The ssv.network DAO Multi-Sig Committee recently exercised its emergency powers as delineated in [DIP-2] Multi-Sig Committee, following the discovery of a bug.
Incident Overview
On April 11th, 2024, the core development team identified a bug in the bulkRegisterValidator
function of our smart contract. This function was accepting empty lists of validator public keys, which led to updates in the cluster state without the actual registration of validators. Crucially, this prevented the emission of ValidatorAdded
events that are necessary for any subsequent cluster operations, such as withdrawals and liquidations.
Technical Details and Impact
The acceptance of an empty list of validators allowed for potential exploits and could lead to a negative cluster balance, a situation from which recovery would be impossible through regular operations. The severity of the issue, classified as high by both the discovery team and the DAO’s assessment protocols, necessitated immediate and decisive action.
Actions Taken and Resolution
Upon verifying the bug’s validity and assessing its potential impact, the Multi-Sig Committee acted swiftly. A vote was called among the committee members, adhering to the “Defined Emergency Situation” protocols that require a minimum of 5 out of 9 affirmative votes within a 24-hour window. The committee members responded promptly, voting in favor of the proposed fix via our dedicated emergency Telegram group.
A technical solution, which involved adding a validation check to ensure at least one validator public key is present before processing registrations in the bulkRegisterValidator
function, had already been devised and tested by our development team. Following the successful emergency vote, this fix was implemented on the mainnet without delay.
For execution details and code changes, review the following:
-
Diff the deployed modules v1.1.0 and v1.1.1 (newest version) here:
Ethereum Contract Diff Checker -
a diff the PR to the deployed v1.1.1 module. PR: Fix bulk register validator by mtabasco · Pull Request #298 · ssvlabs/ssv-network · GitHub
ISSVNetworkCore.sol
andSSVClusters.sol
-
Check TX 359 which performs the upgrade as described in Ethereum Verified Signed Message. Tx changes proxy implementation from
0x6d0c96a5570460ea4b9ec05da14c51838652cb12
to0x77eb6a2391d1266182c72b9871fbd8b8aa8ca300
We thank our community for their trust and prompt action in addressing this critical issue, reaffirming our commitment to the security and integrity of the SSV Network.