Status Update – 18th Aug 2021
Haven 2.0 marks a significant revision of Haven’s core code and a step-change in the project. It also includes substantial security updates in the form of new mint and burn validation.
This release will also mark a major milestone for the project. With a significantly improved protocol, the delays of the hack will be behind us, and we’ll benefit from new processes and procedures. At this point, our focus can shift back to the growth of the project, with collaborations such as Thorchain, exchanges, and third-party wallets.
Haven 2.0 will go live in the next fork, which will be scheduled once all necessary development is complete and audited. This release will also allow in-vault conversions to be re-enabled.
Please be aware that we’ll be taking no risks and leaving no stone unturned. As a result, these steps are subject to change as we work towards the release.
Development Plan
The initial draft of the Haven 2.0 code is complete and has been in circulation for a number of weeks. This includes the new mint and burn validation. This fully functional proof of concept requires 3 more steps before it can progress to the final audit and launch. These are all ongoing.
- Robust penetration audit
- Penetration testing is an ongoing process, auditing all new and existing code for potential attack vectors. The team have been actively working with a Monero specialist to identify vulnerabilities and opportunities to improve the code. This intensive collaboration has brought the necessary adversarial thinking to the project and additional technical knowledge. This has already allowed us to make a number of tangible improvements to the code base, with more planned.
- Penetration testing is an ongoing process, auditing all new and existing code for potential attack vectors. The team have been actively working with a Monero specialist to identify vulnerabilities and opportunities to improve the code. This intensive collaboration has brought the necessary adversarial thinking to the project and additional technical knowledge. This has already allowed us to make a number of tangible improvements to the code base, with more planned.
- Audit mint and burn validation logic
- In addition to the original proof of value, we have designed a new mint and burn validation logic.This works by including additional data in conversion transactions to guarantee that the mint and burn values supplied by the sender are correct. This eliminates any possibility of a repeat of June’s exploits. Given the complexity of the additional verification, we want to be sure that the logic is sound. We have submitted a complete written description of the design to the auditors; Monero maths specialists with in-depth knowledge of the Monero codebase. We will continue collaborating with this team and others until we are 100% confident that the approach is secure.
- In addition to the original proof of value, we have designed a new mint and burn validation logic.This works by including additional data in conversion transactions to guarantee that the mint and burn values supplied by the sender are correct. This eliminates any possibility of a repeat of June’s exploits. Given the complexity of the additional verification, we want to be sure that the logic is sound. We have submitted a complete written description of the design to the auditors; Monero maths specialists with in-depth knowledge of the Monero codebase. We will continue collaborating with this team and others until we are 100% confident that the approach is secure.
- Optimise code base
- In parallel with the first two points, work is underway to overhaul the entire codebase. To make the code easier to read and manage, we are tidying up the daemon and wallets. This is important as it will make the code more robust and efficient, bringing security and stability benefits. It will also make the project more accessible to new developers and auditors.
Final Audit
Once all of the above steps are complete, along with any associated code changes and testing (on testnet and new stagenet), the final and official audit can be conducted. Passing this audit will be the last step before planning the fork.
We thank the community for their patience whilst these updates are made. We are as keen as anyone else to launch this code as soon as possible.