Hello Chia holders and Hashgreen's friends, welcome back to another Hashgreen's weekly update. Last week, there was a bit of turmoil after Chia posted an announcement in their Twitter, stating that the Chia Asset Token (CAT) standard will be upgraded and CAT1 will be officially end-of-life (EOL) and replaced with CAT2.
In weekly update #18, we're going to tell you about this incident, explaining what were the actions that we took in response to CAT2 standard and how Hashgreen DEX's approach enforces trading security.
Timeline of Chia's actions
Jul 26, 2022 upgrading the CAT standard
Jul 26, 2022 around 10am PDT (after block height 2,311,760) CAT1 EOL
Jul 27, 2022 v1.5.0 live
Jul 28, 2022 blog post updated
Jul 30, 2022 CAT1 vulnerability explained
Within a few days, Chia continued to release a series of updates and announcements, finishing upgrading the CAT standard, bringing v1.5.0 live, and explaining what exactly was the vulnerability of CAT1 standard coin after the upgrade was finalized. Details are included in their blog post.
Luckily, this "Cat Bleed" was never exploited, confirmed by Chia's team. The concern was raised by Trail of Bits, a security auditor which helps Chia to audit, addressing "a potential class of vulnerabilities that led the team to uncover a security vulnerability with CAT1". To summarize it, the issue was a potential vulnerability that could be exploited by anyone to print as many fake CATs as they want. Chia later released a technical article explaining the vulnerability they uncovered for CAT1.
Chia also suggested actions for users and CAT issuers to follow in order to move forward from the EOL to CAT2. Users are advised to download 1.5.0 client, cancel their offers, check their CAT1 balance, and wait for the airdrop of CAT2 from issuers. CAT issuers are provided with an official tool for the re-issuance.
Actions for Hashgreen
Jul 26, 2022 halting all trading activities
Jul 27, 2022 reminding users to keep up-to-date
Jul 27, 2022 Chia’s official wallet and API trading back in our DEX
Jul 28, 2022 trade resumed as issuers re-issuing their tokens
Hashgreen were able to react after the news came out on July 26th. We quickly took actions, incorporating frontend, backend, and operations to adapt to the change. We halted all CAT trading activities and offer uploading from our API and tweeted the information to the public, reminding users and token issuers what they should do and be aware of about the upgrade. Before the release of Chia Blockchain 1.5.0, we had also hidden all the CAT1 markets to prepare for CAT2's data migration from TAIL Database.
To prevent any exploit from happening, Chia suggested users to cancel offers that have been uploaded or shared on the internet, especially those providing XCH for CAT1s. With our approach of aggregating offers, you don't have to cancel offers that you uploaded to our DEX since, essentially, no one will be able to take down any of it once all the trading activities are halted.
Our team were able to upgrade Hashgreen DEX and resume all the trading activities hereafter as the CAT issuers continued re-issuing their coins. Once again, if you are a trader, we recommend you to update to v1.5.0 as soon as possible and please beware that CAT1 is no longer acknowledged by Chia's wallet.
Please beware that CAT2 has a different asset ID than its CAT1 version.