On Oct 18th, 2022, during a time of high-volume traffic on the Nervos Network L1, a potential security issue was reported to the Godwoken team.
After an investigation by the Godwoken team, the potential security issue was determined not to be due to the high volume of traffic L1 (CKB) but did, however, represent a possible security threat to the Godwoken L2 optimistic rollup blockchain.
The core engineering team made the difficult choice, with the support of the Godwoken co-founders, to temporarily halt the chain and patch the security issue.
Once the patch was applied and sufficiently tested, the chain was resumed. The entire process took a few hours to complete. A follow-up patch will be released in Q4 2022.
Retrospective
It was a difficult choice to stop the chain and disrupt service. Nevertheless, we felt it was necessary to protect the chain's integrity compared to the inconvenience of service stoppage.
It is important to note that it is common practice not to disclose any possible security issue to the public once it has been reported until there has been an assessment (and, if within scope), a fix applied.
We appreciate the community member who reported the bug privately to the team and will present them with a bounty for their efforts and integrity.
While, unfortunately, all software does encounter bugs from time to time, the team and system worked as expected. As soon as the security issue was disclosed, it was addressed immediately without delay. There is no evidence that the security issue was exploited
We encourage the community and developers to report security issues privately, and we will continue to offer bounties for substantiated issues.
