Black Mirror: Blockchain Edition
This story was inspired by How Rollups actually actually actually work, by Jon Charbonneau, which was inspired by How Rollups actually actually work, by Toghrul Maharramov, which was inspired by How Rollups actually work, by Kelvin Fichter.
Borinkski. This better be important.
Sir, we have a big problem.
Okay. Well get on with it.
Jelly Finance got hacked. There was a vulnerability in one of the contracts.
Fuck. Which contract? Not the liquid staking...
It's the liquid staking.
Shit. When?
Started about 10 minutes ago. They’re still draining accounts. The Jelly team is trying to patch the contract, but they can't get the transactions to post. The attacker's still draining funds and everyone is trying to pull out. The chain is all bogged down.
What’s the damage?
We’re still analyzing. Two billion at least. Losses are still climbing.
Give me an upper bound. What’s the TVL in those contracts?
30 billion.
Fucking hell. I warned the Jelly team about this bullshit. They're too careless. They have no regard for security. Did we post those transactions to the L1 yet?
I don't know. Patrick, can you check on that?
Hasn’t posted yet. Next update is in 5 min--
Shut it down. Shut down the sequencer.
Shut it down? Are you... sure?
Shut it down.
Okay, it's just... X is gonna have a field day with this. They already give us a hard time about the centralized sequencer. When they find out we intentionally shut it down...
That's the least of our worries. If those transactions post, we can’t roll back anymore. We need to keep our options open. Shut it down.
Roll back? You can’t be serious. What about the transactions that aren't involved in the hack?
They haven’t posted to the L1. They’re not finalized.
Well, technically, yeah, but we’ve never rolled back anything. Our users trust the preconfirmations. They don’t wait for the L1.
Judith. We can debate the rollback later. Shut down the sequencer.
Patrick, can you handle that?
I'm trying. I don’t have access. There's a lot of security guardrails on this machine. I need Jill to approve the SSH request. She's on vacation.
Gah. Are you kidding me? Patrick, how long do we have?
3 minutes.
Page everyone. Get me the data center. We need someone on-site, now. Do not let those transactions post.
I'm paging the data center now.
Bulldoze the building. I don't care how you do it. Turn the sequencer off.
We've got about 1 minute, 20 seconds.
Where's the damn N.O.C. rep? What the fuck do we pay them for?
Hey this is Jack over at--
Jack, you're at the data center?
Yeah.
Jack, we need you to kill our sequencer, immediately. Pull the plug, and we need it done in the next 30 seconds.
Guys, you know I can't do that. I can't even prove this call is authentic. They got these AI voice clone th--.
Listen to me, Jack. There's been a major hack. Look it up. It's all over X. If you don't kill that server in the next 30 seconds, billions of dollars are going to go down the fucking shitter! You're the only person that can stop it.
Now, Jack!
Patrick. Time check.
Hard to say. Less than a minute. Seconds, maybe.
Hurry up, Jack. Nuke everything.
Jack. Did you kill it?
Yeah. I got it.
Patrick, can you confirm we're down?
One sec, let me refresh... Yeah, stats are flatlined. Can someone open up their wallet and try a test transaction?
Never mind that. Patrick, check the L1. Did we kill it before the update?
Hold on, I’m checking....
Oh fuck. It posted.
Are you fuckin' with me?
No. The transactions posted to the L1. I can send you the hash.
Fuck.
There's a user on X that calculated the losses. It’s almost 25 billion. As far as I can tell, the calculations seem right.
Holy shit.
It's blowing up. Everybody’s saying roll back. We need to prepare a statement.
Can we call Vitalik? What if they roll back the L1?
It’ll never happen. Judith... How much value is locked in the bridge contract on the L1?
Let me see... Looks like about 4 billion.
Jesus. Okay. Everyone grab some coffee. It’s going to be a long night. What we’re about to do is something we said could never happen. Everybody take a minute. I’m gonna step outside. I need a cigarette.
Okay. Here’s where things stand. 25 billion was lost in the hack. Unfortunately, those transactions have already posted to the L1, and that's going to make this rollback very complicated. The cascading impacts of this are something I'm still wrapping my head around.
I mean, we can't roll back anymore, right?
Yes we can.
What do you mean? The bridge contract on the L1 is immutable. It won’t let us revert to an older block. We can’t roll back once we post to the L1. You said it yourself.
I know what I said, but that was before I knew the full extent of the losses. We can roll back, it's just going to be extremely painful. The L1 bridge can't roll back with us, and so we're going to have to fork away from the L1.
Fork away? What do you mean?
What I mean is that the L1 bridge will have one view of the chain, which is not rolled back, and our sequencer is going to have a completely different view... a fork. On our fork, we will perform the rollback. This fork will be completely disconnected from the L1 bridge.
What? We can’t fork away from the bridge. We’re a rollup. It’s in our whitepaper. We’re an L2. Ethereum is the source of truth.
I know what’s in the whitepaper, Judith — I wrote it. But this isn’t up to us. We’re a decentralized blockchain. Things are decided by social consensus.
Sounds to me like you're deciding.
I'm not. We’re going to launch two sequencers. One sequencer will have the rollback, and one won’t. The community will determine which chain is canonical, but based on the losses we’re looking at, I'm certain the rollback fork is going to win.
How do you know?
Because it's happened before. In 2016, there was a hack on Ethereum and the chain rolled back. Our losses are bigger than that. 20% of all the value on chain was just hacked.
