Opium Security Upgrade to v1.1

Ali Nuraldin
Opium
Published in
4 min readJan 16, 2021

We had a protocol upgrade by the governance team at the beginning of the year. Now we are allowed to tell you why and how it was done.

ALL FUNDS ARE SAFE. Please note that NO funds at Opium are lost due to the vulnerability in ERC-721x standard.

This issue does NOT affect current staking pools on Opium Insurance, which runs on an already upgraded version of Opium.

The bug in the ERC-721x standard was known by us in advance, thanks to Maurelian from Optimism. We could not disclose it immediately because it would affect other projects who are using this standard.

Short summary

  • ERC721x smart contract was vulnerable to a duplication issue; ERC721o that is used by Opium is based on the ERC721x;
  • Current Opium smart-contracts are NOT at risk;
  • The issue had not been exploited by any malicious user;
  • All Opium interfaces were stopped on the day of the notice and upgraded to a new version;
  • Only some users who had some open positions were affected, and their funds are fully safe.

What we have done

  • We have notified market makers, users, and some partners that they need to withdraw their expired positions;
  • Because Opium does not have admin keys, Opium Team decided to use an exploit and place exposed funds in the Merkel airdrop contract that will allocate money to affected users.
  • Most existing positions are already withdrawn, and the rest will be recoverable by its owners via Merkle Tree airdrop

Audits

  • Opium Smart Contracts were audited by SmartDec. The audit was completed a year ago before going live on Mainnet. The audit report can be found on our GitHub repository.
  • In December 2020, we decided to start another audit (Mixbytes), the security team of Optimism found the bug at the moment Mixbytes just started the audit.

Timeline

  • On Jan 4th, we received an email from Maurelian, security researched at Optimism about this vulnerability
  • On Jan 4th, we ran tests to confirm the exposure, and then the governance team removed affected contracts from the Opium ecosystem whitelist effectively blocking the creation of new positions
  • Between the 5th and 10th of January, we were carefully fixing the problem and notifying market makers, users, and affected partners
  • On Jan 10th we deployed updated Opium Protocol V1.1 Smart contracts to the main-net and the governance team approved it as an upgrade
  • On Jan 16th we exploited the bug ourselves to recover users funds into the Merkle Tree Safe that use the snapshot as of Jan 4th
  • We are now preparing Merkle Tree airdrop for positions recovering

What happened

Opium Position Token standard ERC721o was audited and partially based on ERC721x standard.

In the ERC721x standard was found a vulnerability that could lead to the positions duplications.

The issue could only happen if the position holder tried to transfer a batch of the positions to itself. In this case, the amount of the positions would be duplicated due to the wrong processing of the sender and receiver balances, which were held in the memory during the function execution. This balance processing method was introduced for gas optimization purposes, but unfortunately, the case of transferring positions from the user to itself was missed.

Here is the reference to the vulnerable part of the code

https://github.com/loomnetwork/erc721x/blob/master/contracts/Core/ERC721X/ERC721XToken.sol#L86-L87

https://github.com/loomnetwork/erc721x/blob/master/contracts/Core/ERC721X/ERC721XToken.sol#L103-L104

What we did to fix it

We took immediate actions to stop the access to the Opium Core so that no attacker could exploit the bug.

We re-deployed the ERC-721o position contract; however, all interfaces for users, derivatives, oracles, etc. stayed the same thanks to Opium architecture. Users will not be affected and don’t need to do extra actions.

Conclusion

We have Opium V2 coming, and it will be upgradable to make it more flexible.

We improved the test coverage of all contracts. Our team is working hard on the testing area because it is a way to ensure better stability of the system and the prevention of such bugs.

As we mentioned above Opium started its next audit (Mixbytes) that will be released this month.

Additionally, to make a next step in ensuring a diversified security check, Opium’s first Bounty program will be announced soon to help the protocol prevent other bugs and vulnerabilities in the future. We already had a first participant — Maurelian. However, we are going to publish a detailed bounty program shortly.

If you still have any questions, our team is available on Telegram and Discord

--

--