Emergency Response Plan for Securing 200,000 DOT

Root

13d ago

16 Comments

Deciding

Content

AI Summary

Context

Following the execution of Referenda 1339, the attacker has maliciously added their key as a proxy to the newly established sudo key, effectively freezing all associated PARA funds under the account. As a result, the new sudo key is unable to send transactions, while the attacker retains sudo ownership. Meanwhile, the attacker has initiated unbonding on all six of our accounts, putting 200,000 DOT at risk. We currently have only 16 days left to act, making it crucial to pass this referendum as soon as possible.

This referendum represents the first step of a two-part rescue plan. The first step is to break the chain and transfer funds to an account that no one controls. The second step will involve submitting another proposal to return the funds to users after securing them. Our team has been collaborating closely with Parity and srlabs, who have provided valuable feedback and a thorough review for this referendum.

The accounts at risk:

14quGMw2tot6JxY2wSyk1Vc1uns3EmMRs2eQS2C66Mdv6uE9 (22.649 DOT)
19cnUyebu52RUt4Rt67brDmmnVdaDD37xdxKbaJ7tuLnLfu (74.614 DOT)
16kTs7tsJ6tYYWAXSWDmm4vYnRTFPWEhXTk4rNCtbw6NRvte (1.566 DOT)
16ZbwPMyrp9yTbPScDqm9btzcNVKKQ5MHcMQp4rA1ztF4sBA (101.322 DOT)
1dMif8G4jrXsdPSkvF87uBfaiahh2EvC9fPnsi91v4i1xKC (3.413 DOT)
16cNboEKEudny4sdpZGNL542Re2sp4FDcTaZFFnYoqRixBwN (250.532 DOT)

Objectives

Break the Chain: Disable the attacker's control, effectively neutralizing the parachain and halting any potential malicious activities.
Remove All Proxies: Eliminate any proxies associated with the attacker’s key.
Force Unstake and Transfer: Unstake the affected accounts and transfer the funds to a Non-Controlled Address.
Rebond as a Fallback Case: Prepare for rebonding transactions in case the above strategy fails.

Proposed Changes

We have submitted the preimage (0x697eaaab356779518053f23f00eb0c56f53aafc0714556292974dfd7b0155d84), which includes the calldata to secure the funds. This calldata can be decoded on polkadot.js to verify the proposed changes. The following is a detailed description of the proposed changes. CallData Link

paras.force_set_current_code and paras.force_set_current_head
- By setting the current code and head to "0x", we ensure that the parachain becomes inoperable, preventing any further malicious actions.
- Consequences:
  - No Runtime Logic: The parachain will not execute any functions or processes defined in its runtime.
  - Inoperable Parachain: The parachain becomes non-functional, halting all operations.
  - Loss of State: Existing data and state information become inaccessible.
  - Recovery Difficulty: Re-deploying the parachain with a valid runtime becomes necessary, complicating recovery.
registrar.removeLock
- The paraId of Parallel registered on Polkadot is 2012
- This operation removes the lock that may prevent further modifications or actions on the parachain.
utility.dispatch_as ⇒ proxy.remove_proxies
- This step is used to remove all proxies added by the attacker, both for the main sovereign account and all derivative accounts used for staking.
- We iterates through these accounts and removes their proxies:
  - Six Staking Accounts:
    - 14quGMw2tot6JxY2wSyk1Vc1uns3EmMRs2eQS2C66Mdv6uE9
    - 19cnUyebu52RUt4Rt67brDmmnVdaDD37xdxKbaJ7tuLnLfu
    - 16kTs7tsJ6tYYWAXSWDmm4vYnRTFPWEhXTk4rNCtbw6NRvte
    - 16ZbwPMyrp9yTbPScDqm9btzcNVKKQ5MHcMQp4rA1ztF4sBA
    - 1dMif8G4jrXsdPSkvF87uBfaiahh2EvC9fPnsi91v4i1xKC
    - 16cNboEKEudny4sdpZGNL542Re2sp4FDcTaZFFnYoqRixBwN
  - Sovereign Account:
    - 13YMK2ebCdad8E87WTgv3ZX25yUmVy4wcUDnBN18x9wMVD3H
- This ensures that no unauthorized access can occur after the initial removal.
utility.batchAll ⇒ staking.force_unstake, balances.force_transfer
- For each affected derivative account, after unstaking, transfer the funds to the designated Non-Controlled Address(12pEEeQiChMDnMGDR34LeM3C379HaxKYDaoB2VKe4wMgdJCh) to protect them from potential further attacks.
- Generate a Non-Controlled Address:
  - To facilitate secure transactions, we will generate a no-one controlled address: 12pEEeQiChMDnMGDR34LeM3C379HaxKYDaoB2VKe4wMgdJCh .
  - In our Rust code, we utilize a string directly instead of using bytes, and this approach will generate the exact same address. The code demonstrates how to generate a Polkadot-compatible address using a predefined identifier string. The address is derived from a unique input ("PARALLELFI_NEW_STAKING_ADDRESS\0\0") and encoded with the Polkadot-specific SS58 format.
  - The resulting address is safe and non-accessible because: It is generated from a hardcoded, deterministic input string; the input string does not correspond to a private key, meaning it cannot be used for signing transactions or accessing funds. This ensures the address can only be used as a placeholder without security risks. Here’s the code used to generate this special address:
```
use sp_core::crypto::{AccountId32, Ss58AddressFormat, Ss58Codec};

fn main() {
    let account = AccountId32::try_from([0x50, 0x41, 0x52, 0x41, 0x4C, 0x4C, 0x45, 0x4C, 0x46, 0x49, 0x5F,
        0x4E, 0x45, 0x57, 0x5F, 0x53, 0x54, 0x41, 0x4B, 0x49, 0x4E, 0x47,
        0x5F, 0x41, 0x44, 0x44, 0x52, 0x45, 0x53, 0x53, 0x00, 0x00]).unwrap();
    let format = Ss58AddressFormat::try_from("polkadot").unwrap();
    let addr_ss58 = account.to_ss58check_with_version(format);
    println!("Generated address: {addr_ss58}");
}
```
staking.rebond
- This is the final safeguard. If all previous operations fail, the funds must still be successfully rebonded.
- This involves setting up a secondary process that can be triggered to re-establish the accounts’ staking status.

