XDC Network — Validator (Masternode) Tech Specs & Best Practices
XDC Network at a Glance
XDC Network is an enterprise-grade, EVM-compatible Layer 1 blockchain purpose-built for trade finance, cross-border payments, and real-world asset (RWA) tokenization. Founded by XinFin in 2017 and mainnet-live since June 2019, the network combines public transparency with private subnet capabilities, delivering near-instant finality, near-zero gas fees, and ISO 20022 compliance — making it one of the most business-ready blockchains in production today.
Key Milestones
| Year | Milestone |
|---|---|
| 2017 | XinFin founded in Singapore by Ritesh Kakkad and Atul Khekade |
| 2019 | KYC Enabled XDC mainnet goes live (June 1) |
| 2021 | XDC Foundation established; partnership with SBI Holdings Japan for trade finance expansion |
| 2022 | ITFA & TFDi membership; KYC-compliant validator layer recognized by regulators |
| 2023 | 149+ million new transactions recorded; Ankr & SBI integrations deepen enterprise reach |
| 2024 Q3 | XDC 2.0 launched — Chained HotStuff BFT consensus, forensic monitoring, subnet support; CertiK audit completed |
| 2024 Q4 | XDC DAO launched (Masternode Senate, Judiciary, People's House); Deutsche Telekom MMS launches a masternode; Etherscan integrates XDC to power XDCScan |
| 2025 | Circle integrates native USDC & CCTP V2 on XDC; 21Shares launches XDC ETP on Swiss exchange; Kraken & Binance.US list XDC; VERT Capital announces $1B tokenization pipeline on XDC; Bitso integration for LATAM cross-border payments; XDC surpasses $300M total staked value and 800M+ transactions |
| 2025 H2 | GENIUS Act signed into U.S. law — XDC Foundation represented at key regulatory discussions; MiCA Crypto Alliance joined in Europe |
| 2026 Q1 | Token Terminal partnership — XDC analytics available via Bloomberg Terminal integration; MVXDC index appears on Bloomberg Terminal, expanding institutional visibility; Contour Network (backed by HSBC, Citi, Standard Chartered) acquired by XDC venture arm |
Network at a Glance (as of early 2026)
| Metric | Value |
|---|---|
| Total transactions processed | 104M+ |
| Active wallets | 2M+ |
| Validator masternode candidates | 300+ (108 active Validators · 432 Protector Nodes · 1,000 Observer Nodes) |
| Smart contracts deployed | 717,000+ |
| Total blocks produced | 101M+ |
| Mainnet uptime | 7+ years continuous |
1. Network Overview
| Parameter | Value |
|---|---|
| Consensus | XinFin Delegated Proof of Stake (XDPoS 2.0) — Chained HotStuff BFT protocol (shipped Q4 2024) |
| Active validator set | 108 Masternodes per epoch |
| Epoch length | 900 blocks (~30 minutes) |
| Block time | ~2 seconds |
| Finality | Deterministic — confirmation = finalization (~6 seconds under XDC 2.0) |
| Throughput | 2,000–2,500+ TPS |
| BFT guarantee | Network safe as long as adversarial masternodes remain below ⅓ of each epoch's validator set; misbehaviour is provable via on-chain forensics |
| EVM compatibility | Full — Solidity 0.8.28 supported |
| Compliance | ISO 20022 financial messaging standard; MiCA-aligned |
2. Staking Requirements
| Parameter | Requirement |
|---|---|
| Minimum stake | 10 Million XDC per masternode (no upper limit) |
| KYC | Mandatory — notarised proof of identity (individual or corporate) + address, uploaded on-chain and publicly visible |
| Resignation lock-up | 30 days before staked XDC can be retrieved |
| Estimated APR | 10% (Validator) · 8% (Protector) · 4% (Observer) — subject to change |
3. Node Types Under XDC 2.0
| Node Type | Role | Max Nodes | Staking | Rewards |
|---|---|---|---|---|
| Core Validator (Masternode) | Validates transactions, proposes/finalises blocks, governance voting | 108 | 10M XDC min | 10% |
| Protector Node (new in 2.0) | Hot backup for Core Validators (4 Protectors per Validator); takes over during disruptions | 432 | 10M XDC min | 8% |
| Observer Node (new in 2.0) | Non-block-producing; observes consensus, broadcasts transactions | 1,000 | 10M XDC min | 4% |
| Full Node | Stores full ledger, propagates transactions | Unlimited | None | None |
| Archive Node | Full historical blockchain data; for analytics, explorers, deep queries | Unlimited | None | None |
Node selection order: The top 108 most voted candidates become active Core Validators. The next 432 are assigned as Protector Nodes (4 per Validator). Beyond that, the next 1,000 serve as Observer Nodes. Full Nodes and Archive Nodes have no cap and do not participate in consensus.
