pGALA post-mortem: measures taken to safeguard the ecosystem from malicious actors and recovery plan

Published in

pNetwork

12 min readNov 5, 2022

The underlying collateral in GALA tokens for pGALA is safe. No funds loss happened on the GALA cross-chain bridge. All GALA tokens on Ethereum are safe.

Update November 11, 2022 at 2:40pm UTC time

In order to maximise the fairness of the redistribution of the 12,977 BNBs and for legal and compliance reasons, we regret we are unable to proceed with the recovery plan on Friday. Unfortunately, our desire to proceed as quickly as possible with our recovery plan meant that we underestimated the time necessary to deal with these legal and compliance issues. We are committed to keeping the community posted as the situation develops. We also remain committed to doing the right thing and keeping the process and communication as transparent as possible.

Preamble

pGALA (BEP20) is the tokenized version of the GALA token (ERC20). Under normal circumstances, the tokenized version is pegged 1:1 to the original version and redeemable for it at any time. The function of the tokenized version of GALA (hereafter called pGALA) is to make the token available on blockchain ecosystems (in this case BNB Chain) different from the native blockchain where the token is issued (in this case Ethereum).

Once the cross-chain bridge is set up and the pTokens version (in this case pGALA) is set into existence, the asset is available for anyone to use it or integrate it without pNetwork needing to be aware of it. This includes, for example, the pGALA support within DeFi platforms as well as the BEP20 deposits/withdrawals support within centralized exchanges.

Specifically, pNetwork was NOT involved in any listing activity of the pGALA or GALA token on centralized exchanges.

Important: the pGALA token currently trading on DEXes and centralized exchanges may not be the 1:1 pegged token. As explained in the sections below, there are currently uncollateralized pGALA in circulation, hence the publicly shared recommendations to NOT interact with it. The price of the currently-trading uncollateralized pGALA is worth approx. 0.00000109 BNB (approx $ 0.00038 at current BNB/USD prices)

Summary of the actions that were taken (UTC time)

November 3rd, 5:52pm — the pNetwork team notices there is something suspicious about the pGALA smart contract ownership

6:32pm — suspicion confirmed (an attacker could take over pGALA at any time) and root cause identified (misconfiguration at time of contract creation)

7:03pm — the pNetwork team ensure the underlying GALA on Ethereum collateral is safe

7:11PM — the pNetwork team reaches out to the GalaGames team regarding an emergency, warning about the need to suspend BEP20 deposits/withdrawals for the GALA token as soon as possible and alerting GalaGames that funds in the PancakeSwap pool are at risk. The pNetwork team proposes to save the PancakeSwap pool funds by whitehat draining it ($400,000+ in BNB to be saved at that moment in time) as the pool is at risk of being maliciously drained

7:15PM — a war room group between GalaGames and pNetwork is created

7:19PM — as part of the ongoing communication, GalaGames states that they are taking care of contacting exchanges to stop BEP20 deposits/withdrawals of GALA

7:23pm — in the interest of time, the pNetwork team makes contact with Huobi Global, citing the emergency and that there was the need to suspend BEP20 deposits, but as was ascertained later the commutation turned out to be ineffective. The pNetwork team had not previously been in contact with the Huobi team about the GALA listing but used a separate point of contact to communicate with the exchange

7:27pm — GalaGames reports back that Binance was contacted but hadn’t answered yet

7:36pm — GalaGames and pNetwork agree the GalaGames team should take care of communications and pNetwork should take care of the whitehat pool draining

7:47pm — in the interest of time the pNetwork team contacts Binance.com re the emergency, they acknowledge it and immediately suspend BEP20 deposits/withdrawals for the GALA token. Note that the pNetwork team was not previously in contact with the Binance.com team about the GALA listing, but leveraged a separate point of contact with the exchange.

