Protocol Labs says exchanges' ‘misuse’ of Filecoin API led to double deposit issue

Protocol Labs says exchanges' ‘misuse’ of Filecoin API led to double deposit issue

Protocol Labs has denied criticisms which recently circled the media that a bug in the Filecoin API, which they designed and engineered, was the reason for the FIL double deposit issue which garnered attention Thursday. In an incident report published by the team, Protocol Labs said that the information being disseminated regarding the issue were “incorrect and misleading.”

“The Lotus team has investigated the report thoroughly and have found no issues with the Filecoin network or the remote procedure call (RPC) API code. There is no double-spend on the blockchain itself, and no bug in the API code. The exchange in question has already reverted the incorrect transaction in their bookkeeping system (there was no loss of funds), and is reviewing their deposit processing logic to correct their API usage,” Protocol Labs stated.

The incident initially drew attention after Filecoin miners at Filfox and FileStar filed the first report detailing how Binance processed a “double deposit” of FIL on March 17th worth an estimated $4.6 million. The reports cited a bug on Filecoin’s RPC API code. While this was not an actual on-chain double spend, Binance credited the miners’ filecoin account twice after a single deposit due to the alleged bug in the RPC code.

Looking back to the fundamentals of Bitcoin’s proof-of-work (PoW) algorithm, a “double spend” occurs when the same set of funds on a blockchain are spent twice. The PoW consensus mechanism was specifically designed to address this and render it impossible. Protocol Labs’ project through Filecoin is to create a next-gen blockchain-based distributed storage network. Notably, the team’s researchers have also developed two new cryptographic proofs: proof-of-spacetime (PoSt), and proof-of-replication (PoRep).

The team behind Filecoin went into further detail regarding the incident, admonishing the false reports which made headlines a couple of days ago, with media groups and institutions now only correcting their coverage.

“The core of the issue was the improper usage of Lotus’ chain state inspection API, which behaved differently than expected when handling multiple similar messages. Misinterpreting the output of the Lotus API can cause a bookkeeping system to count both the original and a replacement message with the same senders and recipients. So far, we are only aware of one exchange affected by this issue,” Protocol Labs stated.

Binance, the affected exchange, caught on with the API misuse and has since taken immediate action to halt deposits, withdrawals, and transfers. The incorrect transactions were reverted, and the Binance team are now correcting the use of Lotus APIs to match Protocol Labs’ recommended usage. Other exchanges processing Filecoin have been provided with disclosures on the matter and have begun reviewing their code to avoid replicating the incident. 

Protocol Labs’ provided that their Lotus Team is now actively working with all exchanges “to ensure that this behavior is correctly handled” by improving API documentation and ensure that other exchanges using the protocol could correctly inspect Filecoin’s chain state from their end, going forward.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Related TAGS:

You can share this post!