Authors: Lurpis, Yancy
Summary
Context of Bifrost Treasury: $BNC Abnormal Movement Report https://x.com/Bifrost/status/1809625752146424207
Private key exploiter address on Moonbeam: 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29
Next actions of the private key exploiter:
2024/07/06 - The private key exploiter transferred 713,220.156 xcBNC to Moonbeam [Tx]
2024/07/07 - The private key exploiter transferred 51,000 xcBNC back to Bifrost for disposal, and 662,220.138 xcBNC remained in the Moonbeam [Tx 1] [Tx 2]
To prevent the private key exploiter from further sabotaging, the Bifrost side has currently suspended the cross-chain of xcBNC between Moonbeam <> Bifrost, and has governed by moving the BNC in the Moonbeam sovereign address into the Bifrost treasury for temporary storage, as the governance basis for the successful implementation of this proposal.
Proposal
This plan will be divided into two proposals for execution: Proposal 1 (this proposal): Temporarily disable xcBNC transfers on the Moonbeam, and take a snapshot of the xcBNC balance of the private key exploiter address: 0xf682B6D40CA93BdD14B2CBd843BFa4e8d3916a29
Proposal 2: Through governance, the xcBNC balance in the private key exploiter‘s snapshot address will be cross-chain transferred back to the Bifrost Treasury, and xcBNC transfers on the Moonbeam will be reopened.
Test on Moonbeam(Chopsticks)
preimage calldata: 0x42031e0300016d6f646c617373746d6e67720000000000000000680d33d201862cc665120a351b20f7bd6ac07c
preimage hash:
0xf5e586942c459d24bead992c81d58a3687b8266e236b59ee998e7be679695ea6
tx content:
Use the assets.freezeAsset method to disable transfers for xc-BNC(id:165823357460190568952172802245839421906) as an administrator of BNC Asset(0x6D6f646c617373746d6E67720000000000000000).
Execution result:
assets.AssetFronzen event indicates that xc-BNC assets are frozen.
Test environment link: https://polkadot.js.org/apps/?rpc=wss://asset.tq-test.liebi.com/ws#/explorer/query/0xa1278b574c8ba112a1960[…]d2f0e5407cd22ca3bc455931f045858cc55493a
Verification of Results:
When attempting to execute a transfer with xc-BNC, the system reported a failure with the error message "AssetNotLive.” The xc-BNC transfer has been successfully disabled.
Test environment link: https://polkadot.js.org/apps/?rpc=wss://asset.tq-test.liebi.com/ws#/explorer/query/0x87c90aea022cf79c1903b[…]3217a5100cb49662aa40a1de36d56ba3ca18913
Protocol Description
Bifrost (https://bifrost.io) is a substrate based Kusama and Polkadot parachain that provides non custodial decentralised cross-chain liquid tokens for staked assets. By leveraging on Polkadots cross-consensus message format (XCM) it provides standardised cross-chain liquid staking services for various networks notably Polkadot (vDOT), Kusama (vKSM) and the first LST solutions on both Moonbeam (vGLMR), Moonriver (vMOVR) as well as other multiple chains.
Bifrost is currently one of the largest liquid staking protocols on Polkadot, with a total TVL of $88M. vDOT, Bifrost liquid LST for staked DOT, was launched in late May 2022, and around $53.5M TVL of DOT is already staked with Bifrost. vGLMR, the first parachain-liquid staking derivative in the Polkadot ecosystem, launched in late November 2022, and it has accumulated over 5M GLMR staked with Bifrost.
Links & References
-
Website : https://bifrost.io
-
Documentation : https://docs.bifrost.io
-
Github Page : GitHub