On May 28th, the Syscoin Foundation was made aware of unusual events taking place minutes before the end of this month’s Governance voting round. Governance proposals appeared to have been duplicated.

This is a step-by-step explanation of our discoveries in regard to the online Syscoin governance portal, SYSHub, and how we are responding.

A brief explanation of how voting works will help you to better understand our findings. There are two ways to cast votes on the Syscoin Network:

  • Syscoin-Qt Wallet, via the console
  • syshub.org web interface

Both of these methods use data that is typically stored in a local masternode configuration file: masternode.conf. Some of this information is also used by third-party masternode hosting providers who provide a service managing masternodes. Only two things can be done with that information:

  • Initialize a masternode
  • Vote on governance proposals.

Those who have created accounts on SYSHub have provided SYSHub with this same information, specifically their governance control token (aka “mnprivkey”, “masternode token”) to enable voting with one click. Note: The masternode control token is not your address private key and is not related to any masternode collateral funds.

Many choose to use SYSHub to participate in governance because of the convenience it provides. There are SYSHub accounts corresponding to around 700 masternodes out of the 2,036 currently on the Syscoin Network.

The Discovery

We found that duplicates of existing proposals had been submitted just minutes before the voting deadline. We also found that the payout addresses associated with these duplicate proposals were newly generated, and differed from those in the original proposals. Then we began to see votes rapidly shift on the original proposals from YES to NO, and a sudden and massive increase of YES votes on the duplicates.

The top proposal is the original submitted by SAC, the bottom is the duplicate

After further investigation we discovered that the user-specific application keys used to encrypt the masternode control tokens before they are stored on SYSHub, as well as the control tokens themselves, were accessible to the public through the javascript console present in modern web browsers. With the keys, the attacker was able to decrypt the control tokens and use them to cast votes using other peoples’ masternodes, which they proceeded to do. 

Syscoin Foundation’s Immediate Response

The Syscoin Foundation thoroughly assessed the matter and voted to initiate a Spork, an upgrade mechanism pioneered by the Dash project. This Spork will serve only to invalidate the affected cycle’s governance proposals; no team, individual, nor attacker will receive superblock governance funds for this past cycle. Those funds will not be minted. The only beneficiary of this Spork is the integrity of the governance process itself. Those who would consider an attempt to interfere with our community’s governance process in the future will understand there is nothing to gain by doing so.

Public access to syshub.org is disabled for now. The SYSHub code will be turned over to a group independent of the original app developers for proper review and fixes. The original developers are not presently active in our community. Syshub.org will return only when fixes for all findings have been thoroughly vetted through an appropriate process.

We request that all SYSHub users generate new masternode control tokens and update their configuration files appropriately. Instructions can be found here. This action on the part of all SYSHub users helps to ensure the integrity of governance going forward.

If you host your masternode with Allnodes, Allnodes will reach out to you next week.

In response to the immediate funding challenges posed by these circumstances, the Syscoin Foundation has agreed to fund part of the proposals affected by this event. This will help meet existing obligations for our community. Any contribution to the Foundation warchest is greatly appreciated. Please send all donations to the following SYS address:

sys1q9qyuefp00pcunaaet67p0agse6ylw6edp3e8ua

Process Improvements Going Forward

Measures are being taken to prevent similar situations from arising in the future. Going forward, all software that receives community governance funding or is managed by community teams must successfully pass through an appropriately designed vetting process, including thorough peer review and other stages requiring independent approval before being delivered to the public. Such processes have already been in place for Syscoin Core Development for some time.

To the Syscoin Community - Thank You! Our community and the continued integrity of our governance process are of utmost importance to the Syscoin Foundation and the Syscoin teams. We hope our collective response to this will serve as a model for other projects when addressing similar situations.

 

Further enquiries: [email protected]

May 30, 2020 by SDMT