| Start, End | [7/10/18 0023 UTC - 12:56 7/11/17 0056 UTC] |
|---|---|
| Impact | No known impact |
| Root cause summary | No resilience to implementation contracts being self-destructed |
Timeline and Impact
| 2020-12-30 19:22 UTC | Nam reads an incident report and suspects Celo contracts might be vulnerable |
|---|---|
| 2020-12-30 19:30 UTC | Martin confirms vulnerability, notifying Asa and Tim |
| 2020-12-30 10:10 UTC | Nam finalizes fix to initialize implementation contracts, Martin verifies fix on staging testnet |
| 2020-12-31 6:45 UTC | Tim completes run of the initialization fix against all known ReleaseGold deployments on a fresh ledger wallet, contracts should be safe now |
Root Causes
- Celo’s upgradable contracts rely on implementation contracts to be available. What was missed is that implementation contracts can be self-destructed. No Celo Core Contract includes bytecode to delegatecall or self-destruct, but ReleaseGold does.
Reflection
Previous similar incidents
-
Aave Security Newsletter. As part of Aave’s focus on security and… | by Ernesto Boado | Aave Blog | Dec, 2020 | Medium
- Aave disabled their solium (security & style) linter for this line
- Lint disabling is a honeypot for attackers and we should examine instances of this in our contracts
Things that went well
Things that didn’t go well
Actions [Proposed]
- CLI command to assess vulnerability of a given ReleaseGold contract
- Write script/tests that check that implementation contracts don’t have unintentional delegatecalls or self-destructs
- Initialize implementation contracts as part of RG/core contract deploys