On the 25th of February 2021, the Particl project proceeded to an emergency hardfork to fix a critical bug in the code that allowed for the creation of coins in anon balances. The hardfork fixed the issue and temporarily froze anon and blind outputs so that exploited ones couldn’t be used anymore.
Today’s post will provide all the details on the way forward post-bug, including the roadmap to closure, the process of re-enabling legitimate outputs, estimates, how to help the team out, and more.
This is a rather important blog post so make sure you read it carefully.
Table of Content
- Current Figures and Estimations
- How to Reactivate Legitimate Outputs
- Supply and Staking Implications
- The Roadmap to the Coming Hardfork
- Help the Team Gather More Information
- AMA for Any Remaining Questions
Current Figures and Estimations
At this moment, it is confirmed that 768,767 PART coins have been successfully exploited and transferred back to public balances. This number can be confirmed by auditing the observed public outputs and comparing the resulting figure with the expected supply.
For clarity, “observed public outputs” refers to the total number of coins held in public balances. In contrast, the “expected public supply” is the number of coins that should be in circulation if a hack never occurred. The expected supply value can be verified by taking Particl’s initial supply and adding all the coins created through staking rewards. The blockchain displays this value when entering the
But the extra coins held in public balance are not the only factor contributing to Particl’s true post-bug supply. Indeed, legitimate anon outputs, or the total number of legitimate coins held in anon balances by users, need to be added to it. That’s because the current figure of 768,767 extra coins only takes into account public balances. Any legitimate coin held in anon balances will need to be sent to public balances to be re-enabled, bringing the total number of exploited coins up as it happens.
In this case, and based on outputs, blinding factors, and information that have been already provided by various community members to the team so far, it can be confirmed that at least 770,000 legitimate coins are being held in anon outputs. This brings the confirmed total of exploited coins to 1,538,767 coins (770,000 + 768,767). This would mean that, if no additional legitimate coin is confirmed to be in anon balances, the post-bug supply of the Particl network will stand at 11,286,973 coins (1,538,767 + 9,748,206).
Of course, the team expects a few more outputs to be confirmed as the process of re-enabling outputs officially begins. Still, it’s likely that the final figure shouldn’t diverge by a wide margin from what’s already established.
How to Reactivate Legitimate Outputs
On the March 2021 Project Update, we mentioned two different techniques that users who have frozen outputs can use to re-enable their coins. Since then, we’ve collected and considered community feedback and have improved the solutions to bring more confidence into the process, minimize the burden put onto the affected users, and increase privacy. Please read what follows carefully.
Low Pass Filter
The easiest way to re-enable legitimate frozen outputs is to use a “low pass filter” tool that will be integrated directly into the Particl Core release that will trigger the coming hardfork. This aims at re-enabling most marketplace-related anon and blind outputs.
This low pass filter tool allows users with frozen outputs that contain a low number of coins to automatically re-enable coins. The value of the low pass filter is currently set at 500 coins, meaning any output containing 500 coins or less will be able to be effortlessly moved back to a public balance. The low pass filter's final threshold value may change depending on various factors before the hardfork goes live but is likely to remain at 500.
This is the easiest solution for users to re-enable their coins. If your outputs qualify for the low pass filter, then all you have to do is wait for the next hardfork. You’ll then be able to enter a single command, per output, into your Particl Core debug window, which will unfreeze your coins.
If you wish to keep your coins in anon after re-enabling them, you’ll have to first transfer them into a public balance and then transfer them back to a new post-fork anon address.
Manual Claim Process
If you own outputs too large for the low pass filter, you will have to go through a manual claim process. Since this solution was first announced in the March 2021 Project Update, the team has collected feedback from various community members and has come up with a more streamlined process that would preserve the decentralization of the process.
Initially, it was planned that every user would need to push a CCS proposal to re-enable their outputs. That is to ensure the team has no overbearing power over the network and that any output validated is duly approved by the community.
We now propose a more streamlined, private, and straightforward way to process these claims while still retaining decentralization. To simplify the process, the Particl team will push, in the next few days, a proposal on the CCS asking for the community to nominate the team as the managers of the claim process.
If approved, users will need to send their claims to the team through a secure channel, using a tracer script that can be run within the Particl Core client. This script dumps the amounts, blinding factors, and anon inputs for each step until it gets to a transaction with plain inputs. It can also optionally dump the privkeys to spent anon outputs to prove the claimed input is correct by recreating the keyimage. However, in most cases, it shouldn’t be necessary. Additional information may be required if the script isn’t enough to fully validate the source of the funds, although that, too, shouldn’t be necessary in the great majority of cases. This will be dealt with on a case-by-case basis.
The team will then approve or reject individual claims based on the collected data. Any approved claim would be included in a whitelist that will lead to an instant re-enabling of legitimate outputs once the hardfork goes live.
If a user gets his claim rejected by the team, he will then be able to plead his case to the community by pushing an independent CCS proposal. Claims validated by the community through independent CCS proposals will then be added to a separate whitelist, re-enabling the outputs whenever the team proceeds with another hardfork later on in the future.
This improved solution aims to provide more confidence in the process, reduce the burden put on the user, and increase privacy.
Note: Voting parameters and consensus requirements will be detailed on a separate blog post focused exclusively on the on-chain voting mechanism.
Supply and Staking Implications
Because this inflation bug led to new coins being created out of thin air, the current expected supply of Particl is out of sync with the real supply. To fix that issue, the supply of Particl will be adjusted based on three different factors.
