Statement on Dexter
on February 19, 2021
We write today to issue an apology to the community about the serious flaw that was found in Dexter.
We were recently notified by Nomadic Labs that in examining our contract in advance of the latest protocol upgrade proposal, they discovered a flaw in Dexter that would permit an attacker to remove funds that did not belong to them.
Very serious discussions ensued immediately to determine how to best preserve the safety of the funds in the Dexter contract. Ultimately, we decided that the only viable mechanism available appeared to be a so-called “White Knight” operation in which the funds would be removed from the contract using the bug itself and then returned to their rightful owners. This operation has now concluded, and all funds are safe.
Our contract has now been rewritten by an outside team to avoid this bug, and Nomadic Labs is in the process of proving that this particular class of bugs cannot re-occur. They will be releasing both the code and specification for this contract shortly. We are thankful to the Nomadic Labs team both for surfacing this issue and for ensuring that the same issue cannot arise again.
In addition, a new ecosystem team will be taking over the maintenance of Dexter long term. We look forward to a bright future for Dexter shepherded by a new team.