Now that @THORChain is BACK, we should reflect on what it took to get here. Follow the 🧵
1/ Multiple external audits have been conducted, of which those audits found nothing critical (will be released publicly soon).
2/ Internal audits did find critical issues, which were of course patched.
3/ A new team was born comprised of highly experienced white hat hackers. This "red team" takes an adversarial perspective on all code changes and must approve all changes. As well as pierce current code for potential threats/exploits they can find.
4a/ The core dev team took a step back to take a "blue team" stance. Instead of looking for specific exploits, the team took actions to protect the network from unknown threats. New changes were made to the protocol to make it more resilient, such as...
4b/ halting the network when there is insolvency. This would have protected the network from previous attacks. When large amounts of funds are being pulled out the network, the network delays those outbounds (up to an hour). This gives the community time to block an active attack
4c/ Node operators now have the capability to halt the network for 1 hour, every 3 days. Its enough power to protect the network from an ongoing attack, but not enough to significantly interrupt legit trading.
4d/ Changes were made to bifrost to block smart contracts from interacting with the network. This greatly reduces ACE (arbitrary code execution) threats to the network. Specific contracts (ie $XRUNE) can be reviewed and whitelisted access.
5/ While the project has always had bug bounties in the past, the team started a relationship with @immunefi to create a more formal process. This official channel should call on white hats to get more active with this code base and responsibly disclose any issues for profit.
Many thanks to the community for their support, encouragement, engagement, etc. The @THORChain community has one of the strongest communities in crypto, and recent events have proven that to me. Thank you, and see you in Valhalla!
• • •
Missing some Tweet in this thread? You can try to
force a refresh