Jump to content

Some statements in the last GateHub announcement are .... weird?


T8493
 Share

Recommended Posts

GateHub announcement:

http://blog.gatehub.net/post/165832617292/gatehub-ltd-announcement

I.

Quote

We have put in place a new $5 million capital facility to backstop our working capital

What does this mean?

Who provided capital? GateHub? Shareholder of GateHub? How did they get it? It looks like there was no new funding round or something.

How do you "backstop your *working* capital"? The word "backstop" is usually used in relation to shares, not "working capital".

What exactly do they mean by "capital facility"?

 

II.

Quote

This represents a small fraction of GateHub’s total volume, the overwhelming bulk of which is held in secure offline cold storage. 

What do they mean by volume? Trading volume? Deposit volume?

Amount of deposits ("deposit volume") is maybe an order of magnitude higher than the amount in "offline cold storage" because - generally speaking - "offline cold storage" equals to deposits minus withdrawals (and they claim they had a lot of withdrawals in this period).


III.

Quote

We learned valuable lessons from this episode, and are taking aggressive steps to make GateHub more secure.

 

Does this mean that GateHub is currently insecure (or at least less secure than it could be)?

 

Quote

GateHub is in the process of installing a multisig system

 

How will this multisig system prevent bugs related to 'partial payment' feature (or in fact any bug) in their backend deposit processing systems?

 

IV.

Quote

We are profitable and growing fast.

Shareholders have just "absorbed" an enormous loss (according to this announcement). How can this be profitable?

Maybe they mean their *operating* profit is greater than zero?

GateHub is growing fast? Quick search on LinkedIn doesn't reveal any significant jump in the headcount over the last years. They weren't able to fill several engineering positions (according to their website). There is still no e.g. mobile wallet.

 

 

Link to comment
Share on other sites

Weird message indeed. Maybe this is smokescreen talk for: "5 million worth of XRP has been stolen, a loss which has been compensated by Chris Larsen, one of Gatehub's shareholders, who owns plenty XRP ".

Link to comment
Share on other sites

23 minutes ago, tulo said:

Really they were tricked by partial payment? A "trick" that everybody knew and that is in the documentation?

It is far from clear how their "deposit processing service" uses partial payments (and why would such service even need partial payments).

 

Link to comment
Share on other sites

2 minutes ago, tulo said:

Partial payments can be used to "trick" gateways if they don't know well the ripple protocol. https://ripple.com/build/partial-payments/#partial-payments-exploit

Yes, I'm familiar with this.

But the described attack goes in direction XRP Ledger->BTC ledger. However, I think that this "deposit processing service" maybe works in the opposite direction (BTC Ledger->XRP Ledger) because this is the "deposit" from the point of view of GateHub users.

Why would someone call a "withdrawal processing service" a "deposit processing service"?

 

 

Link to comment
Share on other sites

1 minute ago, T8493 said:

Yes, I'm familiar with this.

But the described attack goes in direction XRP Ledger->BTC ledger. However, I think that this "deposit processing service" maybe works in the opposite direction (BTC Ledger->XRP Ledger) because this is the "deposit" from the point of view of GateHub users.

Why would someone call a "withdrawal processing service" a "deposit processing service"?

The bug (via partial payment) is in the deposit service...they failed to deposit the correct amount.

Link to comment
Share on other sites

15 minutes ago, tulo said:

The bug (via partial payment) is in the deposit service...they failed to deposit the correct amount.

You claim that the bug was in the service that processes transactions that transfer BTC IOUs to one of the RCL addresses, owned by GateHub? I thought this "deposit processing service" works in the opposite direction.

If this is true, then this is very problematic because:

  • GateHub devs maybe didn't read the documentation and their internal review processes are iffy,
  • GateHub likely didn't implement any "invariant checking" of the BTC IOU amounts on RCL in their accounts (basically, actual amount of BTC IOUs in our Ripple address (as reported by rippled) = sum of BTC IOU in all transactions that sent BTC IOU to/from this Ripple address) - similar to what Ripple implemented in rippled (EnforceInvariant amendment).

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.