Safex Token Overflow: January 6, 2020

Safex-Overflow-Non2766×1383 545 KB

First - discovery leading to disclosure

1. December 16, Igor was test running an updated version of safexd of the safex blockchain on mainnet after applying and merging several updates and features including those to activate the marketplace; however, the synchronization failed on block 101616 citing a integer overflow error.

2. Igor inspected this block and that’s where he discovered that there was a transaction in block 101616 containing the integer overflow triggering the creation of 1.844 billion Safex Tokens.

3. Igor immediately notified Daniel Dabek, the founder of the Safex project.

4. Igor and Daniel commenced effort to probe these transactions and to first of all discover if these tokens were spent. It turned out that 2x 100 million token outputs generated in the integer overflow exploit were moved and broken down into 5 million token pieces.

5. Igor thoroughly commenced research into an approach to track the movement of the 5 million token pieces; however, despite coming up with a method to discern which transactions originated from these exploited tokens due to the anonymity features of the cryptonote protocol it will be virtually impossible to identify which transactions belong to the original 100m without developing a deanonymization tool and a total cooperation o every single transaction maker including from blocks 1 year old.

6. Igor confirmed that we can block 1.6 billion part of the overflow, however, definitively we can not block neither the 44 million tokens which exist in small pieces nor the 2x 100 million that were broken into 5m token chunks.

7. While the 2x 100million and 44 million pieces are blocked in the code from being used further; we do not know which or if any of them have already been used, and we can never really know without cooperation of every transaction controller that had a mixin since the coins have moved. An approach that is virtually unfeasible.

8. To understand the risk that we face is this: these outputs are used as mix ins choosen at random whenever anyone transacts over the blockchain. We only know that these outputs aren’t spent twice, but we can not deduce at which point they are spent and if they are actually spent or just being used as mixins.

9. On Daniel’s order, they refrained from alerting anyone or disclosing this discovery until the initial technical survey of the options were concluded. By Thursday Daniel contacted legal counsel for advice on the matter.

10. The reason for secrecy is that this bug is active and disclosure should not occur until the patch is developed and prepared for deployment. Taking into account that numerous stake holders will need to be carefully alerted so as to smoothly integrate the hardfork without any further movement of the exploited tokens.

11. The patch was completed on December 31st, and the preparation for this disclosure took place in time for the January 6th hardfork date.

Second - scope of damage

The final scope of the damage is the creation of 244 million safex tokens through exploiting the integer overflow bug in the token transactions flow. This means that the token community has faced a dilution; however, the total token supply remains below the original 2.147 billion prior to the migration.

Third - how the damage occurred

On January 18th, 2019 someone exploited a bug in the code that enabled an integer overflow attack which caused the blockchain to accept a transaction that created outputs that totaled the over flow of 1.844 billion safex tokens. This damage was generated through exploiting an integer overflow that was left exposed since the original implementation of the safex token system.

Fourth - what was done to eliminate and reduce damage

First of all, the bugged code of the integer overflow is patched and repaired. In response to the tokens that were generated Igor additionally produced a patch to block further usage of the 244 million tokens so if any of those tokens were not yet spent, they will not be able to be spent going forward. Finally, the 1.6 billion unmoved tokens that were in the original exploited are blocked entirely and will not enter circulation.

Additionally, Igor made a full sweep through the flow of tokens during the past three weeks to ensure that the flow is working as intended in full. Igor was not a producer of the bug.

Fifth - conclusions and follow up actions

A similar bug was exposed in the Bitcoin Blockchain in 2010 where 184 billion bitcoins were generated using integer overflow; however, in that case the bug was caught on the block explorer by the community within hours and the damage was erased. In our case the transaction lay dormant for nearly 6 months before entering a state where part of the funds were moved to an indiscernible position due to the strong privacy features of the Safex Blockchain. And until another 5 months did we discover it during an update to the core.

To address this gap in attention to the activity of the blockchain we have implemented a monitoring tool which announces large transactions of either safex tokens and safex cash, as well as the global node map. Other monitoring features are also enabled to defend the integrity of the blockchain.

A bug of any magnitude should be reported to the development team or a pull request made on github to address any issues found with the open source safex code bases of any kind. That being said our community should have in place a reliable entity that can facilitate a process to redeeming bounties for reporting and fixing any bugs. This could have provided an adequate incentive to improve rather than to exploit the software.

Affects of the blocks in the latest codebase: If you have a transaction that is mixed in with the exploited tokens the wallet will return you the error Invalid Inputs If you received this error and you are not our attacker you simply need to spend your transaction with a mix in of 1 to move your tokens forward.

Also, until we update the wallet: Orbiter and CLI they may sometimes fail to send a transaction because the system fetches mix ins at random and those two software are not yet programmed with the blocks the way the blockchain is. So it may fetch the blocked transactions which would simply cause a fail in sending with an error. After which you can retry your transaction. We will work quickly to update orbiter and the cli wallet to take into account the new blocked transactions.

There are other angles we can take to full go after all the exploited tokens; however, the effect of developing and coordinating an intensive investigation could be futile and would thoroughly derail our efforts on the marketplace application. Taking into account the valuation and likely movement to exchanges, we want to move on and complete the marketplace.

Sincerely,
The Safex Development Community

@dandabek Is transferring the 244M to a different wallet address considered spent or used?

If that’s the case we have a single individual holding 15% of the total supply.

As a long time holder (before 2017) it pains me to see all the delays for a better product have still left us vulnerable. Is there any plans for 3rd party security audit moving forward? We essentially have another LeC.

