{"id":518673,"date":"2022-11-30T19:30:00","date_gmt":"2022-11-30T16:30:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/secret-network-resolves-network-vulnerability-following-white-hat-disclosure\/"},"modified":"2022-11-30T19:30:00","modified_gmt":"2022-11-30T16:30:00","slug":"secret-network-resolves-network-vulnerability-following-white-hat-disclosure","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/secret-network-resolves-network-vulnerability-following-white-hat-disclosure\/","title":{"rendered":"# Secret Network resolves network vulnerability following white hat disclosure"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a262a54cefcb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a262a54cefcb\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/secret-network-resolves-network-vulnerability-following-white-hat-disclosure\/#%E2%80%9D_Secret_Network_resolves_network_vulnerability_following_white_hat_disclosure_%E2%80%9C\" >&#8221; Secret Network resolves network vulnerability following white hat disclosure  &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Secret_Network_resolves_network_vulnerability_following_white_hat_disclosure_%E2%80%9C\"><\/span>&#8221; Secret Network resolves network vulnerability following white hat disclosure  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTEvNmQ5NjM2NDktZjk5MS00YjQxLWE0YzQtMDVkMTcyM2ZjYWE5LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-b8b12140>On Nov. 30, Guy Zyskind, CEO of privacy smart contract blockchain Secret Network, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/GuyZys\/status\/1597725977614114816\">said<\/a> that developers had patched a privacy-related vulnerability and users&#8217; funds remain secure. In a document dated Nov. 29, Secret Network wrote that users or developers required no action and that all active nodes were upgraded to correct the exploit on Nov. 2.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">2\/ You can read the post for the main details, but the important part is that the vulnerability was mitigated and unlikely to have been exploited. Most importantly, funds were never at risk, because Secret intentionally does not rely on SGX for correctness \u2013 only privacy.<\/p>\n<p>\u2014 Guy Zyskind (@GuyZys) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/GuyZys\/status\/1597725977614114816?ref_src=twsrc%5Etfw\">November 29, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>The sequence of events, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/scrt.network\/blog\/notice-successful-resolution-of-xapic-vulnerability\">unveiled<\/a> late yesterday by the Secret Network developers, began when a group of white-hat computer <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/sciencee\/\" data-internallinksmanager029f6b8e52c=\"5\" title=\"Science\" target=\"_blank\" rel=\"noopener\">science<\/a> researchers contacted the Secret team on Oct. 3 regarding a recently disclosed xAPIC (Advanced Programmable Interrupt Controller) architectural bug. The exploit allowed uninitialized memory reads in certain Software Guard Extension-enabled (SGX) Intel CPUs. Secret Network leverages SGX <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> to provide confidential execution of smart contracts.\u00a0<\/p>\n<p>As <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/sgx.fail\/files\/sgx.fail.pdf\">stated<\/a> in their paper, researchers first registered a server as a validator node on the Secret Network, even when they did not have sufficient funds to be trusted to actively validate transactions. The registration process then stored a copy of Secret&#8217;s global consensus seed inside its SGX enclave. Next, through the aforementioned CPU glitch, researchers extracted the consensus seed of its Secret Node and its private Intel Enhanced Privacy ID key. Finally, with these items, they were able to break Secret&#8217;s privacy-preserving features and decrypt the internal state of all smart contracts on the network, as well as the digital assets embedded in them.\u00a0<\/p>\n<p>Secret developers verified the exploit on Oct. 4 and devised a plan to patch the vulnerability together with researchers and Intel staff. First, nodes were forcefully ejected from the network, and their secret keys deleted. After that, nodes could only rejoin the network if they patched all known vulnerabilities, which was completed on Nov. 2. &#8220;With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet,&#8221; wrote the Secret Network team.<\/p>\n<p>In addition, new nodes joining the network will be limited to server-class hardware only, as to limit the attack surface that user-class hardware presents. Founded in 2015, Secret Network currently has a market cap of $131 million through its native token SCRT. The firm partnered with director Quentin Tarantino to launch Secret NFTs last November.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"consulting_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/secret-network-resolves-network-vulnerability-following-white-hat-disclosure\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Secret Network resolves network vulnerability following white hat disclosure &#8220; On Nov. 30, Guy Zyskind, CEO of privacy smart contract blockchain Secret Network, said that developers had patched a privacy-related vulnerability and users&#8217; funds remain secure. In a document dated Nov. 29, Secret Network wrote that users or developers required no action and that&#8230;<\/p>\n","protected":false},"author":1,"featured_media":518674,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTEvNmQ5NjM2NDktZjk5MS00YjQxLWE0YzQtMDVkMTcyM2ZjYWE5LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,74863,74355,4965],"class_list":["post-518673","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-cryptocurrencies","tag-adoption","tag-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/518673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=518673"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/518673\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/518674"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=518673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=518673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=518673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}