Between July and November 2021, the Haven Protocol development team delivered the most significant upgrade the project has ever seen. Without changing the mainnet chain or coins, we have completely overhauled and improved the maths and code behind the protocol, delivering a broad range of important security enhancements. In addition, processes within the project have been changed as a result of key lessons learned.
The result is Haven 2.0. The latest version of Haven Protocol.
Spurred on by the now infamous exploit of June 2021, this is the result of a five month marathon to recover from the exploit. This marks the start of a new beginning for Haven Protocol, allowing the focus to shift to improving decentralisation, reach, and liquidity with integrations such as ThorChain.
Haven 2.0 will be launched in a hard fork, which will be announced shortly.
The key upgrades in Haven 2.0 are:
- New mint and burn validation process
- Maths and code audit by industry leading experts
- Overhaul of code and security updates
- Root and branch refactoring
- Extensive penetration testing
- Bug bounty program
We’d like to thank the developers, team and community who have made huge commitments and sacrifices to make Haven 2.0 a reality.
Once live, conversions will be re-enabled in the protocol allowing users to swap between XHV, xUSD, and xAssets. This important step ensures 1 xUSD is always worth 1 USD of XHV, restoring Haven’s unique tokenomics that stabilize the value of xUSD.
Haven 2.0 Upgrades
Implementation and Audit of the New Mint and Burn Validation Logic
In addition to the original proof of value used by the Protocol to confirm the validity of transactions, Haven 2.0 includes a new mint and burn validation logic. This works by verifying additional data in conversion transactions to guarantee that the mint and burn values supplied by the sender are correct. This additional layer of validation completely eliminates any risk of a repeat of the conversion exploits experienced in June 2021.
It is critical that the mathematical model behind the new validation is totally robust. As a result, we commissioned Monero maths specialists – Cypher Stack and their team of specialists – to review our approach and confirm that the maths is robust and fit for purpose.
You can read the results of this maths audit here:
Overhaul Code and Security Audit
To ensure the new mint and burn validation logic is implemented correctly, along with associated security enhancements, the team again enrolled Cypher Stack to complete a code audit in order to confirm that the new and existing code is secure and true to the maths.
Cypher Stack comprises some of the world’s foremost Monero experts and are perfectly placed to carry out the thorough and deep analysis required.
Find out more here: https://www.cypherstack.com/
This has been an ongoing process during the full five months the protocol was under review, as we audited all new and existing code for potential attack vectors. The team has been actively working with a renowned Monero specialist to identify vulnerabilities and opportunities to improve the code. This intensive collaboration has brought valuable adversarial thinking to the project and additional technical knowledge. It has allowed us to make a number of tangible improvements to the code base and has been a highly beneficial part of the optimization process.
Refactoring of the Code Base
In parallel with the validation work and penetration testing, an ongoing effort to refactor the entire codebase has yielded multiple advantages. Cleaner, more organised code makes it easier to read and understand. This brings security and stability benefits as well as making the project more accessible to new developers and auditors.
Implemented Enhanced Unit Tests
Unit tests are automated routines that can be used to quickly assess core functionality. New unit tests have been developed to run after any update, to ensure that core functions always perform as expected.
Bug Bounty Program
To bring more eyes, opinions and expertise into the project, we launched a Bug Bounty Program with a maximum reward of $100k per contribution.
This has created a clear incentive structure for anyone who’s able to help hunt bugs and contribute towards our continual improvement.
This has been very successful and a number of anonymous supporters have made important contributions to the project security.
You can read all the details here
The bulk of Haven Protocol is still based on Monero and most of the enhancements described above relate to the Haven code specifically, partially around Mint and Burn. However, Haven 2.0 does include updates and improvements to Monero code itself. Monero updates are monitored closely, and applied to Haven where needed. Where testing identified issues in Monero, pull requests are shared upstream to improve Monero itself, contributing to the privacy community more broadly.
Are the coins the same on Haven 2.0 as they were before?
Yes, Haven 2.0 is only an update to the code. Your coins will not need to be swapped and will still be valid. The network will just continue as before on the same chain.
Are there new vaults to download?
Yes, there will be updated versions of all vaults available to download in good time for the fork. The web vault will be updated automatically so there is no action required for that. We will update the links to desktop and CLI vaults in Discord and the website with the latest versions and make announcements when they’re available to use.
They can be downloaded here
Do I have to send my coins to the new vaults?
No, this is not necessary as you can just restore your vault using the 25 word seed phrase on the new versions. Make sure you have recorded it before deleting any old vault files.
What happens to the network after Haven 2.0?
The fork restores full functionality to the network to be able to carry out conversions in the Haven vault between XHV, xUSD and all xAssets including xBTC, xAU, xCNY etc.
NOTE: xJPY (Japanese Yen) conversions will be suspended at the time of the fork and will no longer be available to users for the foreseeable future.
When and where will the fork be announced?
The fork date will be announced as soon as the security audit is complete and our developers are happy that all outstanding issues have been resolved. We will announce the fork on multiple platforms including Twitter, Discord, Telegram, Reddit and others to ensure that all users are made aware of the changes being made. We are nearing the completion of Cypher Stack’s audit and expect to announce an official fork date shortly.
Why have the fees and unlock times changed?
Following on from the exploits in June this year it was necessary to adjust the conversion fees and unlock times for the network assets. These changes only affect conversions between xUSD and other xAssets.
All xAssets will now unlock in 48 hours with fees of 0.5% for conversions. Another update includes the burning of 80% of the conversion fees with the remainder being split evenly between miners and the governance wallet. So, miners now receive 0.05% of the conversion fees.
You can read all the details on the new fee structure and unlock times in our Knowledge Base post here