piece timeline

On June 29, a programmer from Solus Explorer development team CryptoScope found that there was a problem with the RVN balance counted by the browser during regression testing. After in-depth troubleshooting, he confirmed that there were many abnormal RVN issuance operations on the main network, and then Quickly contact Ravencoin official team members to report this bug.

After communicating with the RVN development team, CryptoScope decided to temporarily close some entrances of Solus Explorer to reduce the possibility of other attackers exploiting the vulnerability, and bought a certain amount of time for the official team to solve the problem.

On July 3rd, the RVN team released an emergency update to the community, which eventually resulted in a procedural fix for the Ravencoin network on July 4th at block 1,304,352.

On July 8, RVN officially explained that this vulnerability was caused by a bug introduced by a malicious PR (Pull Request) submitted by hackers (Github account: WindowsCryptoDev).

The vulnerability caused a total of 301 million RVNs to be issued, which is equivalent to 1.44% of the original total supply of 21 billion and 4.6% of the existing supply.

• RVhLBBsdFbKmBC1muPB2of74w19NwHzUsK

• RAekzFLJDfLpaTfMonPNEvahWVYvBu2iE8

• RU4C2CLwRTm4s4LbWMYdzAJFbZGL5rZqGs

According to the tracking, a large number of newly issued RVNs were disassembled and sent to different addresses, and finally transferred to the exchange. The official location is the following 3 addresses:

The RVN team stated that it has traced the clues of one of the hacker teams, and has obtained the information of the attacker, hoping that it will transfer the additional RVN to a specific address for destruction. According to the RVN team, a total of about 3.9 million additional RVNs have been destroyed.

In addition, the official team did not solve the attack through a form similar to the ETH hard fork, but indirectly acknowledged the validity of these additional coins. In order to ensure that the total supply remains unchanged, the official proposal is to reduce the total mining revenue in the future. However, this plan still needs to be approved by the community, and it will only take effect after the BIP9 upgrade on the chain.

The original total issuance of RVN is 21 billion, and the block generation time is 1 minute. The current block reward is 5,000 RVN, and the reward will be halved after every 2.1 million blocks, that is, it will be halved every 4 years. According to the current official plan, each halving will be 59,580 blocks earlier than before (about 41.375 days).

secondary title

Attacker Behavior Review

On January 16th, a developer named WindowsCryptoDev submitted a PR (Pull Request) on Ravencoin Github, apparently trying to improve the error message returned by the node. The PR quickly received feedback from Ravencoin officials and merged into the master branch.

PR details

In the original code, for asset-related transactions, as long as the RVN output value of the transaction is not 0, the "bad-txns-asset-tx-amount-isn't-zero" error message will be returned.

This PR optimizes the error message for different types of asset transactions. On the surface, it seems to be convenient for developers to distinguish the specific cause of the error, but the hacker left a back door, that is, the error message was not optimized for TX_REISSUE_ASSET. Note that the consequence of this is not only that the error message cannot be distinguished, but that the originally illegal transaction (TX_REISSUE_ASSET and RVN output value is not 0) is judged as a legal transaction, which eventually leads to the issuance of RVN.

On January 17, hackers continued to publish TX_ISSUE_ASSET transactions on the Ravencoin main network, providing the basis for subsequent TX_REISSUE_ASSET attacks.

On May 9th, the hacker started to initiate a TX_REISSUE_ASSET transaction on the Ravencoin mainnet every 2 hours, issuing 500,000 RVN to his own address. This behavior continued until July 3rd, when the hacker realized that the official was ready to fix the bug (The bugs on the mainnet have not been fully fixed at this time).

According to the statistics of Solus Explorer, the final total additional issuance is 301,804,400 RVN, which is more than 301 million RVN.

secondary title

safety warning

Although the vulnerability only affected the Ravencoin network, there are many other blockchain systems that have encountered similar security issues. For example, Bitcoin was exposed to similar serious security vulnerabilities in 2018. The attack window lasted from October 2017 to August 2018, and affected all new currencies developed based on Bitcoin code after October 2017. However, the bug at that time was not maliciously introduced by hackers, but caused by developers' mistakes. Fortunately, the bug was not exploited by any hackers before it was fixed by the developers.