Bonfida Team Statement
Bonfida has recently been confronted with a situation that is provoking a lot of anxiety amongst our users. We hope to explain and clarify the full circumstances that led to the sequence of the events that unfolded. In this manner, we would like to comfort you with the fact that we act in the best interest of our community members, that is, to protect and prevent them from any undue harm.
The message being spread is that Bonfida has dishonestly revoked a user’s domain names without any clear reason. This of course is inaccurate, but regardless has caused some distress — for which Bonfida extends a sincere apology.
- Bonfida explains the sequence of events that led to prohibiting a user’s staking ability and momentarily holding their domain names to gain contact with the user
- Staking issues experienced due to Solana’s degraded performance
- Using a bot, a single user claimed over 80K of undeserving rewards taking full advantage of those to be distributed to stakers
- These actions had malicious intent : claiming more than 3400 times is considered a direct attack on Bonfida’s community
- These actions could have affected all our users’ honest earnings if Bonfida had not stepped in
- User then went on to restake and dump undeserved rewards
- The same user additionally tried to leverage their stolen earnings to manipulate the DAO by attempting to mint a council token, allowing them to become a member of the DAO council
- A council is an emergency-only authority which is there to act quickly in unfavourable circumstances. Manipulation of these broad executive powers could have dire consequences. This is also considered a direct attack on the DAO and users
- To avoid further destructive behaviour an emergency measure was taken. A similar measure is also available to ENS
- Staking and the Solana Name Services are closely related. The earnings of one feed into the other. As a result, Bonfida acted on both fronts by prohibiting the user from further staking and temporarily revoking their domains names in order to force them into reaching out
- These actions are justified by the outright vulnerability caused by the user to the system
This is a detailed account of the sequence of events
Recently, the Solana network experienced some degraded performance that affected our staking program. Due to these network issues, several crank transactions did not go through, which led to the rewards received by stakers being combined, resulting in some not being able to claim daily (since they had claimed a few day’s worth of rewards at once). This however, had no effects on the entirety of rewards being distributed, but simply the time at which these rewards became claimable. However, this situation also meant that some people were able to claim the same rewards multiple times. This has been resolved and fortunately did not affect any of the stakers.
Please read the full extent of this on our forum:
Based on these circumstances we expected some users to claim more rewards than they had earned. Yet, we did not expect a user to purposefully claim as many rewards as possible. Ultimately, this resulted in a single user claiming over 80K worth of rewards. Almost triple the amount they had originally staked.
We consider this a direct attack on our community: these rewards were meant for legitimate users. This attack was repeated not once, but multiple times (to be exact 3409 times) and with obvious intent. Consequently, Bonfida had to compensate for this loss, to ensure that no end-users were affected. Had this not been done, a total of 80K’s worth of rewards would not have been distributed to users.
Bonfida does not take harm to the community lightly.
After blatantly stealing from the staking program, the same user proceeded to restake some of those funds, thus attempting to steal yet more user rewards. This can be seen here:
Subsequently, the stolen rewards were dumped on FTX and USDT TRC20 was transferred to Binance in what we consider to be a suspicious timeframe: why were the rewards liquidated and then transferred around with such haste if not to make the funds harder to track?
The transactions associated with the FTX $FIDA deposits can be found below this text.
In response, Bonfida decided to prohibit the user from further staking as well as their ability to claim more rewards. We do not necessarily expect users to responsibly disclose odd experiences with Bonfida products, but we at the very least expect them not to compromise our other honest users.
Following this, the user continued to try and exploit our DAO. Due to their large quantity of gFIDA (Bonfida governance token) held, they tried to manipulate the DAO in such a manner as to mint a council token, which would have enabled them to become a council member. The main point of a council is to be an emergency-only authority when circumstances require swift action. Compromising this necessary safety is also a direct attack on our increasingly valuable DAO and, once again, on our users.
On further inspection we realised this user is in fact a large domain holder. Even looking at their held domains, it seemed as though the user had intended on using some of those domains to scam other users: many of their seemingly rare and valuable domains actually contained invisible Zero Width Joiners. This is essentially the SNS equivalent of counterfeiting as abnormal .sol domain names which do not conform to the official specification appear like valid domains.
This general picture of hostile behavior with no end in sight is what lead to Bonfida’s decision to temporarily revoke the holder’s domain names. We have a duty of care to our community and this user leveraged a script to cause substantial harm under their own selfish pretences. The team was concerned by the very real possibility of additional threats that they could cause, given the pattern of behavior described above. It was never our intention to hold on to these domains forever, and they were not misplaced: they were solely held on to in the hopes that this would trigger the user to reach out to us, and maybe even own up to their own actions. The domains can still be returned.
Addressing uncertainty about the security of the Solana Name Service:
A lot of uncertainty is being spread about the security of Solana Name Service (SNS). That is, that domain names can be transferred without the permission of the owner. This is due to a recent change implemented by Bonfida. The decision to perform this change was long in the making and completely unrelated to the sequence of events currently being described. Here are a few reasons why this change was implemented, in collaboration with the Solana team :
1. Users can buy a domain name and create subdomains for that specific .sol domain
2. These subdomains can be transferred away from the parent domain
3. However, the user can put their domain name up for resale
4. This would result in the new owner needing to get their subdomains back
For this reason, subdomains are transferable with the parent domain signature. This is to ensure that the new rightful owner has full control over all subdomains of their main domain name.
These are standard practices adopted by Ethereum Name Service as well. Specifically, they state “the root ownership [is] only used to effect administrative changes, such as the introduction of a new TLD, or to recover from an emergency such as a critical vulnerability in a TLD registrar”.
“This means that the keyholders can replace the contracts that govern issuing and managing domains, giving them ultimate control over the structure of the ENS system and the names registered in it.”
Find more information on that see here:
Therefore we want to emphasize that a user causing this level of havoc while showing no intention to stop definitely falls into this emergencies and critical vulnerabilities category. This forced us to take the drastic measure of enforcing administrative change of the user’s domains. In our case the administrative change was implemented in the absence of a direct SNS emergency, but the inherent link between staking and SNS described below amply justify our actions. This was done as an attempt to open up a line of negotiation with the user in an attempt to grant them an opportunity to explain themselves. To get a clearer final picture of the integrity and intentions of the user, enabling us to take a proper course of action.
No user has ever been subject to these measures and we undeniably try to prevent this at all costs. We completely understand the uncertainty this may provoke amongst our users. Under these circumstances, however, we had to take action before further destruction was brought to the broader community.
There is a common misconception that staking and SNS are unrelated. This is false since the majority of the proceeds obtained from domain names are allocated to $FIDA stakers. Most of these proceeds go to buy and burn and a percentage of the buy and burn is what is dropped on stakers. The staking and SNS business models are essentially built on top of one another.
As mentioned above, the decision to implement this change to SNS just happened to coincide with the present situation. Never before have domain names been taken from anyone and never will they be. This would not only be a cause of a significant trust issue between community members and Bonfida, but would also mean we don’t respect the very essence of our vision: decentralization. Our services are only useful as long as they conform to this basic tenet of web3. Going in another direction would be Bonfida’s demise, a possibility we have absolutely no desire or even incentive to pursue. This incident was an isolated case specifically directed at one dishonest user, which we considered an outright emergency. If you have any doubts about our process please feel free to contact us on our official channels.
We hope this article clarifies the stance we took. If you have any more concerns please contact us immediately. Thank you for taking the time to read.
Transactions of FTX $FIDA deposits made by EMFSprzoDZpHmiZEqDsE92iXydLx9c7nbmjVA1cDze3r :