This post was updated November 30th, 2022 to include additional details on the vulnerability and resolution, including information on network seed rotation.
Hello to the Secret community! This post will outline our recent successful resolution of a reported network vulnerability by whitehat researchers. There is no action required by users or developers. All active nodes should also have already successfully upgraded on November 2nd, resolving the vulnerability. In addition, no user funds were ever at risk, and no funds are at risk now.
On October 3rd, whitehat researchers notified SCRT Labs of a vulnerability affecting the privacy of data stored on Secret Network, which the development team began taking immediate action to mitigate and resolve. This disclosure was related to the recently disclosed xAPIC architectural bug, an uninitialized memory read in the CPU itself that impacted certain SGX-enabled CPUs. The researchers demonstrated the ability to access the consensus seed, from which other network seeds are derived. To the best of our knowledge, no malicious actor exploited this vulnerability in the wild before disclosure and mitigation.
SCRT Labs’ first response was to work with the researchers to independently verify the exploit. Once verified, access keys that nodes use to register on the network were invalidated, effectively limiting the exposure of the vulnerability. This action occurred on October 4th.
SCRT Labs then worked directly with Intel and the researchers to design and build a solution that would prevent any vulnerable machines from rejoining the network. Those nodes were forcefully ejected from the network and their secrets deleted. The only way for those nodes to rejoin the network was to patch all known vulnerabilities, including xAPIC. This solution was successfully deployed in the November 2nd network upgrade.
With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet.
The decision to briefly delay any public report was agreed in coordination with the other involved parties. This notice was initially published on November 29th, 2022 in order to coincide with the whitehat researchers' timeline, and we have since updated this notice with additional relevant information. All parties agreed the delay in reporting would best ensure the vulnerability would not and could not be exploited, and it would also ensure users and their data were best protected.
Based on our investigation, the vulnerability in question affected less than 5% of nodes that successfully joined the network. As every node joining the network must send a tx with its enclave details, we are able to see which type of machines joined. Since the xAPIC vulnerability was made public, only about 20 such machines joined the network, including all nodes used by the whitehat researchers. Of the remaining nodes, we were able to tie nearly all to known non-malicious network stakeholders using similar hardware. We also determined that offline attacks on the network using this vulnerability, while theoretically possible, were not plausible here.
At this time the SCRT Labs team is confident that no data leakage has occurred, thanks to the whitehat researchers' responsible disclosure and our work with them and Intel to make sure custom mitigations for the issue were swiftly implemented.
For more information, the researchers' own report can be found here.
What happens now?
Secret Network contributors have dedicated themselves to building pragmatic privacy solutions for Web3 since the beginnings of the project in 2015. For decentralized networks and applications, privacy remains a massive gap that must be filled in order to reach global adoption.
Since delivering on promises is a core piece of Secret’s ethos, we are proud to have consistently shipped never-before-built mainnet technology - including the first private-by-default smart contract Layer 1 network. But also in accordance with our ethos and mission, protecting users and developers will always be the top priority.
What occurred over the past months is an example of security for open-source production systems in action. As the only permissionless network with private smart contracts live in production, Secret Network has always been the target of attention. As pragmatic builders who have championed both privacy and decentralization, we embrace this role - both its positives and negatives. We're happy that in this instance responsible disclosure and close collaboration was able to prevent harm to user data and strengthen our security controls going forwards.
With this in mind, our ecosystem is taking multiple steps that will help ensure the ongoing security of Secret Network - both now and in the far future. This means users and developers can not only rely on Secret as a foundation today, they can continue to rely on the network as it grows, strengthens, and evolves.
- New nodes joining the network will be limited to server-class hardware only, as to limit the attack surface that user-class hardware presents. (The vast majority of active network nodes already utilize server-class hardware.)
- SCRT Labs will increase their focus on development of security-focused features for the network. This will allow network stakeholders to deal with any similar future vulnerability even faster, as well as give the nodes themselves tools to self-verify themselves. These developments will also limit Secret’s dependency on any external services.
- SCRT Labs will increase communications with Intel to make sure that network stakeholders receive early warning of any future undisclosed vulnerabilities.
- SCRT Labs has begun implementing seed rotation, a major feature that allows for secrets inside of SGX to be rotated. As rotations of the stored state and keys can then be triggered, any potential compromises will be limited to only historical data. This is a critical improvement that will also help secure the network against any future vulnerabilities that could be discovered.
- We have begun revealing Secret 2.0, a vision for Secret Network that will not only help secure our use of SGX and other supported enclaves, but also create companion networks (leveraging cryptographic solutions such as FHE) that reduce our overall reliance on hardware for privacy. Please read the First Look blog for more information on Secret 2.0, and please leave feedback on the Secret 2.0 forum post from SCRT Labs CEO Guy Zyskind.
- We will speak more about our roadmap and proposed use of cryptographic privacy solutions together with hardware at Secret Summit, a digital conference hosted by Secret Network on December 15th, 2022. The event will feature talks from SCRT Labs developers, Secret App creators, privacy experts, and other builders. Please RSVP today to reserve your spot.
- If you have any technical questions about this disclosure, please contact [email protected] with your inquiry. Media inquiries can be directed to [email protected].
Defending Web3 Privacy
Web3 is meant to improve upon the failures of Web2 - but there is no future for Web3 without privacy. Decentralized applications will never achieve global adoption if we cannot protect data and control how it is shared. It is critical that we show the world not only that blockchain technology has an important role to play in our future, but also that we are capable of building the solutions necessary for securing and supporting its use.
Since our very first whitepapers in 2015, the Secret Network ecosystem has led the way on imagining and building pragmatic privacy solutions in production. We will continue our leadership into the far future, working closely with the best developers, researchers, and entrepreneurs to bring privacy-first permissionless applications to life. We must build our network to be sustainable and secure while creating the necessary tools for any developer to build their own powerful Secret Apps.
If you are interested in becoming a part of our ecosystem and mission, you will be joining a long-standing global community of ethos-driven builders hoping to change the future of blockchains and Web3 for the better. With many Secret Apps on mainnet and many more in active development across decentralized finance, access control, messaging, data sharing, and non-fungible tokens and metaverses, this is the perfect moment to join us.
- Developers can learn more about how to start building their own Secret Apps here.
- You can read through Secret Network’s current documentation here.
- Learn more about Secret Grants for builders here.
See you at Secret Summit!