QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$0 USD
MARCH 2020
GLOBAL
ARAGON COURT
DESCRIPTION OF EVENTS
"Aragon Court handles subjective disputes that require the judgment of human jurors. These jurors stake a token called ANJ which allows them to be drafted into juries and earn fees for successfully adjudicating disputes."
"Aragon, founded in 2016 by Luis Cuende and Jorge Izquierdo, aims to “create global, bureaucracy-free organizations, companies, and communities,” with a counting list of 1,000 organizations in its network already."
"Aragon’s “court” was launched in January 2020 and serves as the backbone for the Aragon digital jursidiction. The court works at three different levels. First, the network assigns five random judges, who are required to stake ANT tokens to vote and resolve disputes. The judging process is set up as a prediction market where judges are incentivized to correctly bet on which party is right or wrong in a dispute. Dissenting (minority) judges lose their bonded stakes, which are paid to the winning judges."
"From November 28th to February 10th, Aragon Court's contracts were deployed to Ethereum mainnet for security researchers to review before they were activated and open to users." "The launch was announced in a blog post on Feb. 10, detailing that over the past three years the team behind the project had created and launched relevant tools for Decentralized Autonomous Organizations (DAO) to exist. At that point, the platform counted more than 1,000 DAO created with $8 million under management."
"Plaintiff’s in Aragon disputes are also required to post a stake of tokens, or, bond. If they lose, they can walk away with some of their stake, or double down and appeal by increasing the bond. This makes the case public to the entire network of judges and the voting process is repeated. If the plaintiff still doesn’t agree with the outcome of the network-wide judging, they may increase their bond again and appeal to the network’s Supreme Court, which is governed by the top nine judges in the network as measured by reputation, something earned through a combination of stake and prior prediction accuracy."
"By making it possible for anyone in the world to organize digitally, Aragon seeks to enable borderless, permissionless entity creation and governance."
"[W]e put a lot of effort into designing the protocol, built an exhaustive test suite, and received a thorough security audit. But no matter what, we know the presence of bugs is always a possibility. That's why we designed the protocol to handle upgrades and prepared a contingency plan in the event we needed to fix issues or adjust the protocol to community needs."
"One of the most important fixes was a bug in the JurorsRegistry module of Aragon Court, found by samczsun." "When a juror requests an ANJ deactivation, they have to wait one term before they can withdraw their ANJ from Aragon Court. This is because they could still be selected for a dispute in the same term they requested the deactivation. If this happens, the deactivation balance requested is decreased to ensure the juror has enough active ANJ to participate in the dispute. The problem was that we weren't reflecting this in both data structures, but only in one of them (see L634-L651). This enabled two possible exploit paths based on whether the juror was on the winning or the losing side of the dispute. In the case of a winning juror, it would have resulted in losing some ANJ because their balance was not updated correctly at the time of selection. In case of a losing juror, the dispute itself could be blocked from being settled if the juror didn't have enough ANJ left in Aragon Court to be penalized because the stored balance was reflecting an amount lower than the juror's actual balance." "The second issue was specific to a dispute lasting until the final round, where all active jurors can become involved. We were updating the data structures differently depending on whether the juror had a deactivation request or not (see L377-L387). This would have been a problem in case a juror would have requested an ANJ deactivation while voting in the final round. It could have caused the same situations explained in the previous issue, depending on whether the juror was on the winning or losing side of the dispute."
"Another important issue was discovered by Bingen, a member of Aragon One and one of the main contributors to Aragon Court. This issue was related to how the evidence submission period was handled in the DisputeManager module. Specifically, it resulted in a possible advantage to one side of the dispute when drafting jurors."
"To summarize, disputes follow a lifecycle. Early on in a dispute's life, the protocol provides a window of time for the involved parties to submit any relevant evidence for jurors to evaluate later. In cases where all parties are done submitting evidence, Aragon Court allows the last submitter to close the submission process early and proceed to the next phase."
"The problem was that in these cases, the protocol would use the current term's randomness value—an already known value—to draft the initial jurors (see L233). This would have allowed the party that closed the submission process to see what the draft outcome would be, and, if it wasn't favorable, wait for the next term. Although it would have been possible to do this for only a limited number of terms (currently 7), it still wasn't the desired behavior."
"The fix was simple: when closing the submission period early, we changed the draft term to be the next term (in the future) to ensure its randomness was not known beforehand. Similar to what we did for the previous bug, we submitted a vote to the AN DAO to perform the module swap. This time, we didn't need to do any other action to complete the migration."
"Another issue pointed out by samczsun was related to the smart contract we built to simplify and decrease the number of transactions necessary for an account to become an active juror by obtaining and activating ANJ into Aragon Court. The issue was that any account with an existing ANT approval to the wrapper contract could have their approved amount activated by any other account (see L78)."
"Fortunately, the fix was simple, and we only needed to deploy a new instance of the wrapper contract which users can opt into and does not require approval from the AN DAO. We found no accounts with remaining approval balances for the old wrapper contracts."
"Aragon Court underwent upgrades to resolve issues reported by samczsun and internal reviews. No users were affected by these issues." "We resolved this issue before anyone could exploit it as part of the day 1 migration."
When Aragon Court first launched, there were several vulnerabilities found in the smart contract, which were resolved without exploit.
HOW COULD THIS HAVE BEEN PREVENTED?
List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 23)
Site Unavailable (Jun 23)
Aragon Court (Jul 30)
Messari - Bitcoin & crypto price, news, charts, and research (Jul 30)
Tim Draper Backed Aragon, Disrupts Traditional Governance With A Decentralized Court (Jul 30)
Welcome to Aragon Court - YouTube (Jul 30)
Aragon Court Is Now in Session for Global Decentralized Judgements (Jul 30)
Launching Aragon Court (Jul 30)
