INCIDENT 032 | Window for minting certificates missed

[Christian-MK]

Trigger

• ⬛ suspected malware infections
• ⬛ access violations
• ⬛ anomalous system behaviors
• ✔️ human errors
• ⬛ unauthorized access attempts

Date

2024-05-04

Summary

Certificates were not minted on time to enable publishing on May 4th at 1500 UTC. Certificates were subsequently minted and a datum published at 16:29 UTC.

Status

Resolved

Assessment

The Cardano Open Oracle Protocol (COOP) uses a certificate based approach to enabling publishing. The certificates limit the amount of damage anyone can do with access to a token for publishing under the COOP policy ID.

In the case of the Orcfax federated network certificates are minted once a month and are not distributed to other parties. On May 4th, the Orcfax team needed to renew the certificate in order to allow publishing but this did not take place which resulted in the missed datum.

Additional Notes

For the federated network, certificate monitoring and minting is a manual process; the team endeavors to keep on top of this task, but the lapse clearly illustrates the need to find a more efficient process.

For consumers, the validity range of the existing datum should render them unusable in their own smart contracts. However, users may still require datum to be published on-time to perform other functions.

Technical improvements

We are investigating:

1. Improved manual processes for token minting.
2. Improved alerting from COOP infrastructure to prompt for certificate minting.
3. Alternatives to the token/certificate based approach to publishing.

Documentation improvements

N/A