0xBTC Contract Bug

Please Note: all opinions expressed here are my own.

What’s Going On?

A bug has been found by @RedManStan (Stuart Salamon) in the 0xBTC contract, which if exploited, would bring mining to a complete, permanent halt. No new tokens could ever be mined.

Your existing tokens, however, are safe, whether the bug is exploited or not. You will always be able to trade them, transfer them, bridge them to any of the existing L2s, use them in dApps, or do whatever else you can do with ERC20 tokens. Your tokens are safu!

The only thing that would be affected would be mining. Nobody would be able to mine any new tokens. The total number of tokens in circulation would therefore be fixed at whatever had been mined up to that point.

Could this bug be triggered randomly at any time?

No. This bug could not be triggered during normal mining operations, or any other regular ERC20 token activities, like transfers, swaps, etc. This bug can only be triggered if certain very unusual and difficult to achieve events are forced to occur. It would need to be done by a determined attacker with specialized programming skills and access to significant hash power.

Can the attacker steal my tokens? Can my wallet be drained?

No, your tokens are safe. You can hold on to your 0xBTC tokens as long as you wish, or do anything else with them that you would normally do with an ERC20 token.

What would it take for someone to exploit this bug and halt mining operations?

• The attacker would need a lot of hash power. If the existing miners kept mining normally, the attacker would need 2 - 3 times more hash power than the total of all existing miners. On the other hand, if a majority of the miners decided to try to exploit the bug, the attack could be executed quite quickly.
• Significant programming expertise is required. Custom software would need to be developed to carry out the attack.

Can this bug be fixed?

No. The 0xBTC contract is immutable. It does not have any “upgrade” capabilities.

Can we deploy a new contract? Like 0xBTC v2.0?

Yes, and there appear to be some people working on it already.

Here are a few points to consider regarding a new replacement contract:

• The new token would have a separate name and symbol, and would be listed separately on exchanges. It will basically be a clone of 0xBTC, possibly with a few extra features, and with the added ability to bridge your v1 tokens to v2.
• The bridging could either be one-way only (v1 -> v2), or it could be back-and-forth (v1 <-> v2). One exception would be v2 tokens mined on the new v2 contract. You would not be able to bridge those tokens back to v1 under any circumstances, due to the way ERC20 tokens work.

I’m a miner. What should I do?

For now, just keep mining. There is no reason to panic. But you should consider the options going forward and decide what you are going to do.

Visit the 0xBTC discord and read/participate in discussions about what is happening and what to do.

What is the nature of the bug? [Technical]

The bug is triggered when two mint transactions are executed in the same ETH block. The first mint needs to be a solution for whatever the current challenge is at that time, and the second mint needs to be a solution for the new challenge that would result from the first mint, ie. the block hash of the preceding ETH block.

After that point, due to a flaw in the contract code, all further attempts to mint new tokens would result in failed transactions (reverts).

How exactly would the exploit be carried out? [Technical]

1. You first need to find a solution for the current challenge, but you don’t submit the transaction immediately.
2. Begin monitoring new ETH blocks. At some point, a new ETH block is mined. Call it block N.
3. Give the hash of block N to your miners as a new challenge and hope they find a solution for it before the next ETH block gets mined. That means you have about 10–15 seconds max.
4. If they do, submit both solutions. Both transactions need to make it into ETH block N+1, otherwise the exploit fails. To increase your chances of succes, you could use Flashbots. But sending to a regular node might also work.
5. If they haven't found a solution, and the next ETH block arrives (N+1), give them the hash of that block as the next challenge, and hope they find a solution before block N+2 arrives. Rinse & Repeat.
6. If at any point a non-attacking miner finds a solution to the first challenge, you have to go back to #1 and start over.