HAVEN PROTOCOL

DESCRIPTION OF EVENTS

"Haven is an ecosystem of digital assets that enables users to convert between volatile assets and stable currencies directly within their vault, in complete privacy." "You don’t need to be a computer scientist to use Haven. We provide a range of different products handcrafted and tailored to any type of user." "[T]he Haven Protocol Foundation exists to serve the project’s needs from both a financial and growth perspective. Discussions are currently ongoing on the best way to achieve this and to set up the foundation’s structure and membership accordingly."

"Haven is based on Monero giving every asset within the ecosystem world class privacy. Haven provides a range of synthetic fiat currencies and digital assets, enabling commerce and portfolio diversification. Haven enables you to store, convert and transact in the form of money you prefer with trackers for xUSD, xCNY, xAU (Gold), xBTC (Bitcoin) and more."

"Haven Protocol is similar to an offshore bank where users can create private tokens that represent stable and volatile assets, including commodities and fiat currencies (such as USD). The protocol is based on Monero, which focuses on secure, private and untraceable transactions."

"As a result, most of the features of Monero extend to the Haven protocol, including the bulletproofs and other privacy tech. The base currency of Haven is the XHV, which is burnt to provide users with private, untraceable, synthetic assets and commodities called xAssets."

"The network uses a “mint and burn” process to provide users with untraceable digital assets with standard market pricing and real asset-pegged value storage. Simply, users can burn Haven (XHV) for Haven Dollars (xUSD), which is a synthetic stablecoin."

"In addition, the first crypto pegged asset, xBTC, has been added giving anyone in the world the ability to have exposure to Bitcoin’s price movements from their own private Haven Vault with no counter-party risk or conversion slippage. In addition to XHV, xUSD, xCNY, xEUR, xAU (Gold), xAG (Silver) you can now transact or store your wealth in the following: xBTC — Bitcoin xAUD — Australian Dollar xCHF — Swiss Franc xGBP — British Pound xJPY — Japanese Yen" "As the project continues to grow and evolve we have now laid out the plans to strengthen and further decentralize the project. Having successfully gone through the launch and startup phases we are now focused on growth and adoption."

"Total network activity correct as of 30th may 2021: Number of standard transactions = 149,538 Number of XHV<>xUSD conversions = 5,900 Number of xAsset transactions = 746 Number of xAsset conversions = 1,792 Sum of XHV<>xUSD conversions = $158,584,270 Sum of xAsset conversions = $182,671,737 Total Network Value (TNV) = $170 Million"

"Regarding specific attacks, on June 24, 203,000 xUSD and 13.5 xBTC were minted in two attacks; on June 27, an unknown amount of XHV was minted due to a vulnerability in the conversion verification of xAsset; June 29 , The attacker exploited a vulnerability that allowed the minting of 9 million xUSD." "The attack[s] took advantage of several vulnerabilities: Miner reward validation hack, xJPY to xBTC conversion/transfer, Hidden burn/mint amount bug, and Zero value price record due to oracle being disabled."

"June 22nd: 203,000 xUSD and 13.5 xBTC was minted in two exploits." "At 5 am on June 23, 2021 it came to our attention that there had been an attempted exploit on Haven Protocol. Upon investigation, we found that it was possible for an unscrupulous miner to modify the code to take advantage of a previously unknown vulnerability in the miner-reward-validation code. This meant that it was possible to mint a much higher mining reward than was due." "Value of exploit: 2 equal transactions totaling 13.46 xBTC and 202,920 xUSD" "The developers were quickly able to replicate the exploit, design and implement a fix, and issue a patch that permanently prevents a future occurrence of this exploit." "The team attempted to disable the counterfeit inputs in the deployed patch." "We originally thought we had prevented these being spent but we now know the attempted mitigation was too late. We did however prevent this attack from reoccurring."

"June 24th: An exploit in the xAsset conversion validation meant that an unknown amount of XHV was minted. We also prevented this from reoccurring. A summary of what our investigation has uncovered can be found below." "On the morning of June 28, 2021, the dev team became aware of two suspicious transactions in the explorer. A meeting was called immediately, and the team investigated the cause. After some initial exploration, we found a vulnerability that was exploited twice in three days, resulting in the minting of several counterfeit xBTC coins. This ultimately resulted in the unusually high selling volume of XHV on KuCoin." "Value of exploit: 2 transactions totaling 112.2 xBTC" "Using an xJPY input and xBTC output, it was possible for the attacker to take advantage of a vulnerability in the get_tx_type() function. This function determines transaction type (offshore, onshore, etc.). By modifying outputs, they were able to make the transaction look like an xAsset transfer. Since the transaction was being seen as a transfer rather than conversion, it bypassed the conversion validation code so the incorrect tx was accepted by the daemon."

