Why is deBridge’s Smirnov concerned about Flow?

Alex Smirnov, co-founder of deBridge has pointed out some things he perceives as critical missteps as the Flow team continues to recover from the recent attack that hit its network. 

As part of its efforts to recover, the Flow team has suggested a rollback, which has raised eyebrows as critics like Smirnov, whose company deBridge, is integrated with Flow, claimed to have received no communication or coordination from the Flow team.

This is even though Flow claimed they were synchronizing with critical partners.

Why is deBridge’s Smirnov concerned about Flow?

According to Smirnov, the decision to roll back has been rushed and will likely result in financial damage far exceeding the impact of the original exploit.

“A rollback introduces systemic issues that affect bridges, custodians, users, and counterparties who acted honestly during the affected window,” Smirnov explained before urging all Flow validators not to validate transactions on the rolled-back chain until some crucial questions are clearly answered.

One of those questions is how Flow plans to handle doubled balances for users who bridged out of Flow during the rollback window and got their balances doubled because of the revert, and how users who bridged into Flow during the rollback window will be reimbursed.

Another question he wants answers to is how ecosystem custodians like LayerZero will handle cases of transactions that were executed right inside the rollback window.

Smirnov highlighted similar incidents, claiming they were handled far more professionally, with the hackers getting isolated without the need for a rollback.

“Why is Flow taking a different approach?” He asked. “Who specifically made the decision to roll back the chain?”

Smirnov has urged Flow validators to pause nodes and halt validation until clear remediation plans have been communicated by the team, ecosystem partners have been properly coordinated and security groups like Security Alliance have been engaged.

In a separate tweet, Smirnov doubled down on the futility of Flow’s solution by highlighting that the attacker has already “bridged out ~$4M and consolidated the funds at this address before moving further.”

“At this stage, a rollback has zero impact on the Flow attacker and instead harms only innocent users, liquidity providers, and ecosystem partners who acted honestly during the rollback window,” he wrote.

Flow claims rollback is the safest way to proceed

According to the Flow team, it does not have any other logical way forward other than to restore the network to a checkpoint prior to the exploit. The plan is to remove unauthorized transactions from the ledger.

The rollback window will cover transactions submitted between approximately 11:25 PM PST (December 26) and the network halt at 5:30 AM PST (December 27) will need to be resubmitted after the restart, including any legitimate users who the proposed remedy will inconvenience.

Validators have accepted and deployed the Mainnet-28 fix, but the network is still in read-only mode for synchronization with bridges, CEXs, and DEXs to avoid state mismatches.

As of December 28, synchronization has been extended to ensure all partners reset to the pre-exploit state.

If you're reading this, you’re already ahead. Stay there with our newsletter.