If you are able to donate and contribute to the Haven project, please click here. Thank you.
Fork 1 and rollback complete
Today Haven Protocol successfully deployed a hard fork (version 1.4.0) to roll back the chain to block 886575. This is part one of a two-stage recovery plan to mitigate the June 2021 exploits and strengthen the protocol as we build the future of private money. Thank you to our dedicated community for guiding this process.
Beginning on June 22, 2021, malicious hackers attacked Haven Protocol, exploiting several related vulnerabilities. Following the attack, the protocol’s core team worked together with partners to conduct a wide-ranging review of the protocol and its processes. This was done to understand the potential impact and ensure a secure recovery from the exploit.
The investigation identified a number of malicious transactions. Most importantly, the team identified and isolated a transaction where the hackers minted an unknown quantity of XHV. As a result, a rollback was proposed to the community as the only way to mitigate the potential inflation, safeguard the protocol, and protect holders.
The team recommended the optimal rollback block would be 886575 (June 27, 2021, at 22:21:08 UTC). Following this recommendation, on July 8th a 24-hour ballot was conducted, with the community voting 95% in favor of a rollback.
Now that the rollback has been successfully deployed, returning all features of the protocol to a working state is the top priority. The team, along with external contributors and auditors, are focused on delivering an updated codebase that will include public mint and burn data in the transaction validation to ensure that it matches the hidden values in the proof of value calculation.
This will give the protocol a second layer of validation, ensuring any future attempt to manipulate mint and burn data will not be valid and cause the transaction to be rejected. This will block all attack vectors related to the mint and burn exploits.
More details of the hack and the recovery plan can be found in the Technical Overview of June 2021 Exploits document released on July 7th and more general information can be found on the website in the Knowledge Base.
In order to expedite this recovery plan, the core team made a decision to deploy two separate hard forks:
The first fork – successfully deployed today – rolled back the chain to the safest block, will allow exchange wallets to re-open, on-chain transactions to resume, and mining to continue with confidence. However, xUSD and xAsset conversions in the Haven Vault remain paused.
After the rollback, a second hard fork is now being planned to re-enable xUSD and xAsset conversions after the completion of external audits of the updated codebase. We’re working quickly with third parties to audit and review the new code, but to reiterate, this process cannot be rushed. We are committed to ensuring Haven Protocol’s new conversion validation structure is secure.
The timing of the second fork is yet to be confirmed, but the team will ensure timely updates are made throughout its development.
Now that the rollback fork has been deployed, users will need to run an updated version of (v1.4.0) of the Haven Vaults in order to carry out transactions. You can find updated links here:
- Web (updated automatically): https://vault.havenprotocol.org
- Mac Desktop: https://docs.havenprotocol.org/binaries/v1.4.0/Haven-1.4.0.dmg
- Windows Desktop: https://docs.havenprotocol.org/binaries/v1.4.0/Haven-1.4.0%20Setup.exe
- Debian/Ubuntu: https://docs.havenprotocol.org/binaries/v1.4.0/haven_1.4.0_amd64.deb
- Mac CLI: https://docs.havenprotocol.org/binaries/v1.4.0/haven-macos.tar.gz
- Windows CLI: https://docs.havenprotocol.org/binaries/v1.4.0/haven-windows.zip
- Linux 2.27 CLI: https://docs.havenprotocol.org/binaries/v1.4.0/haven-linux-glibc227.tar.gz
- Linux 2.29 CLI: https://docs.havenprotocol.org/binaries/v1.4.0/haven-linux-glibc229.tar.gz
We have also added a short guide on updating Haven Vaults on the website’s Knowledge Base here.
This is a significant step in Haven Protocol’s journey. We greatly appreciate the contributions of our community, exchange partners, and third-party developers in responding to the June 2021 exploits. We’re confident the protocol will be more secure and better prepared for the road ahead. We can’t wait to continue building the future of private money with all of you.