Haven Protocol: Technical Overview of June 2021 Exploits

Introduction

  1. Miner reward validation hack
  2. xJPY to xBTC conversion/transfer
  3. Hidden burn/mint amount bug
  4. Zero value price record due to oracle being disabled

Issue Summary

Exploit Analysis and Rollback

  • Block: 886575
  • Time: 2021–06–27 22:21:08
  • Miner validation reward: Total exploit of 13.46 xBTC and 202,920 xUSD
  • xJPY to xBTC conversion: Total exploit of 112.2 xBTC
  • Grand total of 125.66 xBTC and 202,920 xUSD
  1. Rollback chain to 886575
  • Pros: Will remove the largest exploits
  • Cons: Transactions after 886575 will be reversed
  • Pros: No transactions will be reversed
  • Cons: Hackers will be left holding a large volume of XHV (Possibly 11m XHV), and supply figures will be unknown

Technical Documentation of Exploits

  • Occurred: Blocks 882877 (2021–06–22 18:19:41) and 882877 (2021–06–22 18:19:41)
  • Value of exploit: 2 equal transactions totaling 13.46 xBTC and 202,920 xUSD
  • Occurred: 884293/2021–06–24 17:51:46 (2.2 xBTC), 884305/2021–06–24 18:09:30 (change from previous transaction), 884689/2021–06–25 07:04:19 (110 xBTC)
  • Value of exploit: 2 transactions totaling 112.2 xBTC
  • Occurred: 18 times between 887361 (2021–06–29 00:45:20) and 887409 (2021–06–29 02:15:23)
  • Value of exploit: It is not possible to determine the value of these exploits.

Current Development Plan

  • Increase the lock time between xAsset conversions to 48 hours
  • Increase xAsset conversion fee to 0.5%
  • Implement 80% burn on xAsset conversion fee
  • Split balance of xAsset conversion fee evenly between miner and governance wallets
  • Improve mixing of xAsset conversions (including database migration)
  • Remove failed conversions from tx from the pool at point of failure — rather than 24 hours later (caused by tx pricing record height being older than ten blocks)
  • Fix integer overflow bug on supply page — causing circulation discrepancies
  • Build chain scanner — done
  • Fix exploits — done
  • Complete proof of coin — 70% done
  • Testing (inc. 3rd party) — ongoing
  • Fork/potential rollback/open exchanges — final step

Lessons Learned from the Hack

  • Open up the repository to more developers and ensure git history included. See github.
  • Implement a master, develop, feature, and hotfix branch to make the process more open.
  • We will maintain a standard of imposing unit tests that cover all edge cases before merging a feature branch into the development branch.
  • Pull Requests will be transparent and reviewable by all. 2 members of the team must sign off on all PR’s (2 of either Neil, Akil, or Justin).
  • Rewrite Monero’s unit tests for Haven. Run these in a CI/CD process for every PR.
  • Spend as much time as necessary reviewing every instance in the code where invalid inflation can feasibly be introduced.
  • Add unit tests for each bullet below. Community members can aid us in adding tests, and we can develop an increasingly large list that is provably tested against, permanently included to run in the suite of tests that run every PR merge in the CI/CD pipeline:
  • Transaction creation.
  • Use modified conversion rates.
  • Convert XHV <> xAsset, xAsset <> different xAsset.
  • Incompatible transfer types
  • XHV <> xUSD, XHV <> xAsset, xUSD <> xAsset, xAsset <> different xAsset.
  • Multiple assets: XHV <> xUSD + xAsset, XHV <> xAsset + different xAsset, xUSD <> xAsset + different xAsset.
  • Utilize older fee versions from before xAssets and xUSD were introduced.
  • Utilize Monero’s older tx versions to generate new output types.
  • Hard fork should probably simply prevent tx.version < 3.
  • Miner transaction.
  • Include minted coins of various assets, using various constructions with a keen eye on conditional logic.
  • Pricing record.
  • Arbitrary prices.
  • Use an earlier time stamped pricing record.
  • 0 values for any price.
  • 0 value for the signature and arbitrary prices
  • Scan the chain for any transactions or pricing records included which may have utilized any of the mechanisms above to create hidden inflation.
  • A generous bug bounty program.
  • Weekly or bi-weekly technical calls for anyone in the community to join and discuss technical ideas implemented and being considered for implementation in the future.
  • Haven improvement proposals (HIPs).
  • Repository to keep track of improvement proposals to Haven, and offer a forum for streamlined, transparent, asynchronous discussion.
  • PR’s will be managed by 2 people from the team.
  • Implement a robust decentralized voting mechanism.
  • Design and implement proof-of-coin to allow us to be confident the transparent amount minted and amount burnt on transactions is accurate going forward.
  • This will be reviewed, vetted, and validated by experts in cryptography, both the mathematical logic behind it, as well as the implementation.

Pool Operators

Voting on Decisions

Conclusion

--

--

Ecosystem of private stable assets. Based on Monero. The world's first private stablecoin xUSD is now live.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Haven Protocol

Ecosystem of private stable assets. Based on Monero. The world's first private stablecoin xUSD is now live.