7:48pm — GalaGames reports that Binance.US has confirmed BEP20 deposits/withdrawals for GALA are suspended

8:01pm — GalaGames reports that exchanges are suspended and activities paused. At this point, it is the understanding of the pNetwork team that no further action is required on the exchanges side

8:06pm — GalaGames and pNetwork agree on the need for PancakeSwap to hide the pool. GalaGames states they may have a contact

8:08pm — GalaGames and pNetwork agree that the whitehat draining of the pool can proceed, and that coordinated communications need to go out on pNetwork channels and to be reshared on GalaGames channels

8:13pm — the pNetwork team issues 27,814,200,000 uncollateralized pGALA. These are needed for the whitehat draining of the PancakeSwap pool, frontrunning a potential malicious attack

8:18pm — whitehat draining of the PancakeSwap pool is initiated

8:27pm — the pNetwork team issues another 27,814,200,000 uncollateralized pGALA. These are needed for the whitehat draining of the PancakeSwap pool frontrunning a potential malicious attack

8:28pm — the pNetwork team posts a “pGALA on BSC Notice” Twitter thread and asks the GALA team to reshare it to their community. The rationale behind notifying the community a few minutes after the draining had started is to avoid the malicious attacker to frontrun the whitehat operation. At this point, the understanding is that BEP20 deposits/withdrawals are suspended on all major exchanges

8:29pm — GalaGames and pNetwork both acknowledge that people keep buying from the pool despite the publicly shared recommendation to not interact with it. In order for their liquidity to be saved from a potential malicious attacker, the pNetwork team proposes to continue draining

10:09pm — GalaGames proposes to interrupt the whitehat draining as it is not being effective

10:16pm — the whitehat draining of the pool is stopped

11:03pm (as was ascertained later) — BEP20 deposits/withdrawals are suspended on Huobi Global

11:40pm — the GalaGames team points out that BEP20 deposits may have been stopped on Huobi Global later than we thought

What happened in details

All measures were taken to safeguard the ecosystem from malicious actors.

On November 3rd, 2022 a misconfiguration of the pNetwork-powered bridge for the GALA token was noticed by the pNetwork team. Such a misconfiguration does not affect the pNetwork protocol as a whole, but it relates specifically to the cross-chain bridge for the GALA token.

The team noticed that the ownership of the pGALA smart contract (deployed on BSC) had been covertly taken over due to the misconfiguration.

The pNetwork protocol implements a variety of security measures over its cross-chain operations aimed at preventing hacks that cause loss of funds, however pGALA being not under pNetwork’s exclusive control anymore meant the attacker may have tried to redeem newly minted, uncollateralized pGALA tokens and thus could have stolen the GALA collateral on Ethereum. Thankfully, this did not happen. Additionally, such invalidly minted tokens could have been used by a potential attacker to profit elsewhere, for example by selling these invalid, valueless tokens on a DEX in exchange for another asset that does have value. Thankfully that also didn’t happen.

No hack was actually performed by whomever currently retains ownership of that smart contract (from now on, the “attacker”), but the situation highlighted a high security risk that had to be promptly mitigated. While management of the keys for peg-in and peg-out operations is separate, (hence those are safe and have not been compromised), loss of ownership over the token smart contract opens up the possibility for the attacker to mint new tokens and to alter pGALA at will.

Loss of ownership over the pGALA token smart -contract posed a security risk and was irreversible, meaning pGALA could potentially have been maliciously taken over at any time.

As explained later on, this led to the decision of suspending the processing of swap operations on the cross-chain bridge and of performing a whitehat draining of the pGALA/BNB PancakeSwap pool in an attempt to save the BNB funds within that pool so that they may be returned to their rightful owners (the liquidity providers) once the situation was under control.

When the security issue was noticed, the pNetwork team promptly alerted the GalaGames team, who responded immediately. The two teams immediately then started coordinating to mitigate the risk.

It was clear from the beginning that the deployment of a new pGALA token and the halt (where possible) of the previous pGALA token were what was needed to safeguard the pGALA collateral and its ecosystem.

In addition, this series of actions needed to be taken in a manner coordinated by both teams in order for the situation to be satisfactorily solved.

On the pNetwork side, the processing of cross-chain operations for the pGALA token via the bridge were temporarily stopped. The initiating of cross-chain operations by users was still possible, but those operations were not actually being processed. This then safeguarded the underlying collateral on the native side (Ethereum), and allowed the process of deprecating the previous pGALA token to begin.

The involvement of the pNetwork protocol in the accident ends here as no funds were stolen from the protocol.

