Hello, Klever Community.
Transparency is our commitment, especially when the path forward requires a strategic pivot.
As many of you know, on June 5th, the Klever network experienced a security incident. Our immediate response was detailed in our public incident report, but the impact of that event required a fundamental shift in our day-to-day engineering strategy.
This bi-weekly update looks different from the others. We are temporarily pausing our planned roadmap advancements (like the RWA Protocol and AI Agent economy features) to dedicate our total and unrestricted focus toward a comprehensive, network-wide security hardening.
Here is a transparent breakdown of how we pivoted our engineering resources during Sprint 99, and the deep security work currently underway in Sprint 100.
The Pivot: Security Above All Else
When building a layer-1 blockchain, trust, transactional integrity, and network consensus are non-negotiable. The June 5th incident highlighted areas where our preventative measures needed significant reinforcement.
Therefore, Sprint 99 was entirely consumed by immediate incident response and vulnerability patching. Sprint 100, and the subsequent sprints, are now dedicated to building a fortress around the Klever core. We are shifting from reactive patching to proactive, systemic network validation.
Sprint 99 (Delivered): Immediate Incident Response & Patching
Focus: Halting Vulnerabilities and Immediate Hardening
During the immediate aftermath of the incident, our protocol engineers delivered critical fixes:
-
Critical Vulnerability Patched: We successfully resolved a critical bug regarding royalty transfers. Previously, specific
processPercentageRoyaltiesTransferconditions allowed tokens to be minted out of thin air. This has been permanently closed. -
Supply Cap Bypass Fixed: We corrected an overflow vulnerability in SFT minting that allowed bad actors to bypass the established supply caps.
-
Infrastructure Adjustments: We implemented necessary deployment fixes for the
klv-bridge-front-dappto ensure stability.
Note: Sprint 99 was a highly reactive sprint. Because our entire focus shifted to the incident, our standard delivery metrics were impacted, resulting in carryover tasks that we are now formally addressing in Sprint 100.
Sprint 100 (Planned): Systemic Hardening & Proof of Audit
Focus: Preventative Validation, Transfer Principles, and External Audit Resolutions
Sprint 100 represents a massive, coordinated effort to elevate the security of the Klever Blockchain. Over 50% of our total engineering capacity for this sprint is dedicated solely to two security epics.
Epic: Improve Security (The Core Focus)
Instead of just fixing isolated bugs, we are implementing systemic checks that govern the entire network.
-
The “Transfer Principle” Enforcement: We are undertaking a massive refactoring effort to ensure strict adherence to the “transfer principle” across all network actions. We are standardizing how transfers are handled in the Market, KDA Fees Pool, ITOs, and standard account operations. This prevents balances from being altered without corresponding, verifiable transfer operations.
-
Systemic Sanity Checks: We are actively building post-transaction state validations and backtests. This means the network will continually perform “sanity checks” based on receipts, allowing us to detect and flag state inconsistencies or regressions automatically.
-
Endpoint Protection: We are locking down unauthenticated WebSocket endpoints (
/logand/subscribe) by implementing strict size limits, connection caps, and DoS protections.
Epic: Proof of Security Audit (External Validation)
We are actively resolving the deep-level findings reported by our external auditors (CertiK). These are highly technical resolutions that protect the core consensus of the network.
Additional Ecosystem Improvements
While security is the priority, we are simultaneously hardening the tools our developers and node operators rely on:
-
Smart Contract Validation: We are preparing to release our smart contract verification and auditing tools to the Mainnet, including options for closed-source audits.
-
Multisig Enhancements: We are finalizing the implementation of sequential broadcast by nonce for multisig transactions.
-
KleverScan Reliability: We are deploying analytical tools to catch unexpected behaviors in transaction creation, ensuring the explorer remains highly accurate.
Consolidated Closing: Our Commitment to You
This pivot is necessary. We are pausing the roadmap to build that impenetrable foundation. The work currently happening in Sprint 100, enforcing strict transfer principles, implementing receipt-based sanity checks, and clearing rigorous external audits, is what makes Klever a true enterprise-grade blockchain.
We will continue to publish these bi-weekly reports, even when the news is focused on recovery and hardening rather than shiny new features. True transparency means sharing the pivots, the challenges, and the hard work required to build a network you can trust.
Thank you for your unwavering support and for building alongside us.