Hello OPEN Community,
We would like to provide an update on what we have learned and the technical developments we have made in light of the Kucoin hack.
As we know Kucoin announced that they experienced a ~$200 million hack on September 26, 2020. Many projects and assets were affected, including 16,341,025.82 OPENC tokens. While this unfortunate incident was beyond our control, it was of greatest importance to fix this incident for all token holders. We have taken the necessary time to work closely with Kucoin since the very beginning of the incident and fixed all issues in a cautious and thorough manner that ensured the least impact on our community members.
Preventing any future hacks, should they arise, from exploiting the OPEN community is of utmost importance. Therefore, we have and are developing new tools to further protect our community. In the scenario that a hack occurs in the future, deploying a 1:1 token swap may be a necessary and protective security measure depending on the situation at hand. We want to be prepared and ensure that we have the tools and capabilities to quickly and accurately conduct a swap, if necessary, to effectively fix issues resulting from a hack. Such a swap would have automatic distribution of new tokens to all token holders of the previous token. In addition, we would be able to take a snapshot at an appropriate block number to execute a swap in a timely manner. Once a swap is executed, a new token smart contract address will replace the old token smart contract address and tokens, rendering them obsolete.
Developing tools that can quickly and accurately execute an ERC-20 smart contract swap and distribute tokens to token holders in a newly deployed smart contract required us to solve new technical challenges. For example, it is necessary to obtain a snapshot list of token holders and their corresponding token balance at a specific block number in order to conduct a swap. Using the link below, you can view the balance of addresses in Etherscan by specifying a block number or date:
However, since there are a lot of addresses, we cannot create a desired snapshot manually. A special tool is needed, which could export all data to a CSV file. We had already developed a tool that could do this. It was written in Kotlin and used the Infura node. However, since Infura changed the policy of access to their Ethereum servers and became a paid service for inspecting historical data (data outside of the most recent 128 blocks) for any of the JSON-RPC and Websocket API methods listed below, requests required special paid access to archive data.
In order to accomplish our goal, we need to use the ‘getBalance’ method but it requires us to access the archived data that is now more difficult to obtain. Before describing how we were able to overcome this challenge, let’s dive deeper into what an Ethereum archive node like Infura is and how it works.
Ethereum archive nodes store the full history of the blockchain for the Ethereum mainnet. They work just like a full node but also store an archive of all historical states since the start of the network.
With a full node, you are limited to querying the last 128 blocks to see the balance of an address and the state of a smart contract at a point in time. Full nodes, which make up most nodes on the network, are only able to query data for the last 1,664 seconds, or ~27 minutes.
So, with an archive node you can query any block for an address balance or a smart contract state to see what they looked like at a specific point in time. This is a clear necessity for anyone hoping to provide any sort of complete analysis of the Ethereum mainnet.
However, having this option to access any historical state typically comes at a high cost – not only in the ever-increasing storage requirements, but also in time. It takes weeks to sync an Ethereum archive node and requires constant maintenance of a machine that’s consuming terabytes of storage. You can find in the link below a detailed article about the archive node and how it is hard to maintain and afford:
You can find a lot of paid access to the archive node on the internet, such as Infura and Chainstack. If you cannot afford access, https://archivenode.io/ grants free access to small-time developers. To get access, you will need to fill in a form describing who you are and what you will use the node for. They will quickly contact you and provide you with the necessary information to get started. That being said, we solved the access problem by obtaining free access to https://archivenode.io/ and were able to export the archive data that was required.
However, since we are open source a to z, we provide free and effective solutions for all developers to overcome technical challenges. Therefore, we decided to make our Token Snapshot Tool repository open to everyone and every project. This tool has been developed and published to enable any project to rapidly deploy a response and remedy to a potential future hack strategy as our team saw an opportunity to contribute to the stability of the industry.
You can explore the CLI tool in the link below. This CLI utility can be used to create a snapshot of an ERC-20 token in CSV format at a specific block:
Considering that not everyone can get access to services for any number of reasons, developers without an archive node cannot use our tool. The good news is that we plan to develop an alternative tool that does not require an archive node.
This alternative tool is based on ERC-20 events. Events are invoked from smart contracts when an amount of tokens are sent from the addresses and the output gets written into the Ethereum blockchain log data structure. These are accessible from a fully synced node. Utilizing ERC-20 events, the tool we are developing iterates starting from a given block number through all transactions in which a smart contract is involved. By summing tokens for each token holder, the tool exports to a CSV file. The advantages of our tool’s approach are that it doesn’t require the previously mentioned archive node, it’s faster to start, and it can be used with Infura’s free plan.
During the development of this new tool, we created a number of architectural solutions that accelerate the launch of the program on the console. Also, by utilizing the capabilities of Kotlin, our tool effectively uses the parallel processing of blocks. To explore the implementation of the tool in detail, you can check out our GitHub repository. In the repository, you can find the README with instructions on how to run the application. Feel free to clone and use! Don’t forget to star the repository and contribute in case of bugs.
Thank you for your continued support. Please stay tuned for more technical updates!