Haven 2.0 Release — Status Update
Dear Havenauts —
The release of Haven 2.0 will mark a significant revision of Haven’s core codebase and a critical step-change in the project. It will also include substantial security updates, as referenced in last month’s technical overview of the June 2021 exploits, in the form of a new mint and burn validation.
This release will also mark a major milestone for the project. With a significantly improved protocol, the delays of the June 2021 exploits will be behind us, and we’ll benefit from new processes and procedures with a focus on security and testing. At this point, the team and community’s focus can shift back to growing the future of private money, with collaborations such as THORChain, exchanges, and third-party wallet integrations.
The Haven 2.0 release will go live in the next hard fork, which will be scheduled once all necessary development work is complete and audited. This release will also allow in-vault conversions to be re-enabled.
Please be aware that the development team will be taking no risks and leaving no stone unturned. As a result, the following steps are subject to change as we work towards the release.
Haven 2.0 Development Plan
The initial draft of the Haven 2.0 code is complete and has been in circulation for a number of weeks. This includes the new mint and burn validation. This fully functional proof of concept requires three additional steps before it can progress to the final audit and launch. These activities are all ongoing:
Robust penetration audit
Penetration testing is an ongoing process, as we work to audit all new and existing code for potential attack vectors. The team have been actively working with a Monero specialist for weeks to identify vulnerabilities and opportunities to improve the code. This intensive collaboration has brought the necessary adversarial thinking to the project and additional technical knowledge. This testing has already allowed us to make a number of tangible improvements to the codebase, with more planned.
Audit new mint and burn validation logic
In addition to Haven’s original proof of value (detailed on page 5 of Haven’s whitepaper), the team has designed a new mint and burn validation logic. This works by including additional data in conversion transactions to guarantee that the mint and burn values supplied by the sender are correct. This new validation eliminates any possibility of a repeat of the June 2021 exploits.
Given the complexity of this additional verification, we want to be sure that the logic is sound and secure. We have submitted a complete written description of the design to auditors — Monero mathematics specialists with in-depth knowledge of the Monero codebase. We will continue collaborating with this team and others until we are 100% confident that the approach for this new validation is secure.
Optimize code base
In parallel with the first two steps, work is underway to overhaul the entire Haven codebase. To make the code easier to read and manage, we are tidying up the daemon and wallets. This is important as it will make the code more robust and efficient, bringing security and stability benefits. It will also make the project more accessible to new developers and auditors.
Once all of the above steps are complete, along with any associated code changes and testing (both on testnet and new stagenet), the final and official audit can be conducted. Passing this audit will be the last step before planning the fork.
We thank the community for their patience while these updates are made. We are as keen as anyone else to launch Haven 2.0 as soon as possible, enable xUSD and xAsset conversions, and continue building the future of private money.