- On the day of the coming hardfork, the supply will be increased by the sum of all the coins contained in the whitelist. For example, if there’s a total of 1,000,000 coins in the whitelist, then the supply of Particl will be raised by 1,000,000 on the day of the hardfork.
- The total supply will also be adjusted to the current observed supply, which is the expected supply + the excess of coins in public balances that has already been confirmed in the initial vulnerability disclosure. That sums up to a total of 768,767 coins.
- The supply will also be dynamically adjusted every time frozen blinded coins are spent through the low pass filter. If, for example, 50,000 coins are re-enabled using the filter, then the supply will increase by that same amount. To be noted, there are a total of 4,204 unspent anon outputs and 1,701 blind ones, of which 420 are not tainted. That means the absolute maximum number of PART coins that can be re-enabled using the low pass filter, if 100% of the outputs contain precisely 500 PART, is 2,952,500 PART coins. However, it is expected that most outputs that will pass through the filter will be on the low end; mostly composed of change or dust outputs and small balances reserved for the Particl Marketplace. Many of these outputs also won’t qualify either because they contain too many coins or because they have already been flagged as fraudulent.
Due to the three factors mentioned here, the real supply of the Particl blockchain should stabilize a few days after the coming hardfork.
The Roadmap to the Coming Hardfork
The coming hardfork will provide closure to this inflationary bug event and allow the team to jump back into building the Particl ecosystem. Once it goes live, the vast majority of frozen outputs that are legitimate will be re-enabled and both anon as well blind balances will be re-activated. That’ll allow Particl V3 to go live on mainnet.
There are still a few events that need to happen before that hardfork can go live. Here is a clear roadmap of what’s left to do before then. Each item is more or less in chronological order.
Finalize and Test the Tracer Script
Particl Core Developer Tecnovert has been working on the “tracer script” which, when executed in a Particl client, will automatically validate the legitimacy of many frozen outputs by tracing anon outputs back to public ones.
The script is currently being finalized and incrementally tested with outputs that have already been provided to the team by a couple of community members.
Vote to Nominate the Team as Claim Managers
As mentioned earlier in this blog post, the team will soon be pushing a proposal to the CCS system to be nominated as managers of the claim process. If approved by the community, users will be able to submit their proof directly to the team instead of pushing independent proposals. If the team rejects a claim, the user will still be able to plead his case to the community by making a CCS proposal of his own.
Note: A voting period lasts two weeks and requires at least one week of pre-notice for discussion and to give enough time for people to become aware of it.
Process Manual Claims and Compile the Whitelist
After the team’s proposal is approved, claims will need to be collected and validated. All claims that get approved will be added to a whitelist which will automatically re-enable validated outputs once the next hardfork goes live.
Vote On the New Treasury Model and Implement It
As a final item before the next hardfork will go live, the team will push a second proposal to activate the new treasury model. This new treasury model will bring funding to the team and allow the Particl project to be back at full force.
If approved, the team will include the changes (which are relatively simple to include all things considered) into the code and activate the new treasury model with the next hardfork.
Expect a standalone blog post about this new proposed treasury model on Particl News within the next few days.
Note: A voting period lasts two weeks and requires at least one week of pre-notice. The proposal will be published after the first week of the voting period to nominate the team as claim managers so that both voting periods can be completed as quickly as possible for the hardfork to go through.
At this time, we are looking for the hardfork to go live in around 6 weeks. That’s the time required for both votes to go through and for everything to be ready. If they are both approved, then the hardfork will re-enable frozen outputs and activate the new treasury model at the same time. The team also hopes that it can release the Particl V3 mainnet release simultaneously, although that remains to be seen. As always, this is an estimate based on the information currently available. We will communicate to the community if any delay occurs.
Help the Team Gather More Information
To improve the tracer script and flag as many exploited outputs as possible, the team is looking to gather as much information as it can. To help the team out on that quest, Particl Core Developer Tecnovert has put together a series of commands you can enter in any of your wallets that has ever had an anon/blind balance or transaction.
1- Download the latest pre-release of Particl Core (Qt) here.
2- Load all your wallets that have or have had anon transactions and/or frozen outputs.
3- Open the debug console located in the "Window" tab at the top of the wallet.
4- Don't forget to switch your debug console window to the wallet with anon transactions/outputs. You have to do it manually even after loading the wallet in Qt. There is a dropdown menu for it located right inside the debug window.
5- Unlock your wallet.
6- Enter these 4 commands.
Finally, once that is done, copy the entire content of your debug window into a text file and send it to Tecnovert on Riot/Element (@tecnovert:matrix.org). Alternatively, you can send it through email at email@example.com with the text file attached.
AMA for Any Remaining Questions
To answer any remaining questions, the team will be holding an AMA on Reddit starting on the day that the proposal to nominate the team as claim managers will be pushed to the CCS. You’ll be able to ask any questions related to it and on how the team will proceed. This thread will then double up as an FAQ thread for people with similar questions and be linked directly into the CCS proposal.
Thank you for your support and patience throughout this delicate situation. The team is taking all the precautions to ensure that re-establishing the blockchain’s integrity goes as smoothly and securely as possible while maintaining a good level of decentralization.
Particl is Participation
Get recognized as someone that cares. With your help, we become more noticed out there. It takes seconds, and you are making a statement by giving us a follow and hitting the bell icon.
Join the instant messaging chats. There's no need to be active, but it’s good to be in the loop.
Gain deep knowledge about Particl by reading.
Last but not least, a list that shows an infinite number of links clearly categorized and on one page.