THORChain Trading Resumes

A vulnerability in the THORChain router contract was discovered last week, impacting ERC777 tokens (specifically XRUNE, the only ERC777 token currently pooled). THORChain developers halted the network to prevent further exploits, and began work to resolve the issue.

Steps to resolve included:

• Dealing with a non-standard approve() function with USDT, creating an edge-case during migration.
• Existing testnet needed to be reset. This was due to unreliable testnet node operators abandoning nodes due to a lack of incentive. The testnet is now being run directly by  THORChain devs for increased reliability.
• Needing to migrate funds from the old router contract to the new. This was a multi-step process that involved halting yggdrasil vault funding, recalling this funds to asgard, upgrading the contract, churning nodes, sending the funds to the new contract, re-enabling the yggdrasil vault funding, and finally resuming the network.

This was perhaps the most complex production upgrade to date.  While the downtime was longer than initially anticipated, it was due to an abundance of caution and extensive testing to ensure the network could resume safely.

Future updates to the THORChain protocol will include a mechanism to halt trading on specific tokens, rather than the entire network. This will allow problematic pools to be isolated and help prevent total network downtime.

Additionally, this was the first major production upgrade to the THORChain router. The success gives confidence to the process, allowing future router upgrade to be handled safely. While not included in this patch, a future version of the router will enable cross-chain composability, allowing for easier integrations with other DeFi protocols.

THORChain is an extremely complex protocol, and the first of its kind. Each successful upgrade further hardens the system, ensuring its stability in the long term. Developers, node operators, and community members must all coordinate during events like these — which is no easy task.