Publication of the use of the Multi-Sig emergency powers on the 17th of April 2024

The DAO Multi-Sig Committee recently exercised its emergency powers as delineated in [DIP-2] Multi-Sig Committee, following the discovery of a bug.

Incident Overview

On April 11th, 2024, the core development team identified a bug in the bulkRegisterValidator function of our smart contract. This function was accepting empty lists of validator public keys, which led to updates in the cluster state without the actual registration of validators. Crucially, this prevented the emission of ValidatorAdded events that are necessary for any subsequent cluster operations, such as withdrawals and liquidations.

Technical Details and Impact

The acceptance of an empty list of validators allowed for potential exploits and could lead to a negative cluster balance, a situation from which recovery would be impossible through regular operations. The severity of the issue, classified as high by both the discovery team and the DAO’s assessment protocols, necessitated immediate and decisive action.

Actions Taken and Resolution

Upon verifying the bug’s validity and assessing its potential impact, the Multi-Sig Committee acted swiftly. A vote was called among the committee members, adhering to the “Defined Emergency Situation” protocols that require a minimum of 5 out of 9 affirmative votes within a 24-hour window. The committee members responded promptly, voting in favor of the proposed fix via our dedicated emergency Telegram group.

A technical solution, which involved adding a validation check to ensure at least one validator public key is present before processing registrations in the bulkRegisterValidator function, had already been devised and tested by our development team. Following the successful emergency vote, this fix was implemented on the mainnet without delay.

For execution details and code changes, review the following:

  1. Diff the deployed modules v1.1.0 and v1.1.1 (newest version) here:
    Ethereum Contract Diff Checker

  2. a diff the PR to the deployed v1.1.1 module. PR: Fix bulk register validator by mtabasco · Pull Request #298 · ssvlabs/ssv-network · GitHub ISSVNetworkCore.sol and SSVClusters.sol

  3. Check TX 359 which performs the upgrade as described in Ethereum Verified Signed Message. Tx changes proxy implementation from 0x6d0c96a5570460ea4b9ec05da14c51838652cb12 to 0x77eb6a2391d1266182c72b9871fbd8b8aa8ca300

We thank our community for their trust and prompt action in addressing this critical issue, reaffirming our commitment to the security and integrity of the SSV Network.


Great job on the swift action and transparency with the bulkRegisterValidator bug fix! :guardsman: It highlights the effectiveness of the Multi-Sig Committee’s governance. How often are these emergency protocols reviewed to ensure ongoing robustness?

1 Like

Thank you!

So far, the m-sig has had three distinct instances where the use of emergency powers was inevitable. Every instance was different in its nature, which makes it hard to generalize with so few data points.

However, the m-sig pursues several initiatives to make its actions transparent and, in the best case, unnecessary.

One example is the approach to continuous auditing / improved bug bounties to increase the chances of finding critical bugs earlier in the process.

Thank you.

1 Like

That’s really proactive! The emphasis on continuous auditing and enhanced bug bounties seems like a solid strategy to catch issues early. It’s also great for community engagement. :+1:

1 Like