There were no L2s or bridges back then. We can’t fork away from the L1. We’re an L2 — An extension of Ethereum.
You wanna know what happens if we don’t give the users a rollback option? Someone in the community is going to launch an alternate sequencer, a sequencer that has the rollback, and that sequencer will become the canonical chain. There's nothing we can do to stop the rollback. The sooner we accept that, the better. If we fight this, we will lose our sequencer and all the transaction fees that go along with it, and we all better start looking for new work. Running the sequencer is a privilege, not a right, and I have no intention of losing that privilege.
I’m still confused. There’s a bunch of ETH locked in the bridge contract, right? If our fork isn’t connected to the bridge, how will people get their ETH out?
The users will have wrapped ETH on both forks. They can use the fork that is connected to the bridge to redeem their ETH on the L1.
So what about the wrapped ETH on our fork?
It’s worthless. It’s not connected to the bridge. It’s not backed up by anything.
If the tokens on our fork have no value, why are we doing this?
Not all the tokens on our fork are worthless. This only applies to the wrapped tokens — The L1 tokens locked in the bridge. Those bridged tokens live on Ethereum, and so they have no value if you can’t redeem them on the L1. All the other tokens — Our native token, our NFTs, our ERC20 tokens... Those tokens live on our chain. They will only have value on our fork.
But all the tokens will exist on both forks, right?
Right. All the tokens will exist on both forks, but the wrapped tokens will have no value on our fork, and our native tokens will have no value on the bridge fork.
I’m trying to wrap my head around this... You’re saying that all the tokens will exist in both forks, but each token will only have value on a single fork.
Right. The tokens can't have value on both forks. It's not like we can all just double our money by forking.
So the users' funds are all safe?
Yes.
Not exactly.
What do you mean, Patrick? What funds aren't safe?
Well, let’s say I own wrapped ETH. My wrapped ETH is safe, because I can pull it out on the bridge fork.
Right.
But I also have wrapped ETH on our fork, right?
Right. The wrapped ETH on our fork is worthless, but that's fine. You have your value on the bridge fork.
Yeah, but then on our fork, I can still use a DEX to swap the worthless wrapped ETH for a native token. Now I have the valuable ETH on the bridge fork, but I also have valuable native tokens on our fork. I doubled up.
Ah, Shit. Yeah. Patrick is right.
It’s not like everyone can just double their money though, right? Someone’s gotta hold the bag here.
Yeah, it’s the liquidity providers. People are going to remove all the valuable tokens from the liquidity pools. If you’re providing liquidity in one of these pools, you’re gonna get cooked by divergence loss.
Yes, but this only applies to pools where the trading pair is one native asset and one wrapped asset. If the assets in the pool are both native, or both wrapped, you should be fine. For pools that have one native asset and one wrapped asset, they're straddling the fork, so they're exposed on both forks. Each fork will have one useless asset in the pool, and one valuable one.
We can’t let that happen, right?
There’s nothing we can do about it. This is the risk you take when you provide liquidity.
You're saying they signed up for this?! We told them we were part of Ethereum. We said this kind of thing was impossible!
Listen. Like I said before, there's nothing we can do to stop this fork. There's 25 billion dollars in the hack, and there's only 4 billion L1 assets locked in the bridge. The majority of those wrapped assets are safe. Yes, some of those funds are in these liquidity pools, and there's nothing we can do about that. This fork is happening. If I were a liquidity provider, I would exit these pools as quickly as possible.
Even if they want to get out, it's gonna be hard to get the transactions through. There’s going to be a frenzy of activity when we turn on the sequencers. The congestion will be insane. The sharks are going to use lending protocols to borrow whatever assets they need to drain these pools. The pools will be empty in minutes. I have half a mind to do it myself. If someone's gonna slaughter them anyway, might as well be us.
Patrick... you better--
Just kidding, geez. Come to think of it, it’s not just the liquidity pools, either. Any contract that lets you exchange native tokens and wrapped tokens is exposed.
That's just the liquidity pools, right?
No. Like imagine you have an NFT listed for sale for 1 wrapped ETH. That NFT will live on our fork, but the wrapped ETH is worthless there, so anybody can buy your NFT for almost nothing.
Ah, yeah. That's right. Those are at risk as well. That's a much smaller market though, compared to the liquidity pools.
I have an idea. What if we give all these exposed people a chance to get out?
How?
Well, we know the sharks are going to try to drain the liquidity pools. What if we disallow any trading in these pools for a short period? We can give the liquidity providers a chance to exit the pools first. During the grace period, the sequencer will only accept requests to exit those liquidity pools.
It’s a good idea. Ethically, it's the right thing to do. Unfortunately, though, we can't.
Why?
Because what you’re talking about is censorship. Once we censor transactions, we will lose all trust from our users.
We need to act fast here. Patrick, I want you to work on launching the new sequencer. Work with Jelly to patch the fucking bug in their contract first. We'll also need to create a new L1 bridge for the new sequencer.
Judith, prepare comms. We should encourage the users to withdraw their ETH from the bridge fork, and then send those funds to the new bridge that's connected to our fork. Make sure the users understand that there was no exploit in our chain. The problem was an exploit in the Jelly Finance contract. Loop in the team at Circle and any other stablecoin issuers. Their tokens will exist on both forks, but only the tokens on our fork will be backed up by the issuer.