@dandabek Those extra 244 million tokens are blocked in the code from being used further right? Does that mean they can not be ever sold nor get locked in for dividends by whoever holds them?

Only the original outputs. Any of the 244m that have already been moved to an exchange address and sold, or simply moved to any other address are live.

so now we have a new max supply ??? Did someone lost coins because of this ?
Can we start a New Blockchain to be clear ?

Yes, a new max. Coin #
No, nobody lost coins, except the exploiter and the coins in the identified outputs.
The hard fork today patched the issue.

No way to start a new chain, to much legit transactions since then. If something like that is found a day or two after exploit you can consider it, but not month after.

It’s terrible news, but it’s handled quite well. Life goes on and since most of it is probably selled already it’s not that big of a pain anymore when Marketplace is live and dives flowing.

Glad to see that earnest communication

@dandabek why the increase in circulating supply did not show up on CoinMarketCap and other block explorers?
Is the circulating supply just made up based on what it’s supposed to be rather than being calculated by the blockchain?

Usually attackers do not hold on to their loot, so i assume it was all sold and since not all people migrated the damage is “low” for token holders today. The total amount of tokens are still below the inital v1 token amount.

10M Token were sold during the first round of funding for 500USD - so the damage would be 12200USD if you want to look on the bright side.

Going forward it could have been worse - 1.8Billion would have killed the project instantly and a loophole is fixed. Once the marketplace goes live nobody will talk about it …

On a sidenote - nice to see the token is really untraceable and unblockable!

All the best

yeah it’s great that safex is untraceable and unblockable !!!
I think releasing the MP soon will be a mistake after what happened.No matter what we believe and know it’s bad publicity for the newcomers. Maybe it’s better to let it cool down for one or two years and then release MP not after 2022 of course. By then nobody will remember it and we will have a great opportunity of buying underpriced coins and restore our damage for the new Max Supply. The bull run will be alive in 2022 so we are cool.

We were already planning a third party audit of the marketplace application.

In terms of the token flow, Igor is pretty much a third party since he was not the one who developed it. There is not too much code to check there.

So a third party audit before launching the marketplace must definitely be done and I agree with the approach.

@athan, launching in years? I don’t understand what the suggestion is there… the tokens are already thoroughly reduced in price from these hackers in the first place. The last time we saw 20 sat safex was before we even started developing actively.

@bigash the token supply displayed on the explorer is derived from the migration, which are distinctly different than how these tokens appeared to the blockchain so it was not discernible unless one saw that specific block and saw that specific transaction.

Starting a new chain is not feasible since these tokens started moving in July, so it has been quite some time and plenty of normal activity since then preventing a reset of the chain.

From the 244 million that are unknown, it is still possible that some of them are blocked as well, we just won’t be able to confirm it in our lifetime, unless the hackers publish their keys that would let us know.

1.6b are blocked and can not be un blocked.

@jtwalker42 I am gathering that the hackers already sold and the indicator is from the fact that the price is unreasonable. I hope we will hear from the exchanges if they would be willing to notify us if there is any information can be shared about tokens sold.

So this why why the exchanges have their wallets turned off.

Lunching in 2022?

By then there is probably another decentralized marketplace that took over as the main crypto marketplace and even when our technology is 100x better it’s always hard to be the later one coming.

Better they remember in two years, that the marketplace is running for 1 1/2 years already and innovators are happy, so that early adopters are ready to come in.

It does not have to be perfect when it comes out first, just no security issues, functions can always be added with time…

v1 in 2022 would almost mean that it’s a fail for sure.

The exchanges would need to update their node for sure.

And given the cause of the hardfork, they may also want to look at any big deposits of SFT.

unfortunately for us safex bag holders, there is already another decentralized marketplace, Particl, that launched in 2019 and is moving forward fast

I wonder what sets Safex apart from the likes of OpenBazaar, Particl and Syscoin? I believe there are other centralized and decentralized markets. Do we know how these other marketplaces are doing, and if there is room for Safex to compete profitably?

None of these platforms have elements that allow them to be decentralized. They are using masternodes whereas currently our community is smaller, as it continues to grow it becomes more branched. A masternode network is rarely at all decentralizing because it can not realistically since tokens make more tokens.

It would be good to check if they are progressing with market volume; yet, again there is no incentive for any of these platforms to reach any market volume: safex token is highly incentivized to generate market activity.

Also, at this stage of the industry and even into the future there is room for more than one platform. Just because Safex takes a majority of the marketshare going forward does not mean that these other guys need to hang their hat and forget about what they were doing.

Hi Dan

Why do you continue doing this? Everyone knows there’s no marketplace coming ever. Take the money you scammed from the investors. Give Rich his cut in this scam and then disappear somewhere. At least it will enable the investors who lost all their money in this to move on.

From a Q2-2018 marketplace launch, to a Black Friday 2018 launch, to a “we are so close to launching” Tweet from March 21, 2019 to an October 15 “target” to an end of year 2019 launch on Yahoo Finance. Nothing ever happens with you and everyone knows it.

Even in your last video, you couldn’t help yourself and lied AGAIN saying the marketplace would have been launched if it weren’t for that supposed hack.

No one believes you anymore. Quit it.

Thank you @dandabek for this explanation!
It hadn’t occurred to me that there is not much incentive to reach any market volume for these other platforms, whereas it’s just the opposite for Safex. Thank you again for all your hard work