## Sovryn Post-Mortem: Staking Contract Vulnerability and the Guardian’s Role
In Community Call #37, the Sovryn development team provided a transparent and detailed breakdown of a recently discovered vulnerability in the staking contract. The call focused on the nature of the bug, the immediate fixes deployed, and the vital security backstop provided by the Bitocracy’s Guardian mechanism.
### What Was the Vulnerability?
A security researcher, through the Immunefi bug bounty program, discovered a flaw in the staking contract. The bug would have allowed an attacker to manipulate their voting power by repeatedly calling the `extendStakingDuration` function to the same date, potentially gaining near-infinite voting power. While no funds were at risk, this could have been used to maliciously influence or block governance proposals.
### How Was it Fixed?
The team took immediate action:
1. **Emergency Pause:** A pausing functionality was quickly added to the staking contract to prevent any exploitation.
2. **SIP 43:** A governance proposal was passed to patch the immediate entry point for the bug.
3. **Deeper Analysis:** Further investigation revealed an underlying issue that required a more comprehensive fix. The team is now taking the necessary time to carefully review and test a second, more robust patch to address the root cause, which will be presented in a forthcoming SIP.
### Why Weren’t Funds at Risk? The Guardian Explained
Even if the exploit had been used, the protocol has a built-in failsafe: **the Guardian**. The Guardian is a multisig (currently the Exchequer) that has the power to **veto** any governance proposal, but cannot force one through. This mechanism, in place since day one, acts as a crucial safeguard against malicious proposals, ensuring that even with manipulated voting power, an attacker could not drain the treasury or change critical protocol rules.
This incident highlights the importance of a multi-layered security approach: a robust bug bounty program to find vulnerabilities, a swift development response to patch them, and a decentralized safeguard like the Guardian to protect the protocol in a worst-case scenario.