QANX smart contract restoration process

On the 11th of October, 2022, the QANX Bridge deployer wallet suffered an attack. If you want to learn more, you can read our previous blog post and the factsheet.

Update: February 22, 2023

We are pleased to announce the commencement of the QANX Token relaunch process.

QANX Token relaunch process

Update: January 30, 2023

The analytics for the Ethereum side compensations are ready. After going through hundreds of closed-source smart contracts manually, we are finishing the BSC side now.

The last date for the relaunch is February 22nd since we need to be ready before our partnership announcement.

The updated QANX Smart Contract is ready

We finished the development and the initial testing of the token smart contract. We have added several new functions:

1) Quantum-resistant QAN XLINK integration

QAN’s XLINK protocol mapping contract will live as a standalone contract allowing all users (not just QANX holders!) to map their elliptical curve keypairs to post-quantum keypairs to ensure a completely safe and seamless account migration to the MainNet, regardless of the particular account having QANX tokens or not.

2) Gas fee reduction for token unlocks

We implemented gas fee savings for token unlocks.

3) Unlock self-transfer event removal

Some CEX-es do not check the sender of the transaction, which could lead to internal errors. We mitigated this at the contract level.

4) Unlock custom event

The previous self-transfer event has been replaced with a custom unlock event.

5) Locked transferFrom method

Now smart contracts and DeFi protocols can make locked transfers too! This enables great flexibility for custom DeFi logic.

6) Locked multi-transfer

Previously only one locked transfer per address was allowed. The update allows multiple if the same lock is applied.

7) Claim logic integration based on signature

Token claim possibility based on snapshot data and relevant withdrawal signatures has been implemented.

8) Automatic ETH & BNB rejection

Otherwise irrecoverable accidental Ether and BNB transfers made to the contract will be automatically rejected in the new version protecting users’ funds.

Not opting for front-running bot protection

We chose not to include front-running bot protection. The reason is that all solutions are complex and hard to audit. We cannot afford to allocate resources towards auditing massive amounts of external codebase nor relying on implementations not done by ourselves.

Audit

To increase the level of security and mitigate possible risks, we decided to conduct two separate audits from best-in-class companies in the space. On the 18th of November, 2022, we sent the updated QANX smart contract for the first audit to Hacken. We contacted several leading auditor companies, but we are still deciding who will be our second auditor.

Next steps

The QAN team has been quiet in the past few weeks because we had to make a crucial decision.

There is no good time for a non-planned setback, but this one reached the QAN team at a truly hard time. As mentioned earlier we are negotiating with a globally well-known entity, which could open many possibilities for QAN’s technology as our partner. We wanted to publish more information about this specific partnership later, but our deadline affects the restoration of the QANX Token since most of our team members are working to accomplish the partnership deadline.

In the first weeks after the attack, our assumption was that both tasks could be accomplished in parallel, but we realized that this would risk the 15th December deadline too much for our partner. On this specific deadline, our partner will start an in-house testing period for its PoC (Proof-of-Concept), where QAN’s technology plays a crucial role. Continuously focusing on long-term goals the restoration process will be continued after our partner’s PoC requirements have been delivered (15th of December) with the following steps:

1. Gather audit results from 2 auditors (re-audit if needed)
2. Send the audited smart contract to CEXes (it takes them approximately one week for an in-house audit)
3. Double-checking block-scraping methodology and data for a correct snapshot
4. Announce final snapshot decision for compensation (post-attack)
5. Finalize database for token claiming (addresses and balances)
6. Develop token claiming website
7. Deploy the updated and audited QANX token smart contract to ETH and BSC chains
8. Launch token claiming website
9. Launch trading on DEXes
10. Launch trading on CEXes

After the successful partner deadline, we will update you on our progress on the above-mentioned restoration steps.

Thank you all for your patience and support.

The QAN Team