Somnia Mainnet: Consensus & Staking Hardened After Hacken Audits

Somnia — an EVM-compatible L1 separating high-throughput data dissemination from low-latency PBFT consensus — prepared for mainnet launch with the SOMI token and a validator set of ~60 operators. Any consensus safety/liveness flaws or governance/committee centralization risks could threaten network reliability at launch and undermine validator confidence.

Ahead of its mainnet launch, Hacken performed comprehensive security audits of the Somnia smart contract and its core PBFT protocol implementation. Hacken’s multi-layer security assessments helped Somnia mitigate centralization risks and resolve consensus mechanism vulnerabilities that risked chain forks, fund loss, or a complete network halt.

TL;DR Audit Highlights

Protocol (PBFT/C++): 16 findings → 6 resolved, 10 accepted.
Fixed classes included flawed vote aggregation (view‑change), state‑poisoning via unverified fetched batches, and unbounded map growth that could degrade liveness.

Staking & Committee (UUPS, role‑gated): 31 findings → 18 resolved, 9 accepted, 4 mitigated.
Hardened validator lifecycle, committee gating, rewards, and voting flows.

By launch week, the critical and high‑impact protocol issues had been fixed, and the staking layer’s guardrails were in place.

Somnia went live on September 2, 2025, with a validator set that could scale without tripping over governance corner cases. For operators, that meant clearer expectations; for developers and partners, fewer incident classes to fear; for users, a network less likely to stall when the unexpected happens.

Hacken continues contributing to Somnia’s long-term network integrity and now strengthens the mainnet with enterprise-grade validator operations.

Hacken's work was essential in refining our consensus and staking layers, hardening the core components of the chain, and ensuring Somnia was fully prepared for mainnet with confidence. The team has shown great support for us throughout the whole process and has gone above and beyond to help us meet our deadlines, which was essential for our launch.
– Aleksa Mil, COO at Somnia

PBFT & Staking Risks Addressed Ahead of Mainnet

Hacken conducted two independent audits covering Somnia’s protocol and contract layers. 

Together, these reviews ensured both the execution layer and the consensus layer met the highest security standards for a successful mainnet launch and smooth day-to-day operations.

Somnia L1 Audit

This audit focused on Somnia’s PBFT consensus implementation in C++. Hacken reviewed the quality of its documentation, code, and architecture. A threat model was then tailored for a partially synchronous network with a validator committee of 3f+1 voting power, tolerating up to f Byzantine participants.

The threat model enabled a thorough assessment of likely risks, including:

• Consensus safety failures
• Liveness failures
• Resource exhaustion
• Edge-case misconfigurations

Following Hacken’s audit, Somnia successfully patched a critical state divergence bug and state poisoning vectors. Resource-exhaustion risks and parameter misconfigurations were also addressed, making Somnia a more resilient Layer 1 blockchain.

Findings	Severity	Status
State divergence via flawed vote aggregation in view change	Critical	Resolved
State poisoning via unverified fetched Request batches	High	Resolved
Unbounded growth of transient_views leading to memory exhaustion	Medium	Resolved
Unbounded growth of request_timeouts leading to CPU & memory DoS	Medium	Resolved
Delayed Signature Verification in Checkpoint Message Processing	Medium	Resolved
Implicit Copyability of PbftCheckpointManager	Observation	Resolved

View the public audit report for a detailed technical breakdown of the findings.

Somnia Smart Contract Audit

Hacken’s audit of Somnia’s smart contract provided a thorough assessment of the staking and validator committee system (UUPS-upgradeable contracts). The report identified 31 potential risks, including 4 high-severity vulnerabilities.

High and medium security vulnerabilities were fixed, including a denial-of-service bug that could block epoch rewards, a last-minute delegation exploit that allowed gaming of rewards, an unstaking timer bug, and a single point of failure that could grant unbounded superuser privileges.

View the public audit report for a detailed technical breakdown of the findings.

Conclusion: Scaling Security With Network Expansion

Hacken’s protocol and staking audits helped Somnia move to mainnet with stronger safety, liveness, and validator‑operations controls. With network resilience ensured, Somnia now has a strong foundation to expand its L1 infrastructure.

As the network scales, continued security work — audits, post‑deployment monitoring, and validator best practices — will reduce incident classes and support faster, safer releases.