4. Hardware & Infrastructure Specs
Minimum Requirements
| Component | Specification |
|---|---|
| CPU | 4+ cores |
| RAM | 32 GB+ |
| Disk | 2 TB+ SSD (500+ IOPS; more is better) — dedicated database partition |
| OS | Ubuntu 24.04+, CentOS (latest), or RHEL (latest), Windows, Mac OS |
| Network | Dedicated static public IP, directly internet-facing (no NAT) |
| Hosting | Minimum Tier 3+ IDC (data centre) environment |
5. Uptime & Availability
| Requirement | Target |
|---|---|
| Uptime SLA | 100% — masternodes must be online and operational 24/7/365 |
| Slashing risk | Node downtime may result in "slashed" status |
| Reward impact | Rewards per epoch are proportional to blocks signed; downtime = missed rewards |
| Backup strategy | Always maintain a secure backup of your Coinbase address and Keystore file. Loss = inaccessible node requiring network resignation |
6. Security Best Practices
Key Management
- Use a hardware wallet for the staking/owner wallet
- Keep Keystore file backed up offline in multiple secure locations
- Coinbase address (node identity) backup is critical — if lost, the masternode is unrecoverable
- For institutional setups, consider Fireblocks or similar MPC custody via WalletConnect v2
Infrastructure Security
- Harden the OS (disable root SSH, use key-based authentication, change the default SSH port)
- Keep Docker and node software on the latest stable version
- Run behind DDoS mitigation if possible
- Enable automatic security updates for the host OS
- Install
fail2banto protect against SSH brute-force attempts
Firewall & Port Configuration
For a Validator / Protector / Observer node (not serving public RPC traffic), only port 30303 should be open to the internet. All other non-essential ports must remain closed.
Port Reference:
| Port | Protocol | Purpose | Validator / Protector / Observer | Public RPC Node |
|---|---|---|---|---|
| 30303 | TCP + UDP | P2P peer discovery & communication | ✅ OPEN | ✅ OPEN |
| 8989 | TCP | HTTP JSON-RPC API | ❌ CLOSED | ✅ OPEN (IP-restricted) |
| 8888 | TCP | WebSocket endpoint | ❌ CLOSED | ✅ OPEN (IP-restricted) |
| 22 (or custom) | TCP | SSH admin access | ✅ OPEN | ✅ OPEN |
Recommended UFW configuration for a Validator / Protector / Observer masternode:
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 30303 # P2P — required
sudo ufw allow <your_ssh_port> # SSH — required, do NOT skip
sudo ufw enable
⚠️ Critical: Always allow your SSH port before enabling the firewall or rebooting. Otherwise you will lock yourself out of the server. If this happens, use your VPS provider's web console to regain access.
Additional hardening notes:
- On cloud providers (AWS, GCP, Azure, DigitalOcean), you must also configure provider-level Security Groups — host-level UFW alone isn't enough.
- If running a public RPC node, restrict ports 8989 / 8888 to specific IP allowlists — never leave them open to the world.
- Audit firewall rules periodically:
sudo ufw status verbose. - Block all other inbound ports by default; review any open ports against this table quarterly.
Operational Security
- Separate the masternode owner wallet from day-to-day operational wallets
- Use dedicated infrastructure — avoid sharing servers with other workloads
- Complete KYC with a valid, current corporate or individual identity document
- Maintain an incident response runbook for key compromise or node failure scenarios
7. Monitoring & Maintenance
| Area | Recommendation |
|---|---|
| Node stats | Monitor via XinFin Stats (mainnet) or the masternode dashboard |
| Block explorer | XDCScan.io and XDCScan.com for transaction and validator monitoring |
| Third-party analytics | PrimeXDC Node Dashboard for independent node analysis |
| Token Terminal | Staking Market Cap · Number of Validators |
| Alerting | Set up alerts for peer count drops, missed block proposals, disk space thresholds, and memory/CPU usage |
| Software updates | Track the XinFinOrg GitHub repo and XDC developer forum for protocol upgrades. Coordinate upgrades promptly — late upgrades risk consensus incompatibility |
| Log management | Centralise Docker container logs; retain for debugging and audit purposes |
| Health checks | Automate periodic RPC health checks and block height comparisons against public explorers |
8. Reward Economics (Indicative)
| Metric | Value |
|---|---|
| Reward cycle | Every epoch (900 blocks / ~30 min) |
| Total block reward pool | 86,400,000 XDC + transaction fees |
| Reward distribution | Proportional to blocks signed/validated in each epoch |
Reward Split by Node Tier
| Node Tier | Reward Share |
|---|---|
| Core Validator (Masternode) | 10% |
| Protector Node | 8% |
| Observer Node | 4% |
9. Deployment Quick-Start
Docker (recommended)
sudo su -c "bash <(wget -qO- https://raw.githubusercontent.com/XinFinOrg/XinFin-Node/master/setup/bootstrap.sh)" root
Follow the prompts to select mainnet, name your node, and generate or import your keys.