"June 29th: an exploit was leveraged that allowed for minting of 9m xUSD." "We found a bug that allowed the reporting of the actual number of assets minted or burnt to be manipulated. This isn’t an exploit per se, and it doesn’t allow for any inflation, but it does allow a bad actor to hide transactions. It is possible to identify the transactions in the block scanner report, so we can see that it was used extensively after 886595. This is why it is impossible to trust the supply figures after this block. We have seen 35 instances of this in the last scan, starting at block 886595."

"In response to the xJPY exploit, the decision was taken to disable conversions by disabling pricing records. This was intended to block exploits in conversions and mitigate the impact of a rollback — if needed. The protocol is designed to invalidate conversions when no price record is available. However, a vulnerability in this protocol meant that it was possible to exploit the zero price when constructing a transaction to mint additional funds."

"The attacker was able to pass through proof-of-value and burnt/mint checks by modifying his tx and setting the amount burnt/mint to 0. Since 0 * x = 0, the validation passed, as it is supposed to return a 0 result. This is because inputs-(outputs + fee) should normally = 0. This then allowed the attacker to manipulate the output values to mint an arbitrary amount." "Occurred: 18 times between 887361 (2021–06–29 00:45:20) and 887409 (2021–06–29 02:15:23)"

"Each issue has left an identifiable anomaly in the blockchain data. This meant it was possible to build a blockchain scanner, which scans the entire chain to form a complete list of affected transactions. This allows us to better understand the extent and impact of each exploit. It also gives us a high level of confidence that we have not missed any transactions."

"Haven Protocol (XHV) released analysis reports and measures for [all] three serious attacks in late June. The chain rollback plan will be initiated and a hard fork will be implemented. Fix the known vulnerabilities in protocol minting." Rollback to "Block: 886575 Time: 2021–06–27 22:21:08" "If we rollback to a block before this point, when the exchange wallets were open, users or exchanges could lose funds. If we rollback to a block after this point, it would allow blocks with hidden mint burn data to survive, which hide unknown exploits." "A decision was made by the community to roll back the chain to block 886575 by a decisive 95% majority." Haven "conducted a 24-hour ballot on July 8, 2021 to gain [the] consensus from the Haven Protocol community."

"Because of time differences, KuCoin was the last to close deposits and withdrawals. They actioned our request at 1:56 am on the June 28th. Block 886575 is only 3 hours and 35 minutes before this point, meaning we still have a short window for disruption. We hope to work with KuCoin to put this right." "The exchange data we have seen so far suggests that most of these funds have already been sold and that the hacker does not hold much more."

"We’ve calculated below the total inflationary impact of these exploits. Miner validation reward: Total exploit [left after rollback] of 13.46 xBTC and 202,920 xUSD xJPY to xBTC conversion: Total exploit of 112.2 xBTC" That's a "Grand total of 125.66 xBTC and 202,920 xUSD"

"It is critical to note that this total is also offset by the 440,000 XHV (~$1.5 million) that is currently frozen in suspected KuCoin accounts, and 100,000 XHV ($~350,000) that is frozen in suspected TradeOgre accounts. We hope to recover and burn these funds."

"This would result in approximately $2.6 million in total inflationary impact, or 3% of Haven Protocol’s current market cap, based on today’s market prices."

"Our decision to engage law enforcement was also not taken lightly given the protocol’s privacy focus, and we attempted to ensure the safety of the XHV community without it. However, this formal involvement is mandated by our exchange partners in order to permanently freeze the accounts that continue to hold a substantial amount of exploited XHV."

"The rollback [was] complete and successful." "Haven Protocol successfully deployed a hard fork (version 1.4.0) to rollback the chain to block 886575." This "allow[ed] exchange wallets to re-open, on-chain transactions to resume, and mining to continue with confidence. However, xUSD and xAsset conversions in the Haven Vault remain[ed] paused." "After the rollback, a second hard fork [was completed] to re-enable xUSD and xAsset conversions after the completion of external audits of the updated codebase." "[T]he majority of exchanges, pools, and other nodes are now running the latest version of Haven Protocol." "Some miners experienced an issue with the original fork (v1.4.0) which resulted in reports of rejected transactions. This issue was resolved by the latest version (v1.4.1). The chain [began] functioning smoothly. XHV, xUSD, and xAssets can now be sent and received without any issues." [Haven Protocol worked] "with each exchange to ensure their own internal balances are correct and making payments from the governance wallet where necessary to meet our obligations."

