Secret Network resolves network vulnerability following white hat disclosure

Published at: Nov. 30, 2022

On Nov. 30, Guy Zyskind, CEO of privacy smart contract blockchain Secret Network, said that developers had patched a privacy-related vulnerability and users' funds remain secure. In a document dated Nov. 29, Secret Network wrote that users or developers required no action and that all active nodes were upgraded to correct the exploit on Nov. 2. 

2/ You can read the post for the main details, but the important part is that the vulnerability was mitigated and unlikely to have been exploited. Most importantly, funds were never at risk, because Secret intentionally does not rely on SGX for correctness – only privacy.

— Guy Zyskind (@GuyZys) November 29, 2022

The sequence of events, unveiled late yesterday by the Secret Network developers, began when a group of white-hat computer science researchers contacted the Secret team on Oct. 3 regarding a recently disclosed xAPIC (Advanced Programmable Interrupt Controller) architectural bug. The exploit allowed uninitialized memory reads in certain Software Guard Extension-enabled (SGX) Intel CPUs. Secret Network leverages SGX technology to provide confidential execution of smart contracts. 

As stated in their paper, researchers first registered a server as a validator node on the Secret Network, even when they did not have sufficient funds to be trusted to actively validate transactions. The registration process then stored a copy of Secret's global consensus seed inside its SGX enclave. Next, through the aforementioned CPU glitch, researchers extracted the consensus seed of its Secret Node and its private Intel Enhanced Privacy ID key. Finally, with these items, they were able to break Secret's privacy-preserving features and decrypt the internal state of all smart contracts on the network, as well as the digital assets embedded in them. 

Secret developers verified the exploit on Oct. 4 and devised a plan to patch the vulnerability together with researchers and Intel staff. First, nodes were forcefully ejected from the network, and their secret keys deleted. After that, nodes could only rejoin the network if they patched all known vulnerabilities, which was completed on Nov. 2. "With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet," wrote the Secret Network team.

In addition, new nodes joining the network will be limited to server-class hardware only, as to limit the attack surface that user-class hardware presents. Founded in 2015, Secret Network currently has a market cap of $131 million through its native token SCRT. The firm partnered with director Quentin Tarantino to launch Secret NFTs last November.

Tags
Related Posts
PayPal to start letting US customers pay in Bitcoin at global merchants
Online payments giant PayPal will start to accept cryptocurrency as a medium of exchange at its millions of global merchants, the firm’s president and CEO revealed on Tuesday ahead of a formal announcement. News broke regarding PayPal’s rumored decision to accept cryptocurrencies early on March 30. Later in the day, the firm’s CEO, Dan Schulman, confirmed to Reuters that the rumors were true and that an official statement would be released imminently. The new system is expected to feature a crypto checkout service where users can pay for goods and services at approved vendors using their stored coins. The system …
Adoption / March 30, 2021
Cointelegraph announces the Top 100 Notable People in Blockchain 2021
Let’s get one thing out of the way: You will not agree with every selection on the Cointelegraph list of the Top 100 Notable People in Blockchain. In fact, you will almost certainly disagree, vehemently, with many of the people we’ve included on this year’s list. You will rage at the inclusion of [insert comedy villain here] and the exclusion of, say, Charles Hoskinson. Particularly if you are indeed Charles Hoskinson. You will seethe at the fact that Arthur Hayes is nowhere to be found. (We looked.) You'll eat your own... words because you once tweeted that John McAfee was …
Decentralization / Feb. 1, 2021
Largest cryptocurrency exchange in Latin America to develop renewable energy tokens
In an announcement to Reuters News on Thursday morning, Brazillian cryptocurrency exchange Mercado Bitcoin said it has signed an agreement with Comerc, one of the main retail energy providers in Brazil, to develop renewable energy tokens. Mercado Bitcoin and Comerc seek to implement two types of tokens. The first, set to launch in 2022, will be tied to a cashback scheme for solar energy generation. Currently, Comerc customers receive up to 15% to 20% of their electricity bills' value in cashbacks should they choose to switch to solar energy. The second token will be linked to certificates that document energy …
Adoption / Nov. 9, 2021
Stader Labs announce $12.5 million strategic raise, receives praise from Terra founder Do Kwon
On Thursday, Stader Labs, a crypto firm building decentralized finance, or DeFi, products for proof-of-stake blockchain networks, announced that it raised $12.5 million in a private sale. The funding round was led by Three Arrows Capital with additional participation from Blockchain.com, Accomplice, DACM, GoldenTree Asset Management, Accel, Amber, 4RC, Figment, and anger investors. This puts Staber Labs at a valuation of $450 million. Amitej Gajjala, CEO of Stader Labs, issued the following comment regarding the development: This capital will be strategically deployed to accelerate our cross-chain expansion, as well as to nurture our growing ecosystem of third-parties developing staking applications …
Adoption / Jan. 20, 2022
What are the worst crypto mistakes to avoid in 2022? | Find out now on The Market Report
“The Market Report” with Cointelegraph is live right now. On this week’s show, Cointelegraph’s resident experts discuss the worst mistakes you should avoid making in crypto. But first, market expert Marcel Pechman carefully examines the Bitcoin (BTC) and Ether (ETH) markets. Are the current market conditions bullish or bearish? What is the outlook for the next few months? Pechman is here to break it down. Next up: the main event. Join Cointelegraph analysts Benton Yaun, Jordan Finneseth and Sam Bourgi as they talk about the worst crypto mistakes to avoid making in 2022. First up we have Bourgi, who thinks …
Decentralization / April 12, 2022