Defending Against the Unknown
The Big Picture
THORChain is arguably one of the most complex projects in the entire crypto industry, and with long-term goals of having billions of dollars of liquidity secured in the network, it is now time to take the lessons learned from the recent exploits to harden the network in preparation for mainnet.
Preventative security measures include Advanced Persistant Protection Services and in-depth audits of the protocol’s code by firms like Halborn, as well as a slower and more deliberate approach to the development process.
In addition, multiple active (and reactive) features are being developed that protect the network holistically, so even if vulnerabilities exist, the network will be able to protect itself before significant damage is done.
One such feature is the Automatic Solvency Check that continuously monitors the network for insolvency, and halts the network if it detects a problem.
A new ability outlined today is an added function that gives node operators the power to halt the network individually.
- A single node can halt the network for any reason for 300 blocks (25 minutes).
- When another node also requests a halt, the pause is increased by an additional 300 blocks.
- If 1/3 of all nodes request a halt, the network will be suspended indefinitely.
Why this is Important
- This functionality will allow individual nodes to make a judgement call if they suspect malicious activity is occurring, giving operators time to investigate any potential attack without fear of disrupting the network for an extended period of time.
- Advanced monitoring will also be built on top of this ability, so autonomous tools can observe inbound and outbound transactions and call a halt automatically if strange activity is discovered.
As demonstrated by the recent exploits, it is exceedingly difficult to build a system as complicated as THORChain that is totally immune to vulnerabilities.
The developers have taken a step back and reconsidered the mitigation techniques — instead of attempting to write impossibly secure code, they are designing autonomous security measures that react to suspicious events before major damage can be done.
These protections, combined with audits and a more comprehensive bug bounty program, will restore faith in the security of the THORChain network.