Haven Protocol Announces Rollback Hard Fork for Monday, July 19, 2021

Fork process will securely restart Haven Protocol’s chain and open exchanges while third party audits are completed.

This document highlights the next steps regarding the upcoming hard forks for Haven Protocol. The team’s top priority is to open up exchange wallets and enable all transactions as soon as possible while completing thorough audits and external review of the updated codebase.

These updates are in response to the June 2021 exploits. For further details, please read our full report.

Rollback to block 886575

On July 8, 2021 the Haven Protocol community participated in a vote to decide on the best response to the June 2021 exploits. A decision was made by the community to roll back the chain to block 886575 by a decisive 95% majority. This rollback is being incorporated into a hard fork on Monday, July 19, 2021.

The fastest and most secure approach requires two forks.

A hard fork is required for two primary reasons:

1. Securely enable rollback — reverse exploits that resulted in unknown inflation and enable exchange transactions and sending and receiving of Haven assets.
2. Implement enhanced validation to make any future attempts to exploit conversions impossible.

For each day we spend ensuring the protocol is secure, by building and auditing additional validation proofs, we delay the rollback and reopening of the exchanges. At the same time, we cannot rush the required security updates. As a result, it is necessary to conduct two separate forks, meeting each priority as soon as the code is ready.

Fork 1: Rollback the chain to block 886575 while keeping conversions disabled.

To get the chain running and exchange wallets open, we will release a fork on July 19, 2021 that initiates the rollback to block 886575. This fork will include code that prevents any type of xUSD or xAsset conversions at the daemon level, making any conversion-based exploit impossible.

This will allow us to reinstate the protocol sooner, in a completely secure way, while keeping conversion disabled pending third party review and auditing. It will also allow pools and miners critical to the Haven Protocol network to continue with confidence in the chain. It will also ensure all users looking to buy and sell XHV on exchanges can be confident in their transactions and transfer XHV to Haven Vaults as needed.

Fork 1 — feature summary

• Transfers between Haven Vaults — OPEN
• Exchange deposits and withdrawals — OPEN
• Conversions (Between XHV & xUSD or xUSD & xAssets) — CLOSED

Fork 1 also includes the patches to address the vulnerabilities found in the June 2021 exploits. However, these are currently redundant as conversions are disabled.

In addition to the above response to the exploit, fork 1 will include the following scheduled updates that were planned before the attack:

xAsset Price lag changes

• Increase the lock time between xAsset conversions to 48 hours
• Increase xAsset Conversion fee to 0.5%
• Implement 80% burn on xAsset conversion fee
• Split balance of xAsset conversion fee evenly between miner and governance wallets

Bug fixes and improvements

• Improve mixing of xAsset conversions (including database migration)
• Remove failed conversions from tx from the pool at point of failure — rather than 24 hours later (Caused by Tx Pricing Record height being older than ten blocks)
• Fix integer overflow bug on supply page — causing circulation discrepancies

Fork 1 is currently in final testing and planned for release on July 19, 2021. Because exchange wallets are currently closed, the usual two-week notice period for exchanges does not apply.

Fork 2: Implement additional security and third party validation and re-enable conversions

Fork 2 will include a fundamental overhaul of Haven Protocol’s conversion and validation logic to completely remove any opportunity to exploit conversions.

This update will remove all remaining vulnerabilities that led to the June 2021 exploits. In addition, an extensive audit is being carried out by third-party developers and consultants who will provide further confidence that the updated codebase is robust.

While we have completed much of the development work required for fork 2, and while we are working quickly with third parties to audit and review this new code, this process will not be rushed. We are committed to ensuring Haven Protocol’s new conversion validation structure is secure.

Upgraded validation

To reduce the attack surface significantly, the second fork will add an additional layer of validation to the protocol. This will block any exploit that relies on the manipulation of fees, or the mint and burn data during conversions. This was the attack vector used in each of the June 2021 exploits. By adding these additional proofs and validation, any attempted manipulation to transaction or conversion data will be impossible.

Fork 2 — feature summary

• Transfers between Haven Vaults — OPEN
• Exchange deposits and withdrawals — OPEN
• Conversions (Between XHV & xUSD or xUSD & xAssets) — OPEN

Users holding xUSD

We’re aware that the utility of xUSD is severely limited until conversions are re-enabled in fork 2. To allow users to move in and out of xUSD, we have been actively working exchanges to enable additional on/off ramps. We hope to be able to announce a new xUSD/XHV pair soon.

Havex.io, operated by a trusted Haven community member, is also being extended to allow exchanges between xUSD and XHV, if desired.

More information on these will be shared as soon as the details have been finalized.

Vault support

The web, desktop and Command Line Interface (CLI) Haven Vaults will require an update to support the roll back.

A new version of the CLI will be released with the new daemon code (v1.4.0) that enables fork one. We intend new versions of the desktop and web vaults to be available at the same time as fork one.

Any attempted transactions using a vault that hasn’t been rolled back to this point will be rejected. Balances may also be incorrect if the rollback hasn’t been synchronized with your vault.

A message from the Haven Protocol team

As we prepare for the upcoming fork and rollback, we need to ensure all users are fully aware of what this means for the protocol. The rollback effectively reverses the Haven Protocol chain in time and as a consequence, there will be some follow-on effects of this action.

The option of conducting a rollback was never something the team envisioned happening. However, due to the nature of the June 2021 exploits, it became one of only two realistic options available to move forward with the project without significant risk to the project’s economics and users.

Following extensive investigations, it was found that an unknown amount of coins had been created in two of the conversion-based exploits. This then led us, as a community, to decide how best to deal with the situation given the likely extreme amount of unknown supply. Once the optimal block to rollback had been identified, it then became a decision of whether to rollback or accept unknown inflation into the network. The community overwhelmingly voted for the rollback as this was widely seen as the least damaging to the long-term security of the network.

The main result of the rollback is that some transactions will be reversed. There may be a small number of users who will be affected negatively by this action. For those who have carried out on-chain transactions (not buying or selling on an exchange) between block 886575 and the time we conduct fork 1, it is important to note that those transactions will be reversed. In the case that these transactions involved a third party, we suggest users contact the sending party and advise that the transaction has been reversed and to resend the original amount after the fork.

This has been a challenging time for the Haven Protocol team, community, and all involved in the project. We sincerely regret the recent issues and any harm caused to individuals who may have been left out of pocket by the actions of the exploit. We are committed to hardening and securing the protocol for the future. We would particularly like to thank our partner exchanges, including KuCoin and TradeOgre, for their ongoing support of our investigation and efforts to re-open wallets as quickly as possible. Our mining pools have also been incredible helpful and supportive during these challenging few weeks.

The crypto space is still in its very early stages of development, and we are constantly learning and refining the processes by which we build these new financial tools. Building an ecosystem of truly private, stable assets was never going to be easy.

Please be assured that we have learned many crucial lessons that have been applied to Haven Protocol’s future development plans. Among other things, we have implemented additional stringent testing and reporting procedures to strengthen the protocol and regain the invaluable trust that has been tested over the past weeks.

In addition, we will shortly be releasing a new bug bounty program that creates a more formalized and simple method for anyone to provide information on bugs and issues. We believe this will significantly assist us in getting as many expert eyes on the codebase as possible to harden the protocol and help prevent future attacks.

As always, thank you to our community for your support and assistance. We’re committed as ever to Haven Protocol’s mission as the future of private money.