On Nov. 30, Guy Zyskind, CEO of privacy smart contract blockchain Secret Network, said that developers had patched a privacy-related vulnerability and users' funds remain secure. In a document dated Nov. 29, Secret Network wrote that users or developers required no action and that all active nodes were upgraded to correct the exploit on Nov. 2.
2/ You can read the post for the main details, but the important part is that the vulnerability was mitigated and unlikely to have been exploited. Most importantly, funds were never at risk, because Secret intentionally does not rely on SGX for correctness – only privacy.
The sequence of events, unveiled late yesterday by the Secret Network developers, began when a group of white-hat computer science researchers contacted the Secret team on Oct. 3 regarding a recently disclosed xAPIC (Advanced Programmable Interrupt Controller) architectural bug. The exploit allowed uninitialized memory reads in certain Software Guard Extension-enabled (SGX) Intel CPUs. Secret Network leverages SGX technology to provide confidential execution of smart contracts.
As stated in their paper, researchers first registered a server as a validator node on the Secret Network, even when they did not have sufficient funds to be trusted to actively validate transactions. The registration process then stored a copy of Secret's global consensus seed inside its SGX enclave. Next, through the aforementioned CPU glitch, researchers extracted the consensus seed of its Secret Node and its private Intel Enhanced Privacy ID key. Finally, with these items, they were able to break Secret's privacy-preserving features and decrypt the internal state of all smart contracts on the network, as well as the digital assets
Read more on cointelegraph.com