A "[f]ix [was made to the] miner reward issues [by] add[ing] additional checks for validate_miner_transaction · GitHub. [Haven] fix[ed the] xAsset conversion issues [through a] asset type bug fix. [They] fix[ed] 0 price record issue [and] add[ed] 0 pr and amount bunt/mint check. [Finally, they] fix[ed the] conversion fee overflow issue (found in block scan) [and] [i]mplement[ed] “proof-of-coin” into the protocol." The "Haven Protocol validation [was] based on a proof of value. We are now extending this concept to include public mint and burn data, to ensure that it matches the hidden values in the proof of value calculation." "This gives the protocol a second layer of validation, ensuring any future attempt to manipulate mint and burn data will not be valid and cause the transaction to be rejected."

"The Haven Protocol developers are making steady progress towards Haven 2.0. This update will mark a significant revision of Haven’s core code and a step-change in the project."

"Haven 2.0 will mark a significant revision of Haven’s core codebase and a critical step-change in the project. It will also include substantial security updates." "This release will also mark a major milestone for the project. With a significantly improved protocol, the delays of the June 2021 exploits will be behind us, and we’ll benefit from new processes and procedures with a focus on security and testing. At this point, the team and community’s focus can shift back to growing the future of private money, with collaborations such as THORChain, exchanges, and third-party wallet integrations."

"It will include substantial security updates in the form of new mint and burn validation and allow conversions to be re-enabled." "In addition to Haven’s original proof of value (detailed on page 5 of Haven’s whitepaper), the team has designed a new mint and burn validation logic. This works by including additional data in conversion transactions to guarantee that the mint and burn values supplied by the sender are correct. This new validation eliminates any possibility of a repeat of the June 2021 exploits."

"We have submitted a complete written description of the design to auditors — Monero mathematics specialists with in-depth knowledge of the Monero codebase. We will continue collaborating with this team and others until we are 100% confident that the approach for this new validation is secure."

"Once all of the above steps are complete, along with any associated code changes and testing (both on testnet and new stagenet), the final and official audit can be conducted. Passing this audit will be the last step before planning the fork."

"We’d like to thank the entire community for your patience during this challenging period as we’ve worked to unpack, analyze, strategize and mitigate the effects of the multiple attacks on the Haven ecosystem over the past weeks." "As painful as this process has been, it has hardened the team and the protocol. There is no doubt that the project is now stronger because of it."

Haven Protocol is a complex blockchain focused around privacy. There were at least 3 vulnerabilities in the blockchain, which allowed the minting of a significant number of additional tokens, which were then sold by the hacker.

The Haven Protocol has subsequently rolled back the largest attack and focused extensively on security, releasing multiple upgrades. Haven Protocol also worked with exchanges to make sure that customers were all made right. It is unknown if any vulnerabilities exist in 2.0, however is it certainly more secure.

HOW COULD THIS HAVE BEEN PREVENTED?

There were no recorded customer losses in this case, however the token supply was inflated which would lower it's value slightly. The end rate of inflation is comparable to <2 years of fiat inflation, so this does not seem to represent a significant loss either.

Check Our Framework For Safe Secure Exchange Platforms

SlowMist Hacked - SlowMist Zone (May 18)
Haven Protocol XHV – Private Money (Aug 22)
Haven Protocol price today, XHV live marketcap, chart, and info | CoinMarketCap (Aug 22)
Status Update - 18th Aug 2021 : havenprotocol (Aug 22)
Haven Protocol Successfully Deploys Rollback Hard Fork (Aug 22)
Haven Project Update May 2021 (Aug 27)
Haven 2 0 Release Status Update (Aug 27)
initial import of blockchain scanner · haven-protocol-org/haven-main@8dae477 · GitHub (Aug 27)
Haven Chain analysis : known invalid TXs - Google Sheets (Aug 27)
Haven Protocol Technical Overview Of June 2021 Exploits (Aug 27)
Haven Protocol July 26 Update And Next Steps (Aug 27)
Release v1.4.1 · haven-protocol-org/haven-main · GitHub (Aug 27)
Haven Protocol Announces Rollback Hard Fork For Monday July 19 2021 (Aug 27)
Haven Protocol Will Rollback Chain To Block 886575 June 27th (Aug 27)
Haven Protocol Exploits Mitigation Plan And Next Steps (Aug 27)
https://www.blockthreat.io/p/blockthreat-week-26-2021 (Feb 8)

More case studies

ThorChain ETH
Bifrost Exploit

DDEX XDX Swap
Backdoor