The Attackers Assemble
It was a foggy morning in California, the sun hadn’t risen yet. My alarm woke me up. It was 6:30AM, a point in the day at which I would typically not be conscious. The comfort of my warm bed was intoxicating, but there was work to be done… Important work.
I rolled out of bed and crawled on all fours to the kitchen, where I made myself some coffee. This freshly brewed jet-fuel gave me the strength I needed to take on the dangerous mission I was about to participate in.
Coffee in hand, I moved gingerly to my desk and sat down. From there I jumped into the ABLE Stake Pool Discord server, which is run by Cardano’s favorite French Canadian, Mike Hornan. After joining the voice-chat, I took a deep breath and braced myself for what was to come. More people joined in rapid succession, I recognized most of them, but a few were complete strangers. That didn’t matter, though; we were all united in our purpose.
This ragtag group of peaceful revolutionaries assembled on Saturday, March 2nd at approximately 7AM PST, with a plan to launch a coordinated attack on SanchoNet.
Why Must We Attack SanchoNet?
Now you’re probably asking yourself… What the hell is SanchoNet? It’s a testnet built for Cardano governance exploration and experimentation. Soon, Cardano will be governed via on-chain voting, but before that can happen, we need to test, test, and test some more. And by test, I mean attack!
One of the attackers who I met for the first time on that fateful morning goes by the name Cerkoryn. I asked him about the journey that brought him to SanchoNet and he said, “I went to the dRep Workshop in Indianapolis a few weeks ago… I went and met a whole lot of super, super smart people there. I met Mike Hornan at the workshop, he was the dictator of SanchoNet at that time, before they had to re-roll it because he had taken over the entire thing.”
“The Indy Group,” as it was called by Adam Dean on X, joined together on February 17th, 2024, to discuss both the possibilities and the challenges that Cardano will grapple with in the Age of Voltaire.
Cerkoryn listened closely as Mike gave a presentation at the governance workshop and was so intrigued that he set up his own SanchoNet node the very same day, with a little help from Mike, of course. Several of the people present at the Indianapolis Workshop would go on to take part in the Great SanchoNet Attack of 2024, including the event’s organizer Adam Rusch.
Cardano’s evolution will soon be controlled by on-chain votes from ADA holders, but before the voting process can begin, someone has to submit something called a Governance Action. Anyone can submit a proposed change to the chain, no gatekeepers. The only restriction is the Governance Action Deposit, which is the required amount of tADA that must be locked-up by the proposer while the voting is taking place. The deposit is returned when voting ends, whether or not the Governance Action gets enough Yes votes to pass. There are different categories of Governance Actions meant for different purposes, but what’s important right now is that they all must be stored in a transaction on the ledger while they’re being voted on.
That was where Mike’s duplicitous scheme came into play. What would happen if we got a group of people together and spammed SanchoNet with thousands of generic Governance Actions all at once? Would the network buckle? Our devious minds wanted to know… Mike’s idea was to use a script that rapidly assembled dozens of Governance Actions, packed them into a single transaction, submitted it to the chain, then rinse and repeat. Cerkoryn shared more details of how the targeted Sancho strike was designed, “Mike built a script for proposing a whole bunch of treasury withdrawal actions, I think 50 actions at a time. I think that was the maximum you could fit in one transaction. So, we just did that.”
Ready… Aim… Fire!
It took some patient wrangling from Mike Hornan, but he was able to set up a date for the attack that worked for as many people as possible. I impatiently waited for the day to come, the day of Sancho destiny. On that foggy Saturday morning in California, I sat at my desk, staring at my node, rattling with excitement and adrenaline; about a dozen others were also waiting for the signal to begin our onslaught.
Cerkoryn described the attack, “We all just kept running Mike’s script over and over. So, every, I dunno, five to ten seconds we were submitting 50 Governance Actions and within ten to twenty minutes we had about 8,000 proposals on-chain. Before that, there were a few dozen total on SanchoNet, so yeah, we completely slammed it full of governance transactions.”
As I ran the script again and again, I imagined I was launching a barrage of missiles at SanchoNet. The attack didn’t last long, only about 15 minutes of intense action. Sadly, the fun couldn’t last forever and eventually everyone ran out of tADA funds to satisfy the Governance Action Deposit requirements. At that point we’d run out of artillery. The attackers took a moment to catch their breath. As the smoke cleared, it became clear that our mission had failed. SanchoNet stood tall and unblemished despite our best and most ferocious efforts. Cerkoryn said, “We finished our attack and the chain held up very well. So yeah, we didn’t succeed in crashing SanchoNet, which is good… Another good thing is that it would be very expensive to attempt this attack with real ADA, so it’s probably not very likely to happen in the future.”
I guess you could say we lost the battle, but we won the war! The book on SanchoNet continues to be written, however, and more testing is still needed. Personally, I look forward to the next Sancho Attack because it was so damn fun!
If you are interested in getting involved in the adventures, it’s not too late! A great first step on the path to Sancho glory is the SanchoNet website and the GovTools website. If you go through all the resources on those websites and still have questions, don’t hesitate to reach out to the Cardano Community on social media, you’ll be surprised how many people are ready to offer a helping hand.