Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions amid recent situation --> Serum - FTX hack - Bonfida #92

Open
mihneacalugaru opened this issue Nov 14, 2022 · 13 comments
Open

Questions amid recent situation --> Serum - FTX hack - Bonfida #92

mihneacalugaru opened this issue Nov 14, 2022 · 13 comments

Comments

@mihneacalugaru
Copy link
Contributor

I am posting this issue to serve more as a discussion platform after the recent situation involving the presumed FTX hack and its effects on Serum DEX.

From my understanding, a summary of what (people think) happened sound like this:

FTX backed the original Project Serum. Also, FTX was holding the private key of the Update Authority of Serum DEX program. With FTX being hacked, Serum's update private key is thought to be compromised, which in turn made a lot of exchanges, wallets, and others to stop using Serum. Volume decreased by 80-90% day by day since the beginning of the weekend. In order to remove any fears of Serum being linked to the FTX Group, developers started working on a fork.

Anyway, correct me if I'm wrong, please.

How will this affect Bonfida's Serum DEX v4 that will be on mainnet at some point?

Hopefully, this thread will clarify fears and questions.
@ellttBen
Copy link
Contributor

Hi @mihneacalugaru, thanks for raising this important issue.
The first thing to say is that Bonfida is not affiliated with Serum or FTX. However, we have ownership over the dex-v4 (and AAOB) code and we will continue to maintain it. The code also remains open source and free to use / fork, and has been audited by Ottersec.
We have never deployed the program to mainnet ourselves.
In terms of security, no one outside Bonfida has write access to this repo, so there should be no concern there.

@mihneacalugaru
Copy link
Contributor Author

Thanks for clarifying @ellttBen, that's great to hear.

So, is there any timeline on deploying the v4 on the mainnet or is it still unknown? Also, when that will happen, will any liquidity from v3 be migrated to v4?

@ellttBen
Copy link
Contributor

Considering the situation, we think the program should be deployed by a DAO, and we would be keen to help out and participate. However there are no concrete plans right now.
In terms of liquidity, we don't have and never had MM activities on Serum and don't really know what other MMs would want to do.

@mihneacalugaru
Copy link
Contributor Author

mihneacalugaru commented Nov 14, 2022
edited
Loading

Okay, so, if I understood correctly, Bonfida implemented Serum DEX v4 will be deployed if and when a DAO will be formed and willing to deploy it so that there will be a multisig procedure through which the program will be upgraded, in order not to end up like we did. Is that correct?

@ellttBen
Copy link
Contributor

That's pretty much it yes

@mralbertchen
Copy link

hi @ellttBen this conversation makes it sound like v4 never got deployed to mainnet but FTX deployed v4 to mainnet back in July (https://explorer.solana.com/address/Fw2n4Hq2CKbbC9J1HZ3couDiKVBhUE9f1c7uads9hsGy). The main use of this had been for SFT trading. As this program shares the same upgrade authority with v3, I believe we should fork this the same way OpenBook community forked v3. I am happy to lead this effort and create a DAO involving the parties that have been using this program. Are you able to tell me which commit was deployed to this program?

@dr497
Copy link
Contributor

dr497 commented Nov 14, 2022

We are not aware of which commit was deployed. If I am correct this is the last commit reviewed by Ottersec a41a9420d2d09c8642fd37b4412777a08f9bd3c8

@mralbertchen
Copy link

Thanks that is extremely helpful @dr497

@mihneacalugaru
Copy link
Contributor Author

So, @mralbertchen, you did deploy the commit @dr497 mentioned at the following address: srmv4uTCPF81hWDaPyEN2mLZ8XbvzuEM6LsAxR8NpjU, also creating a DAO and setting it as the sweep authority, right?

@ellttBen
Copy link
Contributor

Hi again,
First of all we'd like to thank everyone for their involvement in rebooting the Serum dex as fast as possible with more decentralization. However, we want to avoid excessive forking which would dilute our ability to quickly deploy potential security updates if they become necessary.
This repo was entirely developed by us at Bonfida, and we're still here and committed to the future of the technology itself. Any change that needs to be made to the protocol in order to facilitate a DAO deployment should be submitted as an issue on this repo, and we'll get to work.
Once a DAO is ready, we can deploy an Anchor verified build and set the upgrade authority to be controlled by it.

@mralbertchen
Copy link

@mihneacalugaru that is correct. The upgrade authority will be changed to the DAO once Apr.Dev is fixed.

The DAO has been created here: https://app.realms.today/dao/Bmif6ABDLNA2X2R2odRoAQEpcBVnAWaxJhSSPJsHQpY7

Please provide addresses and I will invite you to the DAO.

I can also create a pull request with the changes made.

@dr497
Copy link
Contributor

dr497 commented Nov 16, 2022

@mralbertchen What changes have you made? What is the exact code that will be deployed?

@mralbertchen
Copy link

Just updated the program id and changed the sweep authority to the DAO address. Then modified Anchor.toml for anchor verifiable build to work.

You can see the commit here.
Genopets@d50898e

I’m waiting for https://apr.dev to be fixed for the program source code to be verified on-chain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ellttBen @mralbertchen @dr497 @mihneacalugaru