Post-Attack Status Report

This week, as we prepare for the release of Haven 2.0, we have an opportunity to review the past six months. We’ll look at the progress made and explain how the attack impacted the project. In summary, we are more optimistic than ever for the future of Haven Protocol.

Background of the June 2021 exploits

Full details of the attack can be found in this report. In summary, the team responded quickly, patched immediate vulnerabilities, and paused asset conversions until the protocol was secured with the release of Haven 2.0.

Much of the attack’s impact was mitigated by the quick closure of exchange deposits/withdrawals and the community’s decision to roll back the blockchain, removing the bulk of the resulting inflation.

Whilst it was painful at the time, the attack came at a manageable moment in the growth of the project. We were still agile enough to respond effectively, and valuable lessons have been learnt that will harden the protocol for the years ahead. It resulted in the development of Haven 2.0, an essential evolution. 

Haven 2.0

Haven 2.0 has been vastly improved, with maths and code independently audited by Monero specialists at Cypher Stack (view audits). It includes the new mint and burn validation to address the conversion vulnerabilities. For more details, see this guide to Haven 2.0.

Potential effect on supply

Haven Protocol’s supply is elastic, as market forces cause the circulation to expand and contract during inflationary and deflationary cycles. This is a desirable and essential feature that is explained in the white paper. There were assets minted in June’s exploit, before the rollback point that have marginally increased the protocol’s circulating supply. These figures were understood by the team and community and can be seen in the post-attack report. You can view the current circulating supply of XHV, xUSD, xAssets on the block explorer here.

A sophisticated blockchain scanner has been built by the dev team to identify and understand any malicious transactions.

However, a vulnerability did exist that could have been used to mint coins, in a way that is very difficult if not impossible to detect in the chain. It could theoretically have been used to convert between assets with a 1:1 ratio, like in the xBTC – xJPY exploit. This vulnerability was identified by the core team and fixed in the July 2021 fork before anyone else could have known. The team are highly confident it was never exploited. First, there is zero evidence of this exploit ever being used, either in onshore-offshore data, trading, or anywhere else.

Second, it would take an extraordinary level of knowledge and understanding of the protocol, which is why our team of experienced developers never spotted this after years of working in the code. Third, the xAsset exploit we experienced in June was significantly simpler to perform, so there was no incentive for anyone to look deeper into the codebase to perform this kind of attack.

Now that all conversions benefit from Haven 2.0 mint and burn validation, confirming transactions in both the elliptic curve and normal space, we have complete confidence in the future supply figures.

Impact on Treasury 

Prior to the attack, the project’s governance wallet was accumulating conversion fees rapidly, so the balance was higher than expected in our financial forecasts. However, the attack significantly reduced project funds.

First, the rollback reversed a large proportion of the fees from those utilising the xBTC price lag. This is desirable, as those fees contribute to the negative impact of the xBTC trading, so they are funds that we would rather not have had anyway. New xAsset lock times and fees mean that this type of arbitrage trading is no longer possible, as the protocol is intended for asset storage.

Second, some exchanges and mining pools lost significant funds as a result of the rollback, as many XHV deposits or rewards were reversed. The protocol had a responsibility to reimburse the lost funds, to both meet contractual obligations and maintain relationships. The cost of these reimbursements was around 400,000 XHV.

The third significant expense was the bug bounties and consultancy. We are delighted that this scheme has been a success. So far $150,000 worth of payments have or will be made to a number of contributors during the development of Haven 2.0.

Most of the above expenses were paid in XHV, but the vault contained mostly xUSD and xBTC from conversion fees. To manage the flow of XHV whilst conversions were offline, we’ve relied on the generosity of supporters who have loaned several hundred thousand XHV to the project. For this, we are very grateful, and most of these loans have been repaid already. 

Even though 80% of xAsset conversion fees will be burnt in Haven 2.0, the project is still on a solid financial footing. Currently, the governance wallet has 1.3 million xUSD, 18,000 XHV and 10 xBTC. This balance will be significantly reduced once the final XHV loans are repaid, depending on the market price of XHV. We expect that onshore and offshore fees will cover all operational overheads of the protocol moving forward.

Conclusion

While the attack had a significant impact on the protocol, our team, and our community, we’re proud of the work done over the last four months to recover and build Haven 2.0. This success is a testament to the dedication of all those involved, who are all committed to realizing Haven’s promise of private, stable money. 

Next week’s launch will mark the most important milestone for the project. Haven 2.0 will allow us to begin planning for our next phase of growth, including integrations with THORChain, third party wallet, and much more. Stay tuned, and thank you for being part of the future of private money!