1/ Network Outage Due to STX Reorg & Valor Exploit
I've received inquiries about the sudden suspension of Stacks deposits and withdrawals over the weekend, so I'm writing this after a long time.
1. Deposit/Withdrawal Outage
This network outage is caused by a phenomenon called "reorg," which frequently occurs on the Bitcoin network. In a PoW network, many computers perform calculations to generate a block, and the person who finds the result has the authority to record it in another block.
Generally, due to the difficulty of computation, it's rare for this task to be completed simultaneously. However, sometimes, multiple miners create new blocks simultaneously, resulting in simultaneous block generation. When this happens, the chain that created the longer block is recognized as the authentic transaction, and the new chain becomes the standard. In this case, transactions recorded on the shorter chain only have to wait a little longer to be included in a block again, so general users don't experience significant inconvenience.
In the case of Stacks, since it's based on Bitcoin, transactions occurring on the Stacks network must be organized and anchored to a Bitcoin block. If there are two such blocks, the Stacks network will also experience problems.
In fact, this reorg phenomenon is one of the root causes of all evil when trying to build something based on Bitcoin. I saw that information regarding reorg responses was added after the Stacks hard fork, but we need to investigate the reason for the network downtime this time.
Still, it shouldn't be a major issue, and the network explorer shows it's returning to normal, so deposits and withdrawals should resume soon.
2. The Valor Exploit
About four days ago, an attack exploited a vulnerability in the Valor PerpDEX LP, gradually stealing LP. I remember the Stacks Foundation investing around 1 million in the Valor PerpDEX LP shortly after its launch. The damage wasn't significant, at around 673k, but it could be significant for Stacks. The Stacks Fund reportedly recovered approximately 6% of the supply provided to the Velar Foundation.
In short, it wasn't a case of keys being stolen. Instead, it was a Stacks-based Python oracle that referenced the last trade price to determine a reasonable price. However, since trading was usually insignificant, there was a significant gap in these price updates, and they gradually deducted funds based on this.
Ultimately, due to a lack of liquidity, no one traded, resulting in the exploitation of the foundation's funds. This is also true...
Still, when Velar PerfDex first launched, it was quite popular, but without initial liquidity support, trading became difficult. This led to a vicious cycle where even those who had been curious about the platform withdrew, and trading became even less frequent.
While Velar PerfDex was effectively closed for business, international tweets circulated, saying, "What on earth is the foundation even supporting a dApp? Development is so hard." Public opinion formed, saying things like, "I'm leaving the ecosystem," and only after that did the foundation deploy liquidity to Valor.
If we think about it, if they had provided liquidity support in advance, people would have traded, and the oracle wouldn't have had such a large gap. If the foundation had been providing support anyway, it only said after the incident, "It won't affect our 26-year plan, but we'll consider it when distributing our funds to DeFi in the future." It's just frustrating. If they're going to claim Clarity is predictable and safe, how many more failures will have to occur before it's truly trustworthy and usable?
I don't have the strength to say anything about this, and anyway, I think both of the above issues are minor issues in the grand scheme of things.
While I'm at the keyboard today, I'd like to briefly review Stacks' 26-year plan.
x.com/StacksEndowment/status/2...
