Token Transaction Overflow
First - discovery leading to disclosure
December 16, Igor was test running an updated version of safexd of the safex blockchain on mainnet after applying and merging several updates and features including those to activate the marketplace; however, the synchronization failed on block 101616 citing a integer overflow error.
Igor inspected this block and that’s where he discovered that there was a transaction in block 101616 containing the integer overflow triggering the creation of 1.844 billion Safex Tokens.
Igor immediately notified Daniel Dabek, the founder of the Safex project.
Igor and Daniel commenced effort to probe these transactions and to first of all discover if these tokens were spent. It turned out that 2x 100 million token outputs generated in the integer overflow exploit were moved and broken down into 5 million token pieces.
Igor thoroughly commenced research into an approach to track the movement of the 5 million token pieces; however, despite coming up with a method to discern which transactions originated from these exploited tokens due to the anonymity features of the cryptonote protocol it will be virtually impossible to identify which transactions belong to the original 100m without developing a deanonymization tool and a total cooperation o every single transaction maker including from blocks 1 year old.
Igor confirmed that we can block 1.6 billion part of the overflow, however, definitively we can not block neither the 44 million tokens which exist in small pieces nor the 2x 100 million that were broken into 5m token chunks.
While the 2x 100million and 44 million pieces are blocked in the code from being used further; we do not know which or if any of them have already been used, and we can never really know without cooperation of every transaction controller that had a mixin since the coins have moved. An approach that is virtually unfeasible.
To understand the risk that we face is this: these outputs are used as mix ins choosen at random whenever anyone transacts over the blockchain. We only know that these outputs aren’t spent twice, but we can not deduce at which point they are spent and if they are actually spent or just being used as mixins.
On Daniel’s order, they refrained from alerting anyone or disclosing this discovery until the initial technical survey of the options were concluded. By Thursday Daniel contacted legal counsel for advice on the matter.
The reason for secrecy is that this bug is active and disclosure should not occur until the patch is developed and prepared for deployment. Taking into account that numerous stake holders will need to be carefully alerted so as to smoothly integrate the hardfork without any further movement of the exploited tokens.
The patch was completed on December 31st, and the preparation for this disclosure took place in time for the January 6th hardfork date.
Second - scope of damage
The final scope of the damage is the creation of 244 million safex tokens through exploiting the integer overflow bug in the token transactions flow. This means that the token community has faced a dilution; however, the total token supply remains below the original 2.147 billion prior to the migration.
Third - how the damage occurred
On January 18th, 2019 someone exploited a bug in the code that enabled an integer overflow attack which caused the blockchain to accept a transaction that created outputs that totaled the over flow of 1.844 billion safex tokens. This damage was generated through exploiting an integer overflow that was left exposed since the original implementation of the safex token system.
Fourth - what was done to eliminate and reduce damage
First of all, the bugged code of the integer overflow is patched and repaired. In response to the tokens that were generated Igor additionally produced a patch to block further usage of the 244 million tokens so if any of those tokens were not yet spent, they will not be able to be spent going forward. Finally, the 1.6 billion unmoved tokens that were in the original exploited are blocked entirely and will not enter circulation.
Additionally, Igor made a full sweep through the flow of tokens during the past three weeks to ensure that the flow is working as intended in full. Igor was not a producer of the bug.
Fifth - conclusions and follow up actions
A similar bug was exposed in the Bitcoin Blockchain in 2010 where 184 billion bitcoins were generated using integer overflow; however,
in that case the bug was caught on the block explorer by the community within hours and the damage was erased. In our case the transaction lay dormant for nearly 6 months before entering a state where part of the funds were moved to an indiscernible position due to the strong privacy features of the Safex Blockchain. And until another 5 months did we discover it during an update to the core.
To address this gap in attention to the activity of the blockchain we have implemented a monitoring tool which announces large transactions of either safex tokens and safex cash, as well as the global node map. Other monitoring features are also enabled to defend the integrity of the blockchain.
A bug of any magnitude should be reported to the development team or a pull request made on github to address any issues found with the open source safex code bases of any kind. That being said our community should have in place a reliable entity that can facilitate a process to redeeming bounties for reporting and fixing any bugs. This could have provided an adequate incentive to improve rather than to exploit the software.
Affects of the blocks in the latest codebase: If you have a transaction that is mixed in with the exploited tokens the wallet will return you the error
Invalid Inputs If you received this error and you are not our attacker you simply need to spend your transaction with a mix in of 1 to move your tokens forward.
Also, until we update the wallet: Orbiter and CLI they may sometimes fail to send a transaction because the system fetches mix ins at random and those two software are not yet programmed with the blocks the way the blockchain is. So it may fetch the blocked transactions which would simply cause a fail in sending with an error. After which you can retry your transaction. We will work quickly to update orbiter and the cli wallet to take into account the new blocked transactions.
There are other angles we can take to full go after all the exploited tokens; however, the effect of developing and coordinating an intensive investigation could be futile and would thoroughly derail our efforts on the marketplace application. Taking into account the valuation and likely movement to exchanges, we want to move on and complete the marketplace.
The Safex Development Community