shield purchases for pay a recurring fee based on their riskiness.
Planned New Features and Improvements for 2.0
The most important addition to Shentu in the short term will be the Bounty module. The bountyBounty module will serve as a hub for decentralized bounty contests, such as bug bounty programs and CTF contests. With the bounty module, any participants will be able to create their own bounty programs, and anyone will be able to participate for possible rewards. The Bounty module will be the first of its kind, where all of the process is recorded transparently on-chain with a decentralized appeal process for submission and reward judgment.
One of the good features Shentu could use is an entrypoint module where the users of the security services provided by Shentu. Before, there wasn’t any good reason for them to use any of the existing modules that provide security service (Shield and Cert). With bounty module, we can logically start the entire security service, linked with cert, oracle, and shield to provide a decentralized, transparent security service on Shentu.
Note the monitoring and protection services (oracle and shield) can be continuous, whereas audit and bug bounty would normally be a one time service with a fixed time period.
Ideally, each bounty program will act as a promotion or an advertisement entrypoint to access Shentu’s security features. During the bounty program, bounty module will issue various certificates related to the ongoing program to the participants. Also, the project will receive a certificate that it completed a bounty program on Shentu, which then can be used for other parts of Shentu, like Shield or Oracle.
Note some of the on-chain interactions and off-chain queries that can be used by the participants are omitted, such as the users using the monitoring service for their investment or projects opening up a new insurance product on shield.
Gov Module Interoperability
Currently the governance module is customized in a way that allows us to implement certifier roles and voting rounds, like deposit exemption or certifier voting rounds. However, the way we implemented it makes it hard for the third party wallet providers to accommodate Shentu’s governance process due to incompatibility. We aim to minimize the incompatibility by refactoring the governance module so the front end providers can simply use CosmosSDK’s governance module’s interface for Shentu as well.
Generalized Cert Module (NFT module)
To make everything possible from the bounty module to Shield module, we need an active community that can voice their opinion on different issues, whether it be finding submission claims or shield reimbursement claims. To promote participation and reward those who contribute to the community, we can generalize Cert module into a NFT module that can issue badges/rewards based on their achievements through participating in Shentu.
Also, the certificates can be issued to a specific project as well, such as auditing, compilation, and so on. These types of certificates will then be used in other modules for possible priority/advantage over other projects which don’t have the certificates.
Currently the oracle module serves as a platform for contract score aggregation across mutliple different L1 chains, such as BNB chain, polygon, and Ethereum. While it has been serving its purpose well, there is much more possibility to the real time score aggregation system, such as security evaluation using the scores or real time transaction monitoring. Currently the oracle module monitors various target chains and contracts, providing real-time security score to determine if the target smart contracts are safe, right now.
The scope of the current model only applies to contracts and fixed addresses, visible on chain. This implies any new incoming attack vectors can’t be filtered and marked dangerous by the platform, allowing any new attacks to go through before they’re marked and given low scores to prevent further attacks.
Oracle 1.5 will expand its domain to provide further security in those areas where it was unreachable previously. More about the oracle module will arrive soon on separate contents and articles.
The shield module (insurance module) has a lot of potential to become the insurance platform for Cosmos (or even the entire blockchain ecosystem) by leveraging other components in Shentu. Shield module will be the last and continuous stage of the security services, which include bounty, certificate, and finally shield itself. While Bounty and Certificate module provide an infrastructure to qualify a project at a certain point of time, Shield module will provide continuous support and coverage for those projects (not necessarily gone through those two modules before).
The three modules combined will provide a reputation system on the project side. The fact that they went through the process (like creating/hosting a bounty program, getting a security certificate, or purchasing/creating insurance pool) will be visible to the public and help show their effort on their project’s security.
More on shield V2 will be announced once we have a concrete plan for design proposals.
- Gov Module Refactor
– Allowing seamless integration with vanilla Cosmos Gov interface
- Oracle module V1.5
– Improving the current on-chain score aggregation to use more sophisticated methods
- Cosmos 0.46.x
- Bounty Module v0.1
– A decentralized, transparent module for bounty programs
– Initially launched with partial off-chain logics
– Entrypoint for Shentu’s security products
- Cert module V2
– Generalizing certificates and other types of roles for interoperability
– Integrating on-chain profile and reputation building
- Bounty module V1
– Transparency upgrade
- Shield module V2
- Bounty Module V2
– Initial VM integration
– TEE powered private PoC verification
- Bounty module PoC VM additions
- Roadmap 3.0
The official Grants & Delegation program is also on the way, to be anounced soon!
📄 Website: https://shentu.foundation
💻 Github: https://github.com/shentufoundation
✉️ Telegram: https://shentu.technology/telegram
🎮 Discord: https://discord.com/invite/CggeAUYfwx