Testnet: Always test your setup on Apothem (apothem.network) before going live on mainnet.
Network Snapshots
Snapshots allow faster node synchronisation by downloading a pre-synced copy of the blockchain instead of syncing from genesis.
XDC Network Mainnet Snapshots:
| Node Type | Download Link |
|---|---|
| Full Node | https://download.xinfin.network/xdcchain.tar |
| Archive Node | http://downloads.xinfin.network/xdcchain_archive.tar |
Apothem Testnet Snapshots:
| Node Type | Download Link |
|---|---|
| Full Node | http://downloads.apothem.network/xdcchain.tar |
| Archive Node | http://downloads.apothem.network/xdcchain_archive.tar |
Applying a Snapshot
After downloading the snapshot, follow these steps to spin up your node. Run these commands from inside the XinFin-Node/mainnet/ directory (or testnet/ for Apothem):
# 1. Stop the running node (if already running)
bash docker-down.sh
# 2. Extract the snapshot — NOTE: use -xvf, not -xvzf
# The xdcchain.tar is a POSIX tar archive, not gzipped
tar -xvf xdcchain.tar
# 3. Back up your existing chain data (safer than rm -rf)
mv xdcchain/XDC xdcchain/XDC_backup
# 4. Move the extracted snapshot into place
mv XDC xdcchain/XDC
# 5. Start the node back up
bash upgrade.sh
Important notes:
- Do not use
tar -xvzf— the snapshot is a POSIX tar archive, not gzipped, and thezflag will throw an error. - Keep the
XDC_backupfolder until you've confirmed the node is syncing correctly from the snapshot. Once verified, you can safely delete it to free disk space. - Always verify your
coinbase.txtandkeystore/files are intact inxdcchain/after the swap. If missing, restore them from your backup. - Monitor sync progress on stats.xinfin.network or xdcscan.io.
10. Compliance & Governance
- All validators must pass KYC (PDF format, uploaded on-chain). Refer to the KYC Document Format for requirements
- Entities with criminal records, anonymous identities, or intentions to fork are disqualified
- Validators participate in governance voting on protocol upgrades and XIPs (XDC Improvement Proposals)
- XDC 2.0 introduced a DAO structure with three chambers: Masternode Senate, Judiciary, and People's House
- Network is aligned with MiCA (EU) regulatory standards and ISO 20022 financial messaging compliance
11. Frequently Asked Questions (FAQs)
Q: How much XDC do I need to run a masternode?
You need a minimum of 10,000,000 XDC staked to become a masternode candidate. There is no upper limit. Each masternode you operate requires its own separate 10M XDC stake.
Q: Can I run more than one masternode?
Yes. You can run as many masternodes as you wish, but each one must independently meet the 10M XDC staking requirement, have its own dedicated server infrastructure, and complete separate KYC.
Q: What is the maximum number of masternodes allowed on the network?
The network supports a tiered structure: 108 Core Validator nodes, 432 Protector Nodes, and 1,000 Observer Nodes — totalling 1,540 staked node slots. The top 108 most voted candidates become active Validators, the next 432 serve as Protector Nodes, and the following 1,000 are Observer Nodes.
Q: What happens if my masternode goes offline?
If your node goes down, it may be marked as "slashed." You will miss block rewards for the epochs your node is offline, and prolonged downtime can affect your standing in the validator set. Ensure your infrastructure is always operational.
Q: What is the difference between a Validator and a Standby node?
Validator Masternodes (108 per epoch) actively validate transactions and produce blocks. Standby Masternodes are identical in setup but remain on standby — they are activated only when the number of active Validators drops below 108.
Q: How are rewards distributed?
Rewards are paid every epoch (900 blocks / ~30 minutes). The total block reward pool is 86,400,000 XDC plus transaction fees. Core Validators receive 10%, Protector Nodes receive 8%, and Observer Nodes receive 4%. Within each tier, rewards are proportional to blocks signed and validated.
Q: Can I withdraw my staked XDC at any time?
No. If you resign from your masternode, there is a mandatory 30-day lock-up period before you can retrieve your staked 10M XDC.
Q: What happens if I lose my Coinbase address or Keystore file?
Losing your Coinbase address means your masternode becomes inaccessible, and you will need to resign from the network. Losing your Keystore or private key means your funds are permanently inaccessible and you will not receive any further rewards. Always maintain secure offline backups of both.
Q: Is KYC mandatory? What format is required?
Yes, KYC is mandatory for all masternode operators. You must upload a notarised proof of identity (individual or corporate) and address in PDF format. This information is visible on the public network. Refer to the KYC Document Format for full requirements.
Q: Who is disqualified from running a masternode?
