Aragon Court Vulnerabilities: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/aragoncourtvulnerabilities.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/aragoncourtvulnerabilities.php}} | ||
{{Unattributed | {{Unattributed Sources}} | ||
[[File:Aragoncourt.jpg|thumb|Aragon Court]]When Aragon Court first launched, there were several vulnerabilities found in the smart contract, which were resolved without exploit. | [[File:Aragoncourt.jpg|thumb|Aragon Court]]When Aragon Court first launched, there were several vulnerabilities found in the smart contract, which were resolved without exploit. | ||
This is a global/international case not involving a specific country. | This is a global/international case not involving a specific country.<ref name="openzeppelinforum-1155" /><ref name="aragonblog-1988" /><ref name="aragon-1989" /><ref name="messari-1990" /><ref name="forbes-1991" /><ref name="youtube-1992" /><ref name="cointelegraph-1993" /><ref name="aragonblog-1994" /> | ||
<ref name="openzeppelinforum-1155" /><ref name="aragonblog-1988" /><ref name="aragon-1989" /><ref name="messari-1990" /><ref name="forbes-1991" /><ref name="youtube-1992" /><ref name="cointelegraph-1993" /><ref name="aragonblog-1994" /> | |||
== About Aragon Court == | == About Aragon Court == | ||
| Line 73: | Line 72: | ||
!Description | !Description | ||
|- | |- | ||
|March 30th, 2020 | |March 30th, 2020 | ||
|Main Event | |Main Event | ||
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
| Line 81: | Line 80: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 100: | Line 102: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== General Prevention Policies == | |||
No user funds were lost in this case. | |||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
<references><ref name="openzeppelinforum-1155">[https://forum.openzeppelin.com/t/list-of-ethereum-smart-contracts-post-mortems/1191 List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community] (Jun | <references><ref name="openzeppelinforum-1155">[https://forum.openzeppelin.com/t/list-of-ethereum-smart-contracts-post-mortems/1191 List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community] (Jun 23, 2021)</ref> | ||
<ref name="aragonblog-1988">[https://blog.aragon.one/aragon-court-v1-upgrades/ Site Unavailable] (Jun | <ref name="aragonblog-1988">[https://blog.aragon.one/aragon-court-v1-upgrades/ Site Unavailable] (Jun 23, 2021)</ref> | ||
<ref name="aragon-1989">[https://anj.aragon.org/ Aragon Court] (Jul | <ref name="aragon-1989">[https://anj.aragon.org/ Aragon Court] (Jul 30, 2021)</ref> | ||
<ref name="messari-1990">[https://messari.io/asset/aragon-court/profile Messari - Bitcoin & crypto price, news, charts, and research] (Jul | <ref name="messari-1990">[https://messari.io/asset/aragon-court/profile Messari - Bitcoin & crypto price, news, charts, and research] (Jul 30, 2021)</ref> | ||
<ref name="forbes-1991">[https://www.forbes.com/sites/michaelhaley/2020/02/26/tim-draper-backed-aragon-disrupts-traditional-governance-with-a-decentralized-court/ Tim Draper Backed Aragon, Disrupts Traditional Governance With A Decentralized Court] (Jul | <ref name="forbes-1991">[https://www.forbes.com/sites/michaelhaley/2020/02/26/tim-draper-backed-aragon-disrupts-traditional-governance-with-a-decentralized-court/ Tim Draper Backed Aragon, Disrupts Traditional Governance With A Decentralized Court] (Jul 30, 2021)</ref> | ||
<ref name="youtube-1992">[https://youtu.be/p-nkDzvcNnY Welcome to Aragon Court - YouTube] (Jul | <ref name="youtube-1992">[https://youtu.be/p-nkDzvcNnY Welcome to Aragon Court - YouTube] (Jul 30, 2021)</ref> | ||
<ref name="cointelegraph-1993">[https://cointelegraph.com/news/aragon-court-is-now-in-session-for-global-decentralized-judgements Aragon Court Is Now in Session for Global Decentralized Judgements] (Jul | <ref name="cointelegraph-1993">[https://cointelegraph.com/news/aragon-court-is-now-in-session-for-global-decentralized-judgements Aragon Court Is Now in Session for Global Decentralized Judgements] (Jul 30, 2021)</ref> | ||
<ref name="aragonblog-1994">[https://blog.aragon.org/launching-aragon-court/ Launching Aragon Court] (Jul | <ref name="aragonblog-1994">[https://blog.aragon.org/launching-aragon-court/ Launching Aragon Court] (Jul 30, 2021)</ref></references> | ||
Latest revision as of 13:30, 1 May 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
When Aragon Court first launched, there were several vulnerabilities found in the smart contract, which were resolved without exploit.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8]
About Aragon Court
"Aragon Court handles subjective disputes that require the judgment of human jurors. These jurors stake a token called ANJ which allows them to be drafted into juries and earn fees for successfully adjudicating disputes."
"Aragon, founded in 2016 by Luis Cuende and Jorge Izquierdo, aims to “create global, bureaucracy-free organizations, companies, and communities,” with a counting list of 1,000 organizations in its network already."
