After a few hacker attacks, THORChain modified its immune system. In the future, the nodes will have more opportunities to pull the emergency brake in the event of suspicious activities and to protect the network from fraudulent processes. The ace up your sleeve: attacks should be less worthwhile than honest bug bounty work. Meanwhile, it flushes the RUNE course further up after its dive.
The last few weeks have been exciting for the THORChain developers. In July, two hacks revealed significant security flaws in the cross-chain liquidity protocol, which not only affected the price of the native crypto currency RUNE and enriched some hackers, but also scratched the trust of investors in THORChain. The thriller about the “self-service store” THORChain seems to have been told.
You cannot prevent cybercrime, but you can at least adjust the adjusting screws so that the attack vectors are reduced. Accordingly, THORChain has reacted to the hacks of the past time and has now announced a “series of changes” that are intended to make the protocol “less sensitive to attacks” and to enable nodes to “react more quickly” in suspected cases. In return, nodes are given more authority, while the network status is checked more frequently “and the funds that leave the system are throttled”. The changes are ultimately intended to “make any attacker consider an attack on THORChain not even worth trying”. Instead, they should “just apply for a bounty and get paid”.
THORChain creates a safety net
With an automatic credit check, Nodes will in future counter-check wallet stocks and report “negative deviations between the on-chain account balance and what THORChain thinks”. Incoming transfers are totaled and then deducted from the total amount of outgoing transactions. The nodes communicate noticeable deviations to the network. With a two-thirds majority, all deposits and withdrawals are automatically stopped. The scan takes place automatically every one to two minutes.
In addition, there is also a “proactive mode” in which nodes carry out the credit checks. This mode is “more powerful and is intended to catch bankruptcies before they occur”. If a node tries to sign an outgoing transaction (txOut), it first calculates “whether the vault will become insolvent by executing the txOut”. If so, he denies authorization and “files for bankruptcy”.
With the “granular network pause control”, individual actions on a network can also be frozen in the future without bringing block production to a standstill. This allows swaps to be paused and withdrawals to be suspended. As a last resort to halt the network, nodes can also initiate a “timeout” that halts the network for 720 blocks, about an hour. However, this joker should not be used often and should only be drawn when there is a major threat.
Honesty pays off
Another method is the throttling of outgoing transactions, the processing of which can be delayed depending on the volume. The larger the amount of money processed in the blocks, the longer the confirmation takes. While this does not prevent single-handed attacks, it does give the nodes valuable time to react to suspicious incidents:
Had this function (plus node timeouts) been present during the last attacks, the attacker could have been held up for a full 60 minutes, and the nodes could have taken a break and saved the money. Even if the attacker had broken up into much smaller transactions, he could have captured a maximum of 100,000 to 200,000 US dollars in the first few minutes. This amount is now less than the bounty they could have won, so they may have thought about simply reporting the bug.
And finally, if all else fails, bots take care of searching for and reporting “abnormal activity”. THORChain has developed a whole arsenal of mechanisms to impregnate the network. How reliable these are remains to be seen. However, the developers seem to have learned their lessons from the “collateral damage” and adapted the node powers to the threats.
THORChain brings the “best armor” out of the closet
However, the increased security has its price. The changes could slow down THORChain a bit in the near future and “have a temporary negative impact on the user experience”. The protocol will probably have to pause more often, and the processing of swaps could also take more time in individual cases than before. As soon as the network is stable, the measures can be “scaled back” over time and the user-friendliness improved again. Until then, the developers are combative: “It is currently a battlefield, and THORChain brings its best armor until the battle is won”.
The RUNE course has not been defeated by the latest incidents without a fight. Since the price crash two weeks ago, RUNE has more than doubled. With currently 6.80 US dollars, there is a hefty plus of 74 percent on the weekly counter.