THORChain has published a detailed plan to harden the network against further attack.
Chaosnet on THORChain was designed to attract hackers with real-world funds in order to properly battle-test the network. Multiple exploits back-to-back was more than the team and community expected, but the experience gives the developers a very clear path forward for hardening the network.
The primary changes that will be made include the following:
In addition to these code changes, audits by Halborn and TrailOfBits are ongoing, and plans to insure the protocol are being proposed.
The Automatic Solvency Checker will allow nodes to scan wallet balances and report inconsistencies between internal and on-chain values.
The “ASC” has two modes: Reactive and Proactive.
In the past, issues with a single chain required the entire network to be halted. This was not ideal from a user experience standpoint, since unaffected chains suffered unneeded downtime.
The new granular controls include:
This feature introduces a node command to independently pause the network for 1 hour if an attack is suspected, giving operators time to investigate and decide on a course of action.
This feature delays outbound transactions based on size. The larger a transaction is, the longer it will be take to be processed — up to one hour.
During prior attacks, the community caught the event quickly, but were unable to respond before the transactions were processed. Outbound throttling allows node operators time to respond before funds are totally drained.
This does hurt the user experience since swaps will take longer to process, but for most small transactions, will be unnoticeable. Over time, the delay can be reduced or removed completely.
Node operators will now be able to send signed messages from their nodes that are relayed to Discord. This allows operators to communicate while staying anonymous.
The network will also be monitored by an autonomous bot that detects strange activity such as unusually high volume, large swaps, etc. Combined with node-level pausing and the other new features, will help the community catch attacks before major damage can be done.
THORChain will remain paused until audits are complete and the above-mentioned features have been deployed. This is expected to take 2-3 months, with audited chains being enabled as they are deemed safe.
Source: THORChain Medium
Follow the latest status of the network on RUNEBase.