November 3, 2022
First and foremost, we want to thank you all for your patience as we finalize the changes to our code ahead of a return to Mainnet. We will provide a summary of said changes below.
We want to make a few things absolutely crystal clear.
First, if we ever have a reasonable expectation to believe the integrity of the Protocol and/or user funds is in danger, we will always do our due diligence to ensure the highest possible safety measures are in place.
Second, Jackal Labs and its core team will always maintain professionalism in our conduct and communication internally and externally. As we have said from the outset of this project, our team and partners fully intend to bring Jackal Protocol to the mainstream enterprise market. As such, our communications standards and practices will always be aligned with the partners and industries we strive to work with. Public facing disputes over social media or any other open platform will never be part of Jackal’s communications strategy.
Finally, Mr. Gadikian’s initial damage assessment can be found here.
Disclaimer: Our partners at Notional can not publicly vouch for the security of the blockchain with 100% certainty.A summary of the changes and edits made to the code.
The security of the Jackal Protocol is, and always will be, the Jackal Labs team’s preeminent responsibility. As such, when it was suggested by Mr. Gadikian to halt the chain to protect the safety of our users, we quickly agreed and asked the validators to bring the chain down temporarily to address Mr. Gadikian’s concerns with the Protocol’s code.
Following is a breakdown of concerns and the subsequent action taken by CTO Marston Connell.
Topic: MD5
The MD5 issue was not actively exploitable. In our digital signature module (dsig), to sign forms, we used MD5 as a hashing algorithm to create the identifier for each form. The only harm possibly done is running out of the number of forms possible earlier than we would like. An attacker could have prevented others from creating forms by posting specific forms themselves. We have moved away from MD5 in favour of SHA512 for our hashing algorithm.
Topic: Were funds at risk?
Funds were not at risk except in an adversarial economic attack scenario where the adversary possibly could halt the chain to attack liquidity. We still have yet to identify a circumstance where an attacker could halt the chain; however, if this happened, then liquidity would be at risk. If this can be re-created in a testing environment, a white hat bounty will be awarded to the party that identified the vulnerability.
Topic: Were validator file systems at risk?
Validator file systems were not at risk. The web server, by default, does not have any read access to the private keys of the validator. Storage Providers are designed, as is evident in the source code, to read and write files to
`~/.canine/networkfiles/` directory.
Validator private keys are saved to
`~/.canine/config/`
This could be a valid security concern if and only if a validator ran the command `canined start-provider` manually. Being conscious of the possible risk regarding human error from validator teams, we are separating all provider and validator codebases to ensure zero cross-wiring.
Topic: Re-factored code
The team refactored existing code to be compatible with the standard golang build tools and linter to improve readability and audibility.
Topic: Storage Module Distribution
In its former state, the Storage Module was only interacting with the development Storage Provider used for testing. This was the only Storage Provider semi-online and received 100% of the provider rewards. This is expected behaviour coming from this module. We will be burning the tokens when the chain comes back online.
Testing storage provider wallet: jkl1nmgvnxkxpuykyhdrpnuhutj0uzzwj39z99hjk2.
Topic: Upgrading libraries
With the addition of “Dependabot,” we brought every library we depend on up-to-date. This will help improve the overall security of the chain in perpetuity.
Topic: Moving away from Ignite CLI
Cosmos documentation suggests that we should use Ignite CLI to build and maintain a cosmos-based blockchain, and as such, the Protocol was built with this tool. It has been brought to our attention that many of the libraries Ignite is reliant upon, and some of its core code is insecure. We have taken steps to reproduce every aspect of our chain that was built with Ignite and reproduce it without the use of Ignite.
Closing
We thank Mr. Gadikian for identifying these issues and assisting us in making the necessary changes. As we have maintained since yesterday, we are happy to compensate the Notional team for their efforts. Although his methods may sometimes be unorthodox, we recognize his expertise and experience in the field. If Mr. Gadikian or Notional chooses to work with Jackal in the future, we would be happy to have them in our corner.
The Jackal Protocol will be coming back online Monday, November 7, 2022.
