Haven Protocol Announces Hard Fork Rollback on Monday, July 19, 2021
Fork process will securely restart chain and open exchanges while third party audits are completed
This document highlights the next steps regarding the upcoming hard forks for Haven Protocol. The team’s top priority is to open up exchange wallets and enable all transactions as soon as possible, while completing thorough audits and external reviews of the updated codebase.
These updates are in response to the June 2021 exploits. For further details, please read our full report.
Rollback to block 886575
On July 8, 2021 the Haven Protocol community participated in a vote to decide on the best response to the June 2021 exploits. A decision was made by the community to roll back the chain to block 886575 by a decisive 95% majority. This rollback is being incorporated into a hard fork on July 19, 2021.
The fastest and most secure approach requires two forks.
A hard fork is required for two primary reasons:
- Securely enable rollback – reverse exploits that resulted in unknown inflation and enable exchange transactions, sending, and receiving of assets.
- Implement enhanced validation to make any future attempts to exploit conversions impossible.
For each day we spend ensuring the protocol is secure, by building and auditing additional validation proofs, we delay the rollback and reopening of the exchanges. At the same time, we cannot rush the required security updates. As a result, it is necessary to conduct two separate forks, meeting each priority as soon as the code is ready.
Fork 1: Rollback the chain while keeping conversions disabled.
To get the chain running and exchange wallets open, we will release a fork on July 19, 2021 that initiates the rollback to block 886575. This fork will include code that prevents any type of xUSD or xAsset conversions at the daemon level, making any conversion-based exploit impossible.
This will allow us to reinstate the protocol sooner, in a completely secure way, while keeping conversion disabled pending third party review and auditing. It will also allow pools and miners critical to the Haven Protocol network to continue with confidence in the chain. It will also ensure all users looking to buy and sell XHV on exchanges can be confident in their transactions and transfer XHV to Haven Vaults as needed.
Fork 1 – Feature summary
- Transfers between Haven Vaults – OPEN
- Exchange deposits and withdrawals – OPEN
- Conversions (Between XHV & xUSD or xUSD & xAssets) – CLOSED
Fork 1 also includes the patches to address the vulnerabilities found in the exploit. However, these are currently redundant as conversions are disabled anyway.
In addition to the above response to the exploit, fork 1 will include the scheduled updates that were planned before the attack.
Planned changes
xAsset Price lag changes
- Increase the lock time between xAsset conversions to 48 hours
- Increase xAsset Conversion fee to 0.5%
- Implement 80% burn on xAsset conversion fee
- Split balance of xAsset conversion fee evenly between miner and governance wallets
Bug fixes and improvements
- Improve mixing of xAsset conversions (including database migration)
- Remove failed conversions from tx from the pool at point of failure – rather than 24 hours later (Caused by Tx Pricing Record height being older than ten blocks)
- Fix integer overflow bug on supply page – causing circulation discrepancies
Fork 1 is currently in final testing, planned for release July 19, 2021. Because the exchange wallets are currently closed, the usual two week notice period for exchanges does not apply.
Fork 2: Implement additional security and third-party validation and re-enable conversions
Fork 2 will include a fundamental overhaul of conversion and validation logic to completely remove any opportunity to exploit conversions.
This update will remove all remaining vulnerabilities that led to the June 2021 exploits. In addition, an extensive audit is being carried out by third-party developers and consultants who will provide further confidence that the updated codebase is robust.
While we have completed much of the development work required for fork 2, and while we are working quickly with third parties to audit and review this new code, this process will not be rushed. We are committed to ensuring Haven Protocol’s new transaction validation structure is secure.
Upgraded validation
To reduce the attack surface significantly, the second fork will add an additional layer of validation to the protocol. This will block any exploit that relies on the manipulation of fees, or the mint and burn data during conversions. This was the attack vector used in each of the June 2021 exploits. By adding these additional proofs and validation, any attempted manipulation of transaction or conversion data will be impossible.
Fork 2 – Feature summary
- Transfers between Haven Vaults – OPEN
- Exchange deposits and withdrawals – OPEN
- Conversions (Between XHV & xUSD or xUSD & xAssets) – OPEN
Users holding xUSD
We’re aware that the utility of xUSD is severely limited until conversions are re-enabled in fork 2. To allow users to move in and out of xUSD, we have been actively working exchanges to enable additional on/off ramps. We hope to be able to announce a new xUSD/XHV pair soon.
Havex.io, operated by a trusted Haven community member, is also being extended to allow exchanges between xUSD and XHV, if desired.
More information on these will be shared as soon as the details have been finalized.
Vault support
The web, desktop, and Command Line Interface (CLI) Haven Vaults will require an update to support the rollback.
A new version of the CLI will be released with the new daemon code (v1.4.0) that enables fork one. We intend new versions of the desktop and web vaults to be available at the same time as fork one.
Any attempted transactions using a vault that hasn’t been rolled back to this point will be rejected. Balances may also be incorrect if the rollback hasn’t been synchronized with your vault.