Atomic Swap Post-Mortem & Further Steps

This post-mortem article deals with the atomic swap exploit on the DeFiChain network that was brought to light on 2 January 2022. In the following sections, we will discuss what has happened, the various solutions to it, and most importantly — underscore the fact that all your dBTC are still backed.

What has happened?

On 2nd January 2022 the DeFiChain community discovered an anomaly in the amount of dBTC tokens (BTC tokens on DeFiChain). Upon investigation, the developers found out that an attacker has managed to exploit a bug in the atomic swap function of the DeFiChain blockchain that seems to have existed since June 2021.

Atomic swap contracts were introduced with the Eunos Upgrade in early June. These contracts facilitate the trustless and decentralized exchange of cryptocurrencies between two distinct blockchains without having to place reliance on any intermediaries, e.g. BTC to dBTC.

The main goals being addressed with “atomic swaps” are the matchmaking between buyers and sellers, and the facilitation of price discovery. After buyers and sellers have been matched, atomic swaps facilitate the creation of a so-called Interchain Swap Contract between the two parties.

The way atomic swaps work is that the maker and the taker agree on a price, i.e. 1 dBTC on the DeFiChain blockchain for 1 BTC on the Bitcoin blockchain. The maker is incentivized to initiate this trade at parity (1 BTC for 1 dBTC), because only then he receives 50% of the swap fee; the other half is burned. The swap fee is paid in DFI.

What has happened in this exploit was that the attacker was able to change the fee amount from DFI to BTC while keeping the actual number the same. By taking advantage of this exploit, the attacker received a multiple of what they should have received in fees (i.e. instead of 0.1 DFI, the attacker received 0.1 BTC in fees).

How was it possible that nobody detected this exploit earlier?

Well, this has to do with two main issues: the first one revolves around the fact that in the initial beta testing phase the team and the wider community were focussed on using very small token amounts to mitigate the risk of potentially losing their funds. The culmination of small trading amounts, coupled with even smaller trading fees, was the reason that nobody really looked into those numbers and even if someone had done it, it most likely would have gone undetected.

The second issue has to do with the way how the outputs of the BTC swaps are tracked and administered. Usually the output rather than the fee amounts are tracked, especially when the amounts involved are small, which may explain the fact that it wasn’t detected over several months.

To mitigate any issues ex ante, thorough testing by the community had been carried out prior to the Eunos upgrade. On top of that, continuous testing by the community had gone on since then and not a single vulnerability had been detected.

Why had no one seen it directly on the blockchain?

To understand why it is nearly impossible to directly see this on the blockchain has to do with the way tokens are tracked on a blockchain. There are actually two ways of doing it: The first one is the UTXO model, where coins are tracked similar to people walking into a room by a tracer. The big disadvantage is a potential spam of the blockchain by super small amounts.

The second model is the account model, similar to a doorman checking all people walking into and out of a club. This model is also used by DeFiChain. Yet it’s also not feasible to look into the club (into the blockchain) and count the number of people (coins on the blockchain), since people (coins) are moving around continuously, causing possible counting issues.

Implementing measures to counter that are very tech resource intensive and were not in the main focus and interest of DeFiChain, since other POS like decentralized assets, EVM, etc. are more exciting from a user perspective. Blockchains like Ethereum take a similar approach, which is also why for example nobody really knows exactly how many ETH are out there.

How many dBTC were created?

Due to account difficulties, it’s also impossible to count the exact number of bitcoins that have been injected into the system. Considering that there wasn’t any impact on the dBTC price prior to the bug detection, one can assume that it cannot have been all too relevant. Furthermore, it is impossible to get an accurate number and everyone who is claiming a specific number is most likely wrong due to the nature of the blockchain accounting architecture.

What are the options to guarantee that 1 dBTC = 1 BTC?

Still, the blockchain needs to guarantee the parity of dBTC and BTC. Several possible solutions have been brought up by the community and are still up for discussion:

1. Do nothing and leave the dBTC uncovered.
2. Blockchain rollback until approximately June 2021.
3. Cake DeFi should be held liable as the gateway to dBTC.
4. Smart contracts / staking rewards which would restore the dBTC.
5. Use the community fund to cover the dBTC via a special contract in the similar fashion to dTokens / loans.
6. Increase the trading fees by x% until the dBTC are fully covered.

These ideas should be thoroughly discussed in the upcoming days by the community. The solution will then be implemented by majority vote via a DFIP vote in the next weeks, depending on the priorities of the community.

If you want to actively take part in the discussion, there is a scheduled Twitter Spaces on Jan 5, 2022 at 16:00 (4pm) UTC: https://twitter.com/i/spaces/1MYGNnDAyeRGw/

Closing Words

The most important takeaway from this exploit is that your funds are safe. Even though an unknown amount of dBTC has been injected into the DeFiChain ecosystem, there is no reason to believe that your dBTCs are not backed. Furthermore, we would like to actively encourage the whole community to participate in a constructive discussion on all our social media channels, especially via Twitter and in our Telegram groups. Join us live tomorrow: https://twitter.com/i/spaces/1MYGNnDAyeRGw/