Friday 30 September 2022
Home / none / ETHW confirms contract vulnerability exploit, dismisses replay attack claims

ETHW confirms contract vulnerability exploit, dismisses replay attack claims

Post-Ethereum Merge proof-of-work (PoW) chain ETHW has moved to quell claims that it had suffered an on-chain replay attack over the weekend.

Smart contract auditing firm BlockSec flagged what it described as a replay attack that took place on Sept. 16, in which attackers harvested ETHW tokens by replaying the call data of Ethereum’s proof-of-stake (PoS) chain on the forked Ethereum PoW chain.

According to BlockSec, the root cause of the exploit was due to the fact that the Omni cross-chain bridge on the ETHW chain used old chainID and was not correctly verifying the correct chainID of the cross-chain message.

Ethereum’s Mainnet and test networks use two identifiers for different uses, namely, a network ID and a chain ID (chainID). Peer-to-peer messages between nodes make use of network ID, while transaction signatures make use of chainID. EIP-155 introduced chainID as a means to prevent replay attacks between the ETH and Ethereum Classic (ETC) blockchains.

BlockSec was the first analytics service to flag the replay attack and notified ETHW, which, in turn, quickly rebuffed initial claims that a replay attack had been carried out on-chain. ETHW made attempts to notify Omni Bridge of the exploit at the contract level:

An analysis of the attack revealed that the exploiter started by transferring 200 WETH through the Omni bridge of the Gnosis chain before replaying the same message on the PoW chain, netting an extra 200 ETHW. This resulted in the balance of the chain contract deployed on the PoW chain being drained.

Related: Cross-chains in the crosshairs: Hacks call for better defense mechanisms

BlockSec’s analysis of the Omni bridge source code showed that the logic to verify chainID was present, but the verified chainID used in the contract was pulled from a value stored in the storage named unitStorage.

The team explained that this was not the correct chainID collected through the CHAINID opcode, which was proposed by EIP-1344 and exacerbated by the resulting fork after the Ethereum Merge:

“This is probably due to the fact that the code is quite old (using Solidity 0.4.24). The code works fine all the time until the fork of the PoW chain.”

This allowed attackers to harvest ETHW and potentially other tokens owned by the bridge on the PoW chain and go on to trade these on marketplaces listing the relevant tokens.

Cointelegraph reached out BlockSec to ascertain the value extracted. Yajin Zhou, BlockSec CEO, said his team had not conducted an accurate calculation but highlighted a limit on wrapped ETH transfers (WETH) through the Omni Bridge:

"The bridge has a limit on how many WETH can be transferred. The attacker can only get 250 ETHW per day. Note that this is only for this bridge contract. Such a vulnerability may exist on other projects on the EthereumPoW chain."

Following Ethereum's successful Merge event, which saw the smart contract blockchain transition from PoW to PoS, a group of miners decided to continue the PoW chain through a hard fork.

Original Article

About Jude Savage

Check Also

Ethereum Merge was ‘executed flawlessly,’ says Starkware co-founder

As the dust settled over the Ethereum network’s highly-anticipated transition to proof-of-stake (PoS), Eli Ben-Sasson, the co-founder of Starkware, gave his thoughts on its execution and potential for the future. Speaking to Cointelegraph’s Gareth Jenkinson at the Token2049 event, Ben-Sasson shared his thoughts on the current situation post-Merge and how it affects layer-2 projects like Starkware. In addition to that, the executive also gave his thoughts on the adoption and interest for layer-2 products and the crypto winter. Looking back at the Ethereum Merge’s execution, Ben-Sasson rejoiced that the transition was flawless and said things happened as they should. The executive explained that: “The most important thing is that it was executed flawlessly. Everything that was supposed to happen did happen. And none of the things that people were worried about did happen. And that's terrific news.”Additionally, the executive also highlighted the importance of the new Ethereum netw..

Leave a Reply

Your email address will not be published. Required fields are marked *