Rob Behnke
March 20th, 2023
When it comes to Layer-1 (L1) blockchains, Ethereum, Solana, Cosmos and NEAR are some of the biggest names in the space. However, just because they are all L1s doesn’t mean they share the same vision. Ethereum has prioritized decentralization over scaling, only now focusing on scaling through initiatives such as L2 rollups. Solana has prioritized speed above all else, resulting in high throughputs and damaging outages. Cosmos is building a unique “internet of blockchains,” in which the network scales horizontally through sovereign app-chains. And finally, NEAR has concentrated its efforts on attracting developers, although it is still without a flagship application.
Besides differences in vision, these four blockchains also vary regarding security, which is the focus of this article.
In this article, part of our Blockchain Protocols series, we’ll discuss how Ethereum, Solana, Cosmos, and NEAR differ in their consensus mechanisms, decentralization, and programming language so that you know which blockchain best fits your security needs.
Because blockchains are decentralized entities, they must have some way to agree on the state of the chain without a centralized party. In other words, how does a network of thousands of decentralized nodes decide which transactions are legit?
That is the job of the consensus mechanism. Consensus mechanisms are how blockchain validators trustlessly agree on the digital ledger’s correct shared state to prevent devastating attacks such as a 51% attack.
Ethereum, Solana, Cosmos, and NEAR all use a variation of the proof-of-stake (PoS) consensus mechanism.
Ethereum uses the most basic version of PoS. Validators stake 32 ETH for the right to secure the blockchain. If they perform their duties well, they are rewarded with ETH issuance. If they are derelict in their duties or act maliciously, their ETH stake is slashed (taken from them). This ensures that validators are incentivized both positively and negatively to behave correctly.
Solana uses a consensus mechanism that combines PoS with proof-of-history (PoH). Like Ethereum, Solana is secured by staking validators. However, it has a ‘clock’ that establishes when events happen. This clock is the ‘history’ component. By having this clock, nodes can confirm blocks without having to verify the entire chain beforehand. This reduces consensus overhead and allows for greater network speed and scalability.
Cosmos, because it is a network of independent blockchains, varies widely in its levels of security. However, one common thing among all Cosmos chains is the use of Tendermint Core, a PoS consensus mechanism similar in function to Ethereum’s.
NEAR uses a thresholded PoS consensus mechanism (TPoS). For the most part, TPoS works very similarly to regular PoS. The key difference is that TPoS introduces an election mechanism for choosing validators. Basically, an auction system for picking validators in which the winner receives the most rewards. The advantage of this election system is that it prevents pooling and forking.
The level of decentralization is crucial to a blockchain’s security. The more decentralized a blockchain is, the harder it is to attack.
In this regard, it appears to be challenging to beat Ethereum. With over 500,000 validators securing the chain, Ethereum is the most decentralized L1 by a country mile. However, there is more than meets the eye here. 52% of staked ETH is controlled by the top 3 validators: Lido, Coinbase, and Kraken. This means that an attacker only needs to control three validators to control the chain. Considering that these three validators are easily accessible by a party such as the U.S Government, this is quite unsettling.
Solana only has 2,000 validators. Besides being a centralization risk, this has also led to constant network outages. Without a wide set of validators to handle transactions, the network cannot handle periods of intense congestion.
Because Cosmos is not a single chain, it isn’t easy to comment on its decentralization. However, it is well known that some app-chains are more decentralized than others. This is because Cosmos provides no assistance in bootstrapping a set of validators, leaving many app-chains out in the cold when it comes to decentralization and security. Fortunately, this is changing with the release of Interchain Security, which will allow Cosmos app-chains to lease security from the Cosmos Hub.
With only 200 validators, NEAR is even less decentralized than Solana. Making matters worse is that the top 16 validators control over 50% of the stake, making NEAR vulnerable to similar censorship concerns as Ethereum.
Unfortunately, human mistakes in coding are a common culprit behind hacks and exploits. Sometimes, like in the case of the BNB Bridge hack, one or two simple mistakes lead to hundreds of millions of user funds lost.
That is why the choice of programming language is crucial to the security of the blockchain. The ideal language is familiar, easy to learn, and easy to use for developers. The better the language, the more secure the network.
Ethereum uses a mix of custom-built programming languages, including Vyper, Yul/Yul+, and Fe. However, Solidity is the most used language by far. Solidity does its job well, but as it pertains to developer familiarity and ease of use, it could be better, with it typically taking months before a new developer has reached any level of competency.
In contrast, Solana uses the more established and familiar languages C, C++, and Rust. Obviously, this is better for developers.
Cosmos has a variety of programming languages available to developers. The pre-made Cosmos SDK is written in Go, which is described as being syntactically similar to C. For greater flexibility, Cosmos also enables smart contracts written in Java, Rust, and Solidity.
NEAR also uses popular programming languages Rust and Java, while also boasting an extremely robust smart contract auditing program. When it comes to developer friendliness, it’s hard to top NEAR.
No blockchain is perfect, and no blockchain is 100% flawed.
Ethereum, Solana, Cosmos and NEAR all have their unique strengths and weaknesses, and that’s ok. It is still so early in the life of cryptocurrencies. Security issues will be ironed out over time, and any hack and exploit right now is merely a painful learning lesson.
We are immensely excited to see where these four L1s go from here.