THORChain - Hacks - What you want to know!

3 minute read

THORChain Hacks - What you want to know!

What has happened so far

  1. Massive community response. This is great to see. Lots of passion, ideas and great engagement.
  2. Solvency checker for the Asgard vault (YGG vaults are protected by the node operators and the incentive pendulum). (#999)
  3. Ability to stop single chains, instead of halting the entire network (#1013)
  4. Halborn progress updates released. Here
  5. Halborn Report on latest Hack here

What is happening.

  1. White list ETH Smart Contracts (#1037, #1043)
  2. Nodes can request halts
  3. Increased delays for very large outbound transactions
  4. Increased monitoring tools
  5. Responsible disclosure and bounty program, now managed by NineRealms and Immunefi.
  6. Halborn and Trail of Bits conducting security audits - structured review.
  7. Code walk through for white/grey hat hackers by the team - adding community/involvement eyes on the project - unstructured review
  8. Taking some time while this is happening in the background.

Frequently Asked Questions

Official Medium Article with more information here

  1. When will THORChain restart?

    When it is safe to do so. Depends on how the security audits are ready. Current timeframe is about 6-8 weeks, thus about mid September. A lot is happening in the background. Everyone wants it now but this is why it is called Chosnet, so please be patient while the team and the community works through this. Mods will post updates from the devs, so keep an eye on the pinned messages. Honestly, I think it is better to take the time now than rush it. Draft timeline frin the team is here

  2. What happened to my uncompleted swaps or withdraws?

    The chain is halted so nothing is being processed. Everything is recorded, so if you have transactions, they should be processed when the protocol is fully restarted. The restart will happen in stages, look for details in the pinned messages. Won’t be able to do anything till then.

  3. Do I still get block rewards / income as a LP?

    Yes, THORChain will credit the pools with Rune while the chain is halted so LPs do not lose out. The Rune you get is based on your position so it is fair.

  4. Do I still get ILP?

    Yes, however it is measured in blockchain time, not in time passed, e.g. duration. Thus the time to 100 days is paused while the chain is paused. E.g., if the chain is paused for 5 days, you need to wait 105 days duration.

  5. What happened to my RUNEYield? It’s showing $8k ETH price and -99.9% APY vs HODL for my ETH pool!

    Firstly, don’t stress, this is not reflective of your actual position. The pools are currently out of balance which effects their price. Pools have their own price which is unrelated to the market price, and this is upset when the pool is out of balance, this is why everything looks strange. It will return to normal when, in this example, the ETH chain restarts. Then RUNEYield will start to look normal again.

  6. Heard Team will make whole my LP pool. Does this mean paid in ETH? RUNE? Both?

    As per point 3, LPs will get paid block rewards. There has been talk about reimbursing the pools however nothing is yet conformed, just too early. A lot of analysis is required for all of the consequences of the halt, this is just one of them. There will be more detail given closer to when the ETH chain restarts. Do not THORChain has a record of looking after LPs.

  7. Heard team would suspend ERC20. What about ETH? What about my ERC20 LPs?

    This has been suggested but it is too early to tell. The outcome of the security audits and the white/grey hacker review will help determine the path and timeframe moving forward. There will be more detail released once that has occurred.

Previous video

This video was on the first ETH Hack (the first one described in the video above) where I look at the code, if you want more information.