A bug forces Bitcoin-backed Ethereum tBTC to shutdown

A bug forces Bitcoin-backed Ethereum tBTC to shutdown - security bug 1024x683The blockchain venture Thesis has paused deposits in tBTC, its new platform designed to put BTC on Ethereum so that it can use bitcoins in decentralized finance (DeFi).

The safety of deposited funds first of all

The Thesis team talked about a bug, but decided not to disclose the details until all funds have been securely withdrawn by tBTC.

Thesis made himself available to help the first ones Investors to withdraw all the BTCs that had been deposited. Thesis project manager and CEO, Matt Luongo, told the media through a spokesman: “While the tBTC dapp was being tested over the weekend in its alpha version, a couple of community members entered into a contract in BTC before the test was completed.

In the meantime, two of our collaborators have encountered a problem in the dapp that had escaped our security audit, so for now we have decided to suspend the deposits to ensure the safety of the funds. It is thanks to the strength and commitment of our community that the problem was quickly identified and all funds were made safe. "

A serious commitment to improve the security of the tBTC dapp

Luongo said that the priority now is to further improve system security before announcing a new plan to redistribute it. Trail of Bits is conducting a new audit, and another auditor will be contacted soon.

The reward for anyone who finds a bug has been increased tenfold. The Thesis team member who found the flaw was honored, as was James Prestwich of Summa for checking it out.

After the platform was suspended, Luongo wrote in the Twitter thread, “Since the system is young and most miners are active members of the community, I think we can fix it in 1 or 2 days.

Even though we fixed the bug in the code last night, we don't want to expose it until all the funds have been secured. " Luongo wrote on Twitter that a full post mortem report is on the way.

Thesis has eliminated the tBTC dapp to make its smart contract less accessible. At the time of this writing, Etherscan shows 7 tBTC minted, for a maximum of 11 BTC.

The security model for tBTC is described in its documentation and outlines four actions that Thesis can perform with its key in its smart contract. Including, it can take action to pause new deposits once for 10 days.

This is how Thesis suspended deposits on May 18, but this option can only be used once. The same documentation also states that "The first version of tBTC was built without any possibility of updating the contracts". The Thesis team has not confirmed that it will implement a completely new smart contract.