Testing

Verification on Chopsticks:
We conducted upgrade tests in the Relaychain fork environment.
Firstly, we submit the proposal in the relaychain fork environment, then place the decision deposit and vote on the referendum.

Then, we accelerated block production in the relaychain fork environment to ensure the proposal could be quickly approved and enacted. (Image 1 indicates the proposal has been successfully passed, and Image 2 indicates the proposal will be enacted at the target block.)

After the proposal is successfully passed, we can observe the following expected results:

The parachain's head and runtime code were successfully reset to null, preventing the hacker from accessing it. The result of setting the runtime code value to 0x does not have a storage key that can be read and displayed. And we can confirm it occurred based on the behavior of the triggered event log.
The remove_lock operation was successfully executed, which is a critical step allowing us to regain ownership of the parachain in the future.
For the sovereign address and all derivative accounts used for staking, the remove_proxies operation was successfully executed. Additionally, for the funds affected in the accounts used for staking, the force_transfer was successfully completed. Here is the comparison of the proxy and DOT balance states before and after the operation.
- Before the referendum executed
- After the referendum executed
Our rebond operation, intended as a backup plan, did not come into play as expected in this operation, as all DOT in the derivative accounts had already been successfully transferred prior to the rebond.

Conclusion

This proposal represents an urgent step in regaining control over our parachain and securing 200,000 DOT users' funds. By breaking the chain, removing proxies, unstaking and transferring funds, and preparing for a rebonding strategy, we aim to fortify our defenses against this attack. Due to the time-sensitive nature of this situation, we will only execute this first step of the two-step rescue plan. We expect to submit another proposal to return the funds back to users once funds are in a secure place.

Edited

Status

Decision28d

Confirmation1d

Attempts

Tally

100%Aye

0%Nay

Aye

≈299.27MDOT

Nay

≈56.16KDOT

0.0%
0.0%
0.0%

Threshold

Support15.2%

≈233.57MDOT

Issuance

≈1.53BDOT

Votes

Nested

Flattened

Calls

How OpenGov works↗

Call

Metadata

Timeline3

Votes Bubble

Statistics

Comments

15r9...xt82

Great to see collaboration with Parity and srlabs! This adds credibility and gives me confidence that the team can effectively execute this plan

Up 2

138S...Sqf8

May the proposer verify his identity please.

1ED1...Ss2d

Hate to point it out, but your proposal has some tehcnical error.
By the objective you listed "Break the Chain", if your purpose is to stop the hacker using parachain for further malicious activity, forceSetCurrentCode to 0x is enough. setHead to 0x means eliminating all history of your blockchain, which given your preivous debate https://polkadot.subsquare.io/referenda/1326 here, your setHead to 0x is not only non-neccesary but also way too aggressive (why would you want to discard all your history and restarting a new parachain when there is still a better choice? It is too much even if you do not have referenda 1326 debate).

Plus I have noticed that your parachain already stop producing block for 321 hrs, https://polkadot.js.org/apps/?rpc=wss%3A%2F%2Fparallel.gatotech.network#/explorer. So I am afraid that even setCurrentCode to 0x is not neccessary from technical perspective. You should directly set a new fix code.

