I accidentally messed up with HNY transferability

TL;DR

I accidentally made HNY untransferable with the last upgrade, but the funds are SAFU. We will upgrade the contract again, and the problem will be solved by next week. Again, I’m sorry for what happened and any inconvenience it may cause.

Context

We recently went through the update of the Hooked Token Manager in the four most significant Gardens:

This upgrade solves a significant vulnerability that has the Hooked Token Manager in a combination of other contracts, such as the Unipool contract in a Boboli Garden. Unfortunately, we haven’t been transparent about this until now for obvious reasons.

Before issuing each upgrade, we performed tests in a forked blockchain using hardhat. The upgrade went well for Giveth, TEC, and Brighid, but we have had a significant problem with the 1hive upgrade.

Problem

1Hive was the first Garden, and as a consequence, it has a more old code than the rest of the gardens, as it was created with a custom template and not using the Gardens Template.

The token manager repo used was different from the rest of the gardens. When we upgraded it with the newest code, we caused corruption in the unstructured storage, provoking that since the update, nobody can transfer their HNY tokens (at least until we upgrade the contract again).

Imagine we had a contract with blanks (the code) so we can write in them (store data). We tried to change the old contract with a new one with the same blanks (contract upgrade), so the contract could still work but with new clauses. The problem happened when we used a new contract with the blanks in a different place (unstructured storage corruption).

We performed tests to check the upgrade would work as intended, but unfortunately, I didn’t correctly check that we would not corrupt the unstructured storage or that HNY would still be transferable after the upgrade. I am very sorry this has happened.

Solution

We need to vote to upgrade the contract again. After that, we will revert the changes to the previous contract, backporting the fix to make the hooked token manager safe to use other contracts.

We will announce the vote in this same thread. It will take about one week to pass the proposal. In the meantime, we will try to remove HNY from the proposed routes in honeyswap.org, so this causes less disruption possible to the people who use it.

8 Likes

The vote to fix the token manager is on, and you can already vote.

4 Likes

We executed the vote and the problem should be solved now.

1 Like