The pNetwork team decided to continue collaborating with the GalaGames team and other external teams in an attempt to explain what had happened up to that point, and to attempt to safeguard users from leveraging platforms that had decided to support BEP20’s representation of GALA (pGALA). This included PancakeSwap and various centralized exchanges.

The pNetwork and GalaGames teams agreed on the necessity of alerting exchanges to temporarily suspend BEP20 deposits and withdrawals for the pGALA token. Some exchanges (e.g. Binance) did promptly suspend all BEP20 deposits and withdrawals. Unfortunately, BEP20 deposits and withdrawals were not promptly suspended on all centralized exchanges, worsening the situation.

At this point, the bridge, along with the underlying GALA on Ethereum were safe and there was the impression that all exchanges supporting it had suspended related BEP20 deposits and withdrawals. This left the only potential attack surface as the pGALA liquidity pools of BSC DEXes, specifically the pool on PancakeSwap which had approx $ 400,000 liquidity in it at the time. This led to the decision of performing a whitehat draining of the pGALA/BNB PancakeSwap pool in an attempt to save the BNB funds within that pool so that they may be returned to their rightful owners (the liquidity providers) once the situation was under control.

Whilst the whitehat draining of the pool was enacted by the pNetwork team, the GalaGames team had agreed on proceeding with the operation beforehand. At the time of initiating the whitehat operation, it was the understanding of the pNetwork team that BEP20 deposits/withdrawals for the GALA token had been suspended by all major exchanges supporting them (based on the ongoing conversation as reported in the timeline above).

Shortly after the whitehat pool-draining started, a communication was shared on the pNetwork and Gala Twitter feeds disclosing the security risk on the token, alerting people that the existing PancakeSwap pool had to be considered invalid and warning them not to initiate swaps on the pool. The rationale behind notifying the community a few minutes after the draining had started was to avoid the malicious attacker to frontrun the whitehat operation. At this point, the understanding was that BEP20 deposits/withdrawals were suspended on all major exchanges.

While all of the funds backing pGALA were already safe, a snapshot of the pGALA pool on PancakeSwap was taken to facilitate the saving of funds for the liquidity providers within the PancakeSwap pool — the snapshot was taken at block #22745013, Nov-03–2022 at 19:45 UTC time. https://bscscan.com/block/22745013

To perform the whitehat pool-draining, a mint of uncollateralized (hence valueless) pGALA was made in order to have the token availability required to drain the PancakeSwap pool of its liquidity ($400,000 liquidity in it at the time). These minted pGALA tokens served to recoup the corresponding BNB tokens from within the liquidity pool, to later be given back to liquidity providers per the snapshot.The purpose of this draining was to frontrun a potential attack from the attacker of the pGALA smart contract, whom, should they have noticed the situation, could have stolen the funds within the pool.

The whitehat pool-draining was successful in saving the liquidity pool’s initial funds.

However, it became clear that BEP20 deposits and withdrawals were not actually suspended on all exchanges (as opposed to what was the understanding at the time pool-draining), and so because of this, people began a series of arbitrage actions between the PancakeSwap pool and any of the centralized exchanges that hadn’t yet suspended BEP20 deposits and withdrawals. This occurred in spite of the recommendations shared publicly through the various pNetwork and GALA channels to not interact with such pools.

This meant that the pool’s liquidity continued to increase during the pool-draining operation, resulting a final whitehat-driven liquidity extraction of 12,977 BNB, worth of $4,589,449 at the time. This, as above, will be returned to users involved. The address which performed the liquidity drain is: https://bscscan.com/address/0x6891a233bca9e72a078bcb71ba02ad482a44e8c1.

To conclude, all of the GALA tokens representing the underlying assets locked in the cross-chain bridge are safe, and are going to be returned to users according to the following recovery plan:

Recovery plan

All measures were taken to safeguard the ecosystem from malicious actors.