And for registrar.removeLock, you mentioned "This operation removes the lock that may prevent further modifications or actions on the parachain.", but from my understanding, this operation will remove the lock and make it more easy to modification/action. this conflicts the purpose of your proposal? Maybe you can explain more.

And last, I do not like using root to forceUnstake/transfer account's fund, but since beneficial account you mentioned is hard-coded neutral, I pretend I am okay with that (Still I think the root referedum is impossible to achieving your target given the time limit, have you even counted how much vote require to pass the referedum intime?). But you still need to clarify who you are. The proposer is different from previous proposal fix proposal https://polkadot.subsquare.io/referenda/1339. So I am still very cautious about your identity.

I am open to change mind, but given current info,I will vote Nay for this proposal, since the technical fix is way too aggressive and calldata conflicting the proposal itself.

Edited

15aP...pV57

The team at SRLabs fully supports this proposal.

Keep in mind that the proposal must execute ASAP. We cannot wait until the end of the full voting period, at which point the funds will already be lost to the hacker.

Please support this proposal to send a signal to future hackers that Polkadot remains highly hacking resilient! Thank you!~

Up 1

14VU...6TzF

gm @PolkaMario

Thank you for your thoughtful feedback on our proposal and we appreciate your perspective.

Governance Intervention: We understand your apprehension regarding the role of governance in this situation. The urgency of this proposal stems from an unprecedented attack that has directly jeopardized our user funds. While we recognize that previous incidents (like those involving Acala and Moonbeam) were managed independently, the nature of this attack is unique and requires immediate intervention to prevent irreversible loss. We have explored several options, and it has become clear that the only effective way to secure user funds is to intervene at the Relaychain level. Our aim is not to set a precedent for future bailouts but to protect the community's assets during this emergency.
Security and Responsibility: Your point about security starting at the project level is valid. We take full responsibility for the security measures in place and are actively working with Parity and srlabs to enhance our parachain going forward.
Decentralization and Chain State: We share your concern about overriding normal protocol behavior. The goal of this proposal is not to compromise decentralization but to take decisive action against a critical threat, especially from a relentless attacker. We firmly believe that this intervention is essential to safeguard the broader community from possible repercussions.
Verification of Non-Controlled Account: Regarding the transfer to a "non-controlled" account, we assure you that this address is generated from a deterministic input that does not correspond to any private key. This ensures that the funds cannot be accessed or manipulated by any party, including ourselves. You are encouraged to test the code included in the proposal for transparency.
Return of Funds: In the second proposal, we will outline a clear and transparent process for returning the 200,000 DOT to users. This will include:
- Verification of Ownership: We will establish a mechanism to verify the ownership of funds in the affected accounts.
- Distribution Plan: Once the funds are secured, we will propose a fair distribution plan that prioritizes returning assets to their rightful owners.
- Community Oversight: We will involve community members in the review and approval process of the distribution plan to ensure fairness and transparency.

We hope this response clarifies your concerns and please let us know if you have more questions.

Edited

1PGi...Cznp

Voted AYE only because i hope that the innocent parallel users will be able to withdraw their funds from this scam parachain.

13zn...P5ju

Dear Proposer,

Thank you for your proposal. Our first vote on this proposal is AYE.

The Root track requires 60% quorum according to our voting policy. This proposal has received seven aye and zero nay votes from ten members. Below is a summary of our members' comments:

A significant majority of voters expressed strong support for the proposal, emphasizing the urgency of its approval amid ongoing concerns surrounding Parallel Finance. Many voiced a desire for the ongoing issues to be resolved quickly, highlighting community backing for the measure. Overall, the sentiment was one of collective hope for a swift resolution to the current challenges faced.

The full discussion can be found in our internal voting.

Kind regards,
Permanence DAO

16Zu...qH8L

I don't know if Yubo Ruan is even a real person. I looked him up on one of those people search engines, and the real estate agent selling his alleged house had no idea who he was. If you check the Founders Fund they make zero reference to Parallel Finance. His Wikipedia page also only points to sources of questionable quality. Also Parallel applying to delist their token from Kraken as part of a transition plan to a new token made zero sense. Was probably part of a plan so they control the price.

With that being said I don't know if the hackers are trustworthy either. We should turn this over to Gavin and/or the W3F, and have them distribute funds back to addresses so they can withdraw everything. The only other option is Yubo exposes his location and real identity so he can be prosecuted and/or sued to recover funds if he rugs.

If he is a criminal Vitalik could probably address their L2 on Eth as part of whatever solution he comes up with for the Bybit hack. Sounds like Parallel could be a good opportunity for the two blockchains to build trust and value by coordinating to address blatant criminal activity.