Secret Network resolves network vulnerability following white hat disclosure

XRP

On Nov. 30, Guy Zyskind, CEO of privacy smart contract blockchain Secret Network, said that developers had patched a privacy-related vulnerability and users’ funds remain secure. In a document dated Nov. 29, Secret Network wrote that users or developers required no action and that all active nodes were upgraded to correct the exploit on Nov. 2. 

The sequence of events, unveiled late yesterday by the Secret Network developers, began when a group of white-hat computer science researchers contacted the Secret team on Oct. 3 regarding a recently disclosed xAPIC (Advanced Programmable Interrupt Controller) architectural bug. The exploit allowed uninitialized memory reads in certain Software Guard Extension-enabled (SGX) Intel CPUs. Secret Network leverages SGX technology to provide confidential execution of smart contracts. 

As stated in their paper, researchers first registered a server as a validator node on the Secret Network, even when they did not have sufficient funds to be trusted to actively validate transactions. The registration process then stored a copy of Secret’s global consensus seed inside its SGX enclave. Next, through the aforementioned CPU glitch, researchers extracted the consensus seed of its Secret Node and its private Intel Enhanced Privacy ID key. Finally, with these items, they were able to break Secret’s privacy-preserving features and decrypt the internal state of all smart contracts on the network, as well as the digital assets embedded in them. 

Secret developers verified the exploit on Oct. 4 and devised a plan to patch the vulnerability together with researchers and Intel staff. First, nodes were forcefully ejected from the network, and their secret keys deleted. After that, nodes could only rejoin the network if they patched all known vulnerabilities, which was completed on Nov. 2. “With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet,” wrote the Secret Network team.

In addition, new nodes joining the network will be limited to server-class hardware only, as to limit the attack surface that user-class hardware presents. Founded in 2015, Secret Network currently has a market cap of $131 million through its native token SCRT. The firm partnered with director Quentin Tarantino to launch Secret NFTs last November.

Articles You May Like

Last Chance To Buy Ethereum? Analyst Expects $6,000 Once It Breaks 8-Month Accumulation
Analyst Reveals When The Ethereum Price Will Reach A New ATH, It’s Closer Than You Think
Ethereum Consolidation Continues – Charts Signal Potential Breakout
Spot Ethereum ETFs See $515 Million Record Weekly Inflows – Details
Is Ethereum Undervalued? Investors Hold Firm While Price Targets Rise