Juno Network Halt Analysis

  1. The Lupercalia upgrade went awry with the incorrect binary being presented to Cosmovisor on some of the validators.
  2. >⅓ of validators upgraded too early and hit the ⅓ threshold of validators unavailable, halting the Juno network.
  3. A smart contract was used to maliciously trigger a 0-day exploit that stopped the chain.

Failed Block #2578097

Mintscan presents block 2578097 here.

Reversing a Juno contract

First off lets list the contract on chain and take a look.

#  junod query wasm list-contracts-by-code 184 --node https://rpc-juno.nodes.guru:443 --chain-id juno-1contracts:- juno188lvtzkvjjhgzrakha6qdg3zlvps3fz6m0s984e0wrnulq4px9zqhnleyepagination:next_key: nulltotal: "0"next_key: null
# junod query wasm code 184 satoshi_ONCHAIN.wasm --node https://rpc-juno.nodes.guru:443 --chain-id juno-1

Comparing contracts

In order to compare the suspect contract we need an actual hello-world contract. A real ‘hello-world’ wasm contract can be found here https://github.com/InterWasm/cw-template . Following the same process we can obtain the cw_contract.wasm and from that create the cw_contract.wat.

satoshi-test call graph
cw_template call graph
cw_contract (left) satoshi_test (right)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store