THORChain Outlines Plans to Harden the Network
What Led to This
Chaosnet on THORChain was designed to attract hackers with real-world funds in order to properly battle-test the network. Multiple exploits back-to-back was more than the team and community expected, but the experience gives the developers a very clear path forward for hardening the network.
The Big Picture
The primary changes that will be made include the following:
- Automatic Solvency Checker
- Granular Network Pause Controls
- Node Timeouts
- Outbound Throttling
- Node Broadcast Bot
- Live Monitoring
Automatic Solvency Checker
The Automatic Solvency Checker will allow nodes to scan wallet balances and report inconsistencies between internal and on-chain values.
The “ASC” has two modes: Reactive and Proactive.
- Reactive mode scans the Asgard vaults, and reports on any insolvency.
- When 2/3rds of nodes agree that an insolvency has occurred, the network pauses inbound and outbound transactions.
- This method of detection is helpful against “fake fund” attacks where legitimate funds never settle into the vault.
- Proactive mode is designed to prevent the insolvency from taking place altogether.
- Outbound transactions are validated to ensure the network will not go insolvent if they are processed.
Granular Network Pause Controls
In the past, issues with a single chain required the entire network to be halted. This was not ideal from a user experience standpoint, since unaffected chains suffered unneeded downtime.
The new granular controls include:
- Pause trading on the entire network or for a single chain.
- Pause outbounds, preventing refunds and withdrawals on the entire network or for a single chain.
- Pause the THORChain ledger, freezing the network but allow it to continue to produce blocks.
This feature introduces a node command to independently pause the network for 1 hour if an attack is suspected, giving operators time to investigate and decide on a course of action.
This feature delays outbound transactions based on size. The larger a transaction is, the longer it will be take to be processed — up to one hour.
During prior attacks, the community caught the event quickly, but were unable to respond before the transactions were processed. Outbound throttling allows node operators time to respond before funds are totally drained.
This does hurt the user experience since swaps will take longer to process, but for most small transactions, will be unnoticeable. Over time, the delay can be reduced or removed completely.
Node Broadcast Bot
Node operators will now be able to send signed messages from their nodes that are relayed to Discord. This allows operators to communicate while staying anonymous.
The network will also be monitored by an autonomous bot that detects strange activity such as unusually high volume, large swaps, etc. Combined with node-level pausing and the other new features, will help the community catch attacks before major damage can be done.
THORChain will remain paused until audits are complete and the above-mentioned features have been deployed. This is expected to take 2-3 months, with audited chains being enabled as they are deemed safe.
Source: THORChain Medium
Follow the latest status of the network on RUNEBase.