"Aragon’s “court” was launched in January 2020 and serves as the backbone for the Aragon digital jursidiction. The court works at three different levels. First, the network assigns five random judges, who are required to stake ANT tokens to vote and resolve disputes. The judging process is set up as a prediction market where judges are incentivized to correctly bet on which party is right or wrong in a dispute. Dissenting (minority) judges lose their bonded stakes, which are paid to the winning judges."
"From November 28th to February 10th, Aragon Court's contracts were deployed to Ethereum mainnet for security researchers to review before they were activated and open to users." "The launch was announced in a blog post on Feb. 10, detailing that over the past three years the team behind the project had created and launched relevant tools for Decentralized Autonomous Organizations (DAO) to exist. At that point, the platform counted more than 1,000 DAO created with $8 million under management."
"Plaintiff’s in Aragon disputes are also required to post a stake of tokens, or, bond. If they lose, they can walk away with some of their stake, or double down and appeal by increasing the bond. This makes the case public to the entire network of judges and the voting process is repeated. If the plaintiff still doesn’t agree with the outcome of the network-wide judging, they may increase their bond again and appeal to the network’s Supreme Court, which is governed by the top nine judges in the network as measured by reputation, something earned through a combination of stake and prior prediction accuracy."
"By making it possible for anyone in the world to organize digitally, Aragon seeks to enable borderless, permissionless entity creation and governance."
"[W]e put a lot of effort into designing the protocol, built an exhaustive test suite, and received a thorough security audit. But no matter what, we know the presence of bugs is always a possibility. That's why we designed the protocol to handle upgrades and prepared a contingency plan in the event we needed to fix issues or adjust the protocol to community needs."
"One of the most important fixes was a bug in the JurorsRegistry module of Aragon Court, found by samczsun." "When a juror requests an ANJ deactivation, they have to wait one term before they can withdraw their ANJ from Aragon Court. This is because they could still be selected for a dispute in the same term they requested the deactivation. If this happens, the deactivation balance requested is decreased to ensure the juror has enough active ANJ to participate in the dispute. The problem was that we weren't reflecting this in both data structures, but only in one of them (see L634-L651). This enabled two possible exploit paths based on whether the juror was on the winning or the losing side of the dispute. In the case of a winning juror, it would have resulted in losing some ANJ because their balance was not updated correctly at the time of selection. In case of a losing juror, the dispute itself could be blocked from being settled if the juror didn't have enough ANJ left in Aragon Court to be penalized because the stored balance was reflecting an amount lower than the juror's actual balance." "The second issue was specific to a dispute lasting until the final round, where all active jurors can become involved. We were updating the data structures differently depending on whether the juror had a deactivation request or not (see L377-L387). This would have been a problem in case a juror would have requested an ANJ deactivation while voting in the final round. It could have caused the same situations explained in the previous issue, depending on whether the juror was on the winning or losing side of the dispute."
"Another important issue was discovered by Bingen, a member of Aragon One and one of the main contributors to Aragon Court. This issue was related to how the evidence submission period was handled in the DisputeManager module. Specifically, it resulted in a possible advantage to one side of the dispute when drafting jurors."
"To summarize, disputes follow a lifecycle. Early on in a dispute's life, the protocol provides a window of time for the involved parties to submit any relevant evidence for jurors to evaluate later. In cases where all parties are done submitting evidence, Aragon Court allows the last submitter to close the submission process early and proceed to the next phase."
"The problem was that in these cases, the protocol would use the current term's randomness value—an already known value—to draft the initial jurors (see L233). This would have allowed the party that closed the submission process to see what the draft outcome would be, and, if it wasn't favorable, wait for the next term. Although it would have been possible to do this for only a limited number of terms (currently 7), it still wasn't the desired behavior."
"The fix was simple: when closing the submission period early, we changed the draft term to be the next term (in the future) to ensure its randomness was not known beforehand. Similar to what we did for the previous bug, we submitted a vote to the AN DAO to perform the module swap. This time, we didn't need to do any other action to complete the migration."
"Another issue pointed out by samczsun was related to the smart contract we built to simplify and decrease the number of transactions necessary for an account to become an active juror by obtaining and activating ANJ into Aragon Court. The issue was that any account with an existing ANT approval to the wrapper contract could have their approved amount activated by any other account (see L78)."
"Fortunately, the fix was simple, and we only needed to deploy a new instance of the wrapper contract which users can opt into and does not require approval from the AN DAO. We found no accounts with remaining approval balances for the old wrapper contracts."
"Aragon Court underwent upgrades to resolve issues reported by samczsun and internal reviews. No users were affected by these issues." "We resolved this issue before anyone could exploit it as part of the day 1 migration."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| March 30th, 2020 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
No funds were lost.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
No user funds were lost in this case.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 23, 2021)
- ↑ Site Unavailable (Jun 23, 2021)
- ↑ Aragon Court (Jul 30, 2021)
- ↑ Messari - Bitcoin & crypto price, news, charts, and research (Jul 30, 2021)
- ↑ Tim Draper Backed Aragon, Disrupts Traditional Governance With A Decentralized Court (Jul 30, 2021)
- ↑ Welcome to Aragon Court - YouTube (Jul 30, 2021)
- ↑ Aragon Court Is Now in Session for Global Decentralized Judgements (Jul 30, 2021)
- ↑ Launching Aragon Court (Jul 30, 2021)