Rena Dev Report — 04/04/2022
👋 Hello Rena Community,
Since our last update, the Rena Dev Team has been working to fully enable the Greeks ecosystem on RenaSwap with the greatest focus on security possible — the pairs are now officially Live and the drip is enabled! Below, we’ll dig more into the changes made, as well as our RenaV2 progress and a breakdown of the recent Revest Exploit and how we’ve avoided a would-be crisis.
Unpacking Revest Exploit
On March 27th, the Revest Protocol suffered a re-entrancy exploit where ~2.5M worth of tokens housed within specific Revest FNFTs were stolen, including 352,835 RENA, 714,999,999 BLOCKS, 579 LYXe, and 7,699,999 ECO.
352,835 RENA tokens were housed in the Revest Token vaults because we sent these tokens to be distributed among the participants of the Day 1 Rena Reservation Event. More details about the affected NFTs here.
The attacker successfully sold all of the stolen tokens except the 352,835 RENA tokens. When the attack was recognized, our dev team jumped to action and raised the transaction tax to 10% to deter the attacker from selling. This is likely why the RENA tokens were not sold. The high transaction tax coupled with the inability to set the slippage in the Uniswap interface prevented him from swapping the RENA without going through a custom code process to execute a swap.
We are already working towards the recovery of funds and liquidity to cushion against any potential dump. More to come on this as we have more to share.
It is important to note that the exploit did not involve any Rena protocol code as the exploit was only regarding Revest’s FNFT technology.
System Update as of 03/31/2022: Considering the threat may be over, as above, we have re-enabled the protocol by setting the native token transaction tax for Rena back to 1%. It was important for us to stop the hacker with this tactic, but as part of enabling the full mechanism for the Greek Tokens, we needed to move on.
To learn more, check out Revest’s incident analysis on Medium.
Here’s the wallet ID of the exploiter where the stolen RENA tokens reside: https://etherscan.io/address/0xef967ece5322c0d7d26dab41778acb55ce5bd58b
RenaSwap Greeks (aka Space Tokens) Pairs Update:
💧 Token Drip is NOW LIVE!
Review the Etherscan report for the initial drip transaction.
As mentioned in the Space Tokens rGOV Proposal — The “Greek” Tokens BETA, RHO, KAPPA, GAMMA, and XI do not have transaction taxes like RENA or ITS, which means these RenaSwap/Greek pairs will need to be set up differently from the currently existing ones. These pairs are not able to receive tokens from their trading volumes like RENA and ITS.
This means that an alternative drip mechanism had to be considered when implementing these tokens. So we developed a holding contract that collects these tokens and drips them into their pairs over time. For example, 2,500,000 XI dripped into an rRENA/XI pair to create discounts over time.
A few further updates from our Lead Dev Davion (all dated 3/30/2022 in Telegram chat)
“Hey guys, the entire system has been turned back on!
During downtime, a few things were finalized. First of which is the Greek integration with Renaswap.
We have currently taken all Rena accumulated through Renaswap sales for the Greeks and sent them where they need to go.
This marks the second major step to integrating the Greeks with the Rena ecosystem and by far the greatest hurdle.
We are constantly monitoring and tweaking our implementation as we go. As those who’ve followed us since the beginning will know, we have always been cautious and meticulous in our endeavor to bring you a robust and secure protocol.
When you have TLV you hold not only the sanctity and security of your economy but those trusting in you. We take this extremely seriously. While we may seem slow, or even stagnant, understand we are moving in a realm where perfection is not only expected but required. We are pedantic about our approach to security, safety, and our own internal opsec.
The last step with the Greeks will ensure a constant exposure to arbitrage that will hopefully be realized by more than just bots by utilizing our new front end!
We have treated the addition of each individual Greek token as their own addition so we can systematize additions to our ecosystem and streamline development. The infrastructure created to allow tokens with no transaction fee to participate in our system is almost solidified and functional. This opens up the Rena Ecosystem to any and all Erc20s, not just the ones we create!”
Additionally, Davion commented:
“…You can decompile the bytecode of the contract and get an idea for what it’s doing. It’s acting as an ERC1155 receiver and has a call back for when it receives an ERC1155 token.
This looks like they are probably attempting another reentry attack on revest (They use 1155’s as their FNFT contract). Our system (rena) never sends 1155’s to anyone so this isn’t something pointed directly at us.“
Regarding token allocation, Davion mentioned:
“The recent activities with the Greeks was done with < 7% of the tokens we were given and it made some impressive impact. I’m very excited to see what the remaining tokens will do when you include the ongoing claims with the screens [xiprotocol.io] !! ”
We are in the final stages of testing and QA with our test token contract $ANER. Currently, we are in the midst of completing the bridging and deployment of $ANER. Once we are confident of the cross-chain security we will then deploy the full $RENA token on FTM along with pairing for FTM-RENA liquidity.
Rena V2 & Branding
Our design team is currently working on the Rena brand identity for V2. We are looking forward to seeing the designs this coming week which will bring us to the next stages in the branding process. In the meantime, we continue with technical requirements documentation for V2 and are preparing for the hand-off to our dev team.
Since the listing of the Greeks on RenaSwap, we’ve noticed a growing interest from the DOGE community. The idea has been lobbied, and the team is already brainstorming sustainable strategies to deploy DOGE pairing(s) on RenaSwap e.g. rRenDOGE/XI. No promises at this point… This is probably nothing.