Entities or individuals that are anonymous, have a criminal record, intend to fork the XDC software, or do not comply with local laws are disqualified from becoming masternode operators.
Q: Can I set up on Windows or do I need Linux?
Both are supported. You can use the One-Click Installer for Windows and Linux, or deploy via Docker (recommended for production). Supported Linux distributions include Ubuntu 24.04+, CentOS, and RHEL.
Q: Does my server need a public IP?
Yes. Your masternode must face the internet directly with a dedicated static public IP address, without NAT.
Q: Can I use a cloud provider / VPS instead of dedicated hardware?
Yes. A VPS is optional but highly recommended if you don't have dedicated hardware that meets the specs. Ensure your provider can deliver the required CPU, RAM, disk, and network uptime.
Q: Which ports should I open on my firewall?
Only port 30303 (TCP + UDP) should be open to the internet for a Validator, Protector, or Observer node. Keep your SSH port open for admin access (22 or a custom port), but block everything else including RPC (8989) and WebSocket (8888). Only open 8989 / 8888 if you are explicitly running a public RPC node, and restrict them to specific IP allowlists.
Q: Can I test the setup before going live on mainnet?
Yes. XDC provides a testnet called Apothem (apothem.network) where you can test your entire masternode setup without using real XDC. This is strongly recommended before deploying to mainnet.
Q: Are there third-party masternode hosting services?
Yes, there are third-party service providers that can help with setup and hosting. However, XDC Network does not officially endorse any third-party services — always perform your own due diligence before engaging one.
Q: Can institutional operators use custody solutions like Fireblocks?
Yes. Institutions and enterprises can use Fireblocks via WalletConnect v2 to manage masternode staking with MPC-based custody, governance automation, and transaction policy controls.
Q: How do I check my masternode status?
You can monitor your node via stats.xinfin.network (mainnet), the masternode dashboard, or the XDCScan block explorer at xdcscan.io.
Q: What are the common setup errors?
The two most common issues are: (1) outdated Docker — install docker-compose version 1.21+; (2) port conflicts — if port 30303 is already in use, terminate the existing container and try again.
Q: How does XDC handle DDoS and spam attacks?
While XDC's transaction fees are extremely low, they are not zero. This means flooding the network requires a significant amount of XDC, making sustained spam attacks economically impractical. The network also employs on-chain forensic monitoring to detect and penalise malicious behaviour.
Q: What is an epoch?
An epoch is a cycle of 900 blocks on the XDC Network, completing in approximately 30 minutes. Validator selection, reward distribution, and governance actions are all structured around epochs.
Q: What are network snapshots and why should I use them?
Snapshots are pre-synced copies of the blockchain database. Instead of syncing your node from the genesis block (which can take days), downloading a snapshot lets you get up and running much faster. They are available for both mainnet and the Apothem testnet, in Full Node and Archive Node variants.
Q: How do I use a snapshot to speed up node setup?
Stop your node, extract the downloaded xdcchain.tar (using tar -xvf, not -xvzf), back up the existing xdcchain/XDC folder, move the extracted XDC folder into xdcchain/, and restart your node with bash upgrade.sh. It will resume syncing from the snapshot's block height instead of from zero. Always verify the snapshot source matches the official XDC download links before use.
Q: What is the difference between the Full Node and Archive Node snapshot?
The Full Node snapshot contains the current blockchain state needed for normal validation and transaction processing. The Archive Node snapshot includes the entire historical blockchain data from genesis — it's significantly larger and is only needed if you run analytics, block explorers, or dApps that require deep historical queries.
12. Key Ecosystem Partners & Integrations
| Partner / Integration | Role |
|---|---|
| SBI Holdings (Japan) | Trade finance joint venture; R3 Corda cross-chain PoC |
| Deutsche Telekom MMS | Infrastructure provider; operates a masternode |
| Circle (USDC / CCTP V2) | Native stablecoin and cross-chain transfer support |
| Archax | Regulated digital securities exchange; tokenised funds (BlackRock, State Street, Fidelity) |
| 21Shares | XDC ETP on SIX Swiss Exchange (Ticker: XDCN); also listed on Euronext Amsterdam |
| Token Terminal | Institutional-grade on-chain analytics for XDC — integrated with Bloomberg Terminal for real-time dashboards, API access, and Data Room |
| Bloomberg Terminal | MVXDC index listed, providing professional-grade market access and institutional discovery for XDC |
| Securitize | U.S. Treasury tokenization (USTY) |
| Bitso | LATAM's largest crypto platform; cross-border remittance integration |
| Mercado Bitcoin | $15M+ fixed-income RWA token issuance on XDC |
| VERT Capital | Up to $1B in tokenised debt and receivables |
| Plug and Play | RWA Accelerator program (2 cohorts completed) |
| Kraken & Binance.US | Tier 1 exchange listings (2025) |
Discussion (0)