What Celer Network should do in the aftermath of the Harmony attack!

Summary

Set up compensation mechanism, set up insurance mechanism, sgn detection of bridge data and on-chain data&&security meltdown mechanism，Replace USDC.e on the Avalanche chain with USDC, or introduce a new Avalanche USDC

（I am not good at English, and use deepl machine translation, for some words usage may not be accurate, so I hope you can forgive me and read what I wrote, some of the content in the text may also have inaccuracies, if it can become a formal proposal, I hope you can help me improve it）

Abstract

After the Harmony Bridge theft, we found that cbridge security is not just simply cbridge contract security or mechanism security, but also related to cross-chain bridge on-chain data, and this incident led us to discover mechanism issues that cannot be ignored. Now Harmony hackers have started to transfer ETH, and the recovered assets are unlikely, so Celer officials should do a good job on how to deal with this loss after the unrecovered assets.

Motivation

Compensate users for losses and improve cbridge system security

Proposal

Set up compensation mechanism
In the event that a portion of user assets are lost after this attack, in the event that Harmony assets cannot be recovered, a compensation mechanism should be set up to make a ten percent monthly draw on other on-chain fees for stolen assets until they are paid back, and if this ten percent continues to be drawn after it is paid back, it is used as a reserve for possible future hacking events. cbridge is the pool structure that is Because the loss of these people’s assets protects the assets of others, the remaining fees should be used to compensate users for the loss.
Secondly, mining rewards on the Harmony chain cannot be stopped, and the user’s assets have been completely locked up on Harmony, so the loss of liquidity generated by this should also be compensated.

Set up insurance mechanism
Different chains have complex architectures and different security, even if you want to improve the security of the chain, the project side is not under our control, hackers can always find all kinds of vulnerabilities, so the risk of Cbridge is very high, should take out 10 percent of revenue insured by the chain insurance agencies, by the project side to design this insurance rules, should be designed to best protect the kind of user assets.
SGN should also set up a similar insurance scheme.

I also saw an inquiry that Defi hacker identification and incentive protocol LosslessProtocol blocked part of the AGG assets stolen in this Harmony incident, I’m not sure what solution they used, but I think Celer should be introduced into it if it really works

Sgn detection of bridge data and on-chain data&&security meltdown mechanism
In this case it was the official bridge that was stolen, but in the next case is it possible that the project assets were added, or that the blocks generated in Arbitrum / Optimism were questioned as problematic and really problematic, then the Arbitrum / Optimism network may be restructured, which is why it takes 7 days to exit from the official bridge, because This is why it takes 7 days to exit the official bridge, because an error must occur for 7 days to verify if there is a problem with the data on the chain.
So I suggest to have an on-chain data policy for all chains and assets supported on cbridge, and when there is an abnormality in the on-chain data, or if there is a large reduction in assets on the official bridge, etc., every effort should be made to immediately transfer the assets on the corresponding abnormal chain back to the main ETH network (by any method, official or otherwise). It is better to do your best to protect user assets and take the initiative to defend than to wait for the hacker to pay back or for the project owner to come up with a solution to the problem.

Replace USDC.e on the Avalanche chain with USDC, or introduce a new Avalanche USDC
The most important reason for this attack on the bridge causing user assets is the loss of L1 anchors, so it is safer to use the native assets of the project owner than to use the bridge assets, and the native assets such as USDC officially have control and have a little chance to freeze the stolen assets if something goes wrong. Now there are native assets of USDC on Avalanche and the stock is more than USDC.e, so using USDC to replace USDC.e or newly adding USDC is a way to both secure and possibly enhance the usage. This is going to be even if the bridge is attacked, but the asset does not lose its anchor and the value is still there.
USDC Contract:USD Coin (USDC) Token Tracker | SnowTrace
Avalanche Native Assets USDC Provenance:What is USDC | Circle APIs

Poll

Set up compensation mechanism

Even if the compensation plan is not approved by everyone, I think it must be done.

Set up insurance mechanism

Sgn detection of bridge data and on-chain data&&security meltdown mechanism

Replace USDC.e on the Avalanche chain with USDC, or introduce a new Avalanche USDC

What exactly being compensated? Because the assets deposited are still on cbridge and there is no loss of the deposited assets.

Values on Harmony have reduced below their values on other chains (very similar to slippage) which is beyond Celer’s control. The loss is a loss of value and not a loss of tokens, there is a difference as one implies a security breach.

For insurance, this is beyond my knowledge on whether there are protocols willing to provide these types of service for cross-chain asset security.

For sgn i believe it already did what it was supposed to when it froze transactions between harmony and the other chains. Also there were no issues with the blocks on harmony chain. You should read the post put up on the blog section about the different security mechanisms currently deployed, already includes optimistic model.

1, early users in the case of not so many chains deposited assets, cbridge expansion did not consider the risk, or even the introduction of too many, no specific check the security of these chains, how to call the assets deposited without loss, the user can put their assets on the original chain without loss? And you also mentioned, try sgn freeze the assets of the harmony, if not freeze is not another wave will be affected by the assets, are aware of the problem of stop loss, lp provider which does not lose how to do?
2, I think not by assumption to determine whether the insurance agency is willing to open this insurance, you have to first do a good job after the safeguards I mentioned, by celer official and insurance agencies to discuss, if appropriate and then proceed, not suitable under, still have to go to actually do this thing, can not give up on protecting user assets because you feel difficult.
One is to do a good job of user asset protection.
3, the accuracy of my translation may have problems, I mean different chains should monitor the data of the bridge and block, it is better to monitor the data of each chain, if there are abnormalities across the chain in any way back to eth. by sgn insurance I mean insurance that protects the promise of sgn, or insurance that causes loss because of problems with sgn.

1. Risk is stated clearly in the cbridge documents. Also how sure are you that the team did not consider the risks? Because at the end of the day what was exploited was not Harmony’s blockchain.

2. You do realize you have manage your own assets and your own risks on blockchain right? I think you’re confusing what cbridge actually does with what is the norm outside blockchain environment. When we use any blockchain tech, team’s responsibility is only on the security of the technology, interacting with smart contracts and making sure our funds remain secure is our own responsibility as users (i’m speaking based on my own opinion and from using other protocols as well).

If you want someone to custody your assets then you need a custodial service provider. I think they have done what is needed to keep assets safeguarded and as unfortunate as the Harmony bridge incident may be its something beyond the teams ability to control. Your assets are still safe after all, their values however is a different story and that boils down to the values of the assets on Harmony itself.

3. Yes, that is one of the purpose of SGN. The validators did shut down the service when they noticed an anomaly (was mentioned in the tweet posted and Mo highlighted when he posted in telegram). The issue with them moving the assets back to ethereum as you recommended is; what happens if they move the assets at the time the anomaly is detected and you take a 50% cut in assets received on ethereum only to have Harmony make whole the assets on their chain a few days later?

I doubt celer will compensate on the 50% loss of moving the assets back as suggested (just because assets have been made whole on harmony after the fact) and Harmony would not compensate either as your assets are no longer on their blockchain.

At the end of the day, what any project offers is the service of utilizing their products whether in this case its bridging and providing liquidity but managing risk is each users responsibility. There is risk in any service you use on blockchain, you’d be kidding yourself if you thought otherwise. Don’t forget that the project doesn’t earn from the liquidity you provide. Fees collected are paid to LP’s and Validators / Delegators.