THORChain Network Operation Roadmap
← Back to News

Halborn Publishes THORChain Hack Incident Analysis & Recommendations

Within 24 hours of the most recent THORChain hack, Halborn has compiled and published an in-depth incident analysis on the $8m attack.

Halborn Response Recommendations:

  • The Router contract should have pause/un-pause functionality on unintended behaviors. Implement a mechanism that can temporarily stop the critical functionalities.
  • A white-listing mechanism should be implemented on every Bifrost component.
  • Enable Automatic Solvency Checker on ETH transactions.
  • Only Router emitted events should parse from the component - minimizing its attack surface.
  • When smart contracts are deployed into the Ethereum blockchain, they are immutable and not upgradable. In the white-listing progress, Router should be placed behind the proxy.
  • Implement a new policy for tracking new bugs.

For more details, read the full report here.

Moving Forward:

In a series of tweets, the THORChain team has outlined next steps towards getting the system back online.

The outlined plan includes internal & external reviews of all chain integration points, working with Nine Realms on a continual Bounty Program, and working with Halborn Security on "Red Team Ops"

Like what you see? There's a lot more to come. Subscribe here to have RUNEBase guides, updates, and resources sent to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.