Chia Network, the energy-efficient blockchain and smart transaction platform, will replace its 7-month-old chia asset tokens (CATs) with a new token to address a security vulnerability that it uncovered after an outside auditor detected potential weaknesses with the token’s standard, the company said in a blog post.
Chia will halt what it now is calling CAT1 on July 26 at 5 p.m. (UTC) after block height 2,311,760 and begin supporting its re-issuance as CAT2.
San Francisco-based Chia, the brainchild of BitTorrent founder Bram Cohen, discovered the weak point after the auditor, Trail of Bits, “raised a potential class of vulnerabilities,” prompting Chia to probe more deeply, the blog post says. Chia determined that while holders’ CATs were safe, one risk area was potentially significant enough to warrant the change to CAT2.
“It took quite a bit of digging on our part to get to a high degree of confidence that this isn’t just a window dressing level of vulnerability. This is a serious vulnerability. We should end-of-life CAT1, patch it and upgrade everybody to CAT2,” Paul Hainsworth, Chia’s vice president of product, told CoinDesk in a phone interview. Hainsworth added that the firm had installed a round-the-clock monitor shortly after Trail of Bits noted its concerns to ensure no one’s CAT had been compromised.
A number of blockchain protocols hire auditors to look for weaknesses, but token re-issuances are infrequent. Hainsworth said that as “an enterprise and institutional-focused blockchain,” the company has made security issues a priority and conducts regular audits of new releases. Chia engaged Trail of Bits, a respected security audit firm, in December, a month before launching the CAT.
Chia created CATs as cryptographic primitives that allow individuals to issue tokenized versions of stocks, bonds and other assets, on top of the Chia blockchain. They are separate from the Chia blockchain’s native XCH cryptocurrency. Cryptographic primitives are algorithms that serve as building blocks for cryptographic protocols in computer systems. “CATs are an artifact that are actually built on top of XCH,” Hainsworth said. “It’s a separate type of asset altogether.”
He added that the upgrade would not affect XCH, although Chia will ask holders to cancel in-progress offers to sell XCH for CAT1s, so they don’t wind up with “worthless tokens.”
Next steps for CAT token holders
The CAT1 end-of-life point will serve as a reference for re-issuance of CATs. For example, holders with 1,000 USDS in CAT1 in their wallets at the end-of-life block height will receive the same amount in CAT2 via an issuer, such as Stably.
Chia has asked holders to upgrade to a 1.5.0 wallet to enable the re-issuance. The company has created a website that can also be reached via the wallet to view historical CAT1 balances and compare them to CAT2 balances in the new wallet.
Separately, Chia has asked holders to cancel any offers that may be in progress
“End users should be made ‘whole’ on the CAT1 holdings,” the company said in a statement that will be available on the Chia blog.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.