by: Shubhi SaranPosted on:

Comprehensive Security Review of Lomads DApp

1. Introduction & Context

Vanarchain is a next-generation blockchain protocol forked from the widely recognized Geth client, determined to tackle common hurdles such as high transaction fees, slow network throughput, and complex user onboarding. By adopting a low-cost, fixed transaction fee strategy, Vanarchain aspires to broaden the practical application of Web3 technologies in fields spanning entertainment, gaming, VR/AR, AI, and beyond.

In pursuit of its mission to reinvent blockchain usability, the Vanarchain team has introduced a suite of strategic modifications. Chief among them are an innovative fee model—designed to reduce financial barriers for developers and end users—and revisions to the transaction ordering algorithm, aimed at more streamlined throughput. Yet, any significant departure from standard blockchain frameworks demands thorough security assessments, especially when redefining consensus rules or economic incentives.

Acknowledging the potential for new economic and security exposures, Vanarchain’s developers commissioned ImmuneBytes to perform a detailed review of its specialized components. This audit specifically scrutinized elements like the “Rewards” module and the updated consensus logic to ensure the protocol is well-prepared for high-volume, real-world deployments. ImmuneBytes’ holistic evaluation not only measured Vanarchain’s operational resilience but also considered how its novel approaches to incentives, governance, and community trust fit within the larger Web3 landscape.

2. Engagement Purpose

The overarching aim was to examine Vanarchain’s custom modifications in detail, ensuring that the new fee mechanisms and consensus tweaks wouldn’t inadvertently compromise its security or user experience. By validating alignment with broader blockchain best practices, the audit sought to instill confidence in potential partners, contributors, and end-users ready to join Vanarchain’s ecosystem.

Key questions driving this engagement included:

  • How does a low, fixed-fee model withstand malicious spamming or DoS threats?
  • Are miner/validator incentives robust enough to secure the network under a PoA (Proof of Authority) model?
  • Which modules remain incomplete or insufficiently documented, and how do they impact user trust?

The audit also served a broader purpose for Vanarchain: to reassure future collaborators—be they developers, enterprises, or DAO communities—that the protocol isn’t simply about cheaper transactions, but about a durable, carefully architected environment for decentralized applications.

3. Project Distinctions

Vanarchain’s ambition goes beyond merely forking Geth. At its core, it introduces:

  1. Static Transaction Fees
    A bold departure from the gas-competitive models of major blockchains, aiming to simplify transactions and attract a mainstream audience.
  2. FIFO Transaction Ordering
    By replacing fee-based ordering with a First-In-First-Out system, Vanarchain redefines how transactions are packaged—potentially influencing user motives and miner incentives.
  3. Rewards Module (WIP)
    A partially built framework for distributing additional incentives, pending final logic. This incomplete aspect could shape the protocol’s capacity to engage validators and developers long-term.

These modifications shaped our audit scope, as each comes with unique advantages and potential challenges when operating in a trustless, adversarial environment.

4. Observations & Audit Approach

We started by dissecting Vanarchain’s code modifications and architectural documentation. Our process included:

  • Code Exploration & Annotation
     We scrutinized the custom commits, focusing on fee computation, transaction ordering logic, and early-phase reward functions. This laid a foundation for identifying anomalies in resource consumption or transaction flow.
  • Security & Economic Threat Modeling
     Recognizing that cost and incentives are integral to blockchain security, we simulated how static fees might encourage spam or degrade miner engagement. We benchmarked these findings against known attacks from analogous protocols.
  • Targeted Penetration Tests
     Beyond straightforward code reviews, we conducted scenario-driven tests to verify whether partial features, such as the Rewards module, inadvertently weakened broader system security.

VanarChain’s development team sought more than a run-of-the-mill code review. They wanted meaningful, human-centered insights into whether their approach could thrive in a highly competitive blockchain ecosystem. From them, we sensed a desire not just for a checklist of vulnerabilities, but for an honest perspective on how well their design could hold up to adversarial attacks, user demands, and the unpredictability of evolving Web3 dynamics.

They also prioritized open, interactive engagement. Rather than a sterile, top-down report, they hoped for a collaborative process that would help them shape an adaptive fee structure, clarify miner reward logic, and refine any incomplete modules in a way that remains faithful to the project’s user-friendly ethos.

5. Key Observations & Findings

5.1 High Severity: Inadequate Fixed Transaction Fee Mechanism

  • Observation: VanarChain introduced a low, fixed fee model without detailed documentation describing the rationale and risk mitigation. This raises doubts about network spam resistance and DoS vulnerability.
  • Potential Impact:
    • Network spam from malicious actors exploiting the affordable cost per transaction.
    • Unclear incentives for users to optimize transactions.
    • Miner revenue could be undercut, risking network security.
  • Recommendation: Publish a transparent and technically detailed rationale behind fixed fees. Consider adaptive fee layers or tiered structures to discourage spam and align user costs with actual resource consumption.

5.2 Medium Severity: Improper Miner Incentivization and User Motivation

  • Observation: The transaction ordering mechanism shifted from the typical gas-price-based approach to a strict FIFO system. Combined with low fixed fees, miners receive less reward, dampening competition essential for robust PoA.
  • Potential Impact:
    • Reduced motivators for miners/validators to secure the chain.
    • Risk of complacency if transactions can’t outbid each other for priority.
  • Recommendations:
    • Introduce a stake-based or adaptive model that better compensates validators for security contributions.
    • Embrace partial community governance—letting stakeholders vote on dynamic fee adjustments.

6. Impactful Results

By incorporating our feedback, Vanarchain began rethinking both immediate and long-term strategies:

  • Clarified Fee Model
    The team announced plans for more nuanced fee structures that dynamically adjust during network congestion, preserving their user-friendly ethos while thwarting spam-based assaults.
  • Refined Validator Incentives
    Discussions turned to stable block rewards over a multi-year release schedule, ensuring that validators feel a consistent, rational motivation to uphold network security.
  • Phased Rollout of Reward Features
    Recognizing that half-implemented modules can sow doubt, Vanarchain committed to transparent updates, so users understand which incentives are operational and which remain on the horizon.

7. Forward Recommendations

  1. Document Every Major Change
    In the fast-moving Web3 arena, clarity is king. Detailed technical briefs around fee logic, transaction ordering, or any consensus changes instill confidence in token holders, validators, and integrators.
  2. Adopt Adaptive Measures
    Rigid constructs can provide an entry point for malicious actors. Whether through stake-based rate limiting or dynamic fee escalation, ensuring flexibility in the face of real-world congestion is key.
  3. Community-Driven Governance
    Vanarchain’s shift toward partial decentralization could be coupled with on-chain voting for fee adjustments and protocol parameters. This inclusivity fosters alignment among all stakeholders.
  4. Ongoing Security Partnerships
    As the codebase evolves—particularly with the completion of the Rewards module—recurring audits and bug bounty programs can catch regressions and encourage best practices at every release milestone.

8. Final Thoughts

Vanarchain’s dedication to lowering fees and simplifying blockchain usage underscores a genuine ambition: to bring decentralized technology to broader audiences without the friction that often hinders mainstream adoption. Our audit highlighted crucial adjustments to ensure that ease-of-use doesn’t become a liability.

By addressing the identified concerns, refining miner incentives, and clearly articulating the logic behind each modification, Vanarchain stands well-placed to chart a path for innovative, cost-effective blockchain solutions. ImmuneBytes is proud to have partnered with the Vanarchain team, and we anticipate that ongoing collaboration—and transparency—will keep this protocol at the forefront of inclusive Web3 design.