The recovery plan is composed of two parts:

The first part is aimed at restoring access to a fully collateralized pGALA-on-BSC token for those who were holding on-chain the previous pGALA token prior to the incident happening
The second part is aimed at returning — in full — the BNB assets collected from the whitehat draining of the pool (which was collected in exchange for the uncollateralized pGALA). This is approx. 0.00000109 BNB for each uncollateralized pGALA, meaning approx. $ 0.00038 at current BNB/USD prices

As for whomever interacted with centralized exchanges in regards to GALA or pGALA, please refer to official communications on their side for specific details on how they intend to address the incident. This part is out of the pNetwork’s team’s scope and the pNetwork have no control over how each exchange decides to proceed.

Please note that while the pNetwork team is currently cooperating on a good-will basis with some exchanges to address the matter, the team was not previously involved in the listing of the GALA token on any of these exchanges. Specifically, the pNetwork team was not involved in the supporting of BEP20 deposits/withdrawals within exchanges.

Additionally, at no point did the pNetwork team suggest the pGALA token to be listed as GALA.

Snapshots

As part of the recovery plan, two snapshots are needed. The first snapshot S1 was taken at block #22745013, Nov-03–2022 at 19:45 UTC time ( https://bscscan.com/block/22745013 ). The second snapshot S2 will be taken Monday November 7th, 2022 at 8am UTC time. Any on-chain transfer of pGALA happening on BSC after the second snapshot will not be taken into account and thus will be considered void in the scope of the recovery plan.

Recovery plan for the GALA cross-chain bridge

Because funds were never stolen from the cross-chain bridge, the full amount of underlying GALA assets are safe and do not need to be recovered. As the previous pGALA smart contract is going to be replaced by a new, secure pGALA smart contract, the GALA still on the native ethereum chain (ERC20) already fully collateralizes the new pGALA token.

The switch to the new fully collateralized pGALA token will happen via an airdrop of the new pGALA to all holders of the previous pGALA. Specifically, the airdrop of the new pGALA will happen at a 1:1 ratio with the old pGALA for all holders included in either one of the snapshots based on the lower amount held across the two snapshots.

Example 1: Holder A never moved their tokens, hence they had 100 pGALA at snapshot S1 and 100 pGALA at snapshot S2. In this case, holder A would get 100 new pGALA.

Example 2: Holder B sold 50% of their pGALA tokens during the time between the two snapshots, hence they had 100 pGALA at snapshot S1 and 50 pGALA at snapshot S2. In this case, holder B would receive the lower amount of those two snapshots, 50 new pGALA.

Should someone have instructed a peg-out (redeem) operation while the bridge was suspended, for the purpose of the snapshots, these transactions will be ignored and thus the user will be treated as if the pGALA balance was still in their BEP20 wallet.

The new pGALA can be fully redeemed, 1:1 for GALA on Ethereum.

Additionally, cross-chain fees on the GALA bridge for this new pGALA token will be set to zero (0%) for 1 month.

The same logic applies for PancakeSwap liquidity providers, who will receive value back both in new pGALA and BNB according to the pool balancing when the snapshots were taken. Similar to the above, if a PancakeSwap LP is no longer part of the snapshot S2, they would not be airdropped the amount.

The deployment of the new pGALA smart contract and consequent distribution to users is set to happen by Wednesday, November 9th.

Recovery plan for the recouped BNB from the whitehat pool-draining

The whitehat pool-draining was able to recoup 12,977 BNB, worth approx. $4.5 Million. These funds are set to be given back to whomever is currently holding uncollateralized pGALA coming from the trading that happened on DEXs after the S2 snapshot was taken.

The aforementioned snapshot S2 to be taken Monday November 7th, 2022 at 8am UTC time will be the reference for the distribution of the recouped BNB tokens.

The BNB tokens recouped by the whitehat pool draining are set to be distributed to users based on the amount of valueless pGALA held at the time of the second snapshot S2. This operation is set to happen by Friday, November 11th.

The following pGALA holders will be excluded from the BNB distribution:

the address holding the remaining valueless pGALA used to perform the whitehat pool draining ( https://bscscan.com/address/0x6891a233bca9e72a078bcb71ba02ad482a44e8c1 )
any address the attacker may mint pGALA to
all of the holders of the fully collateralized pGALA that are part of the recovery plan for the GALA cross-chain bridge (because they will receive new pGALA from the airdrop).

This communication was drafted by the pNetwork team and it was based on the documents and information at our disposal.