Germany’s Information Security Office champions hardware wallets
On August 6, the Ronin bridge suffered a $10 million exploit caused by a faulty upgrade deployment script, as detailed in a report by blockchain security firm Verichains. The issue stemmed from the script failing to call a critical initialization function, which led to the voting threshold for validators being set to zero. This oversight allowed any user to withdraw funds from the bridge “without signature.”
Key Details of the Exploit:
-
Faulty Upgrade: The bridge’s upgrade intended to relocate the totalWeight variable from a separate contract to the bridge’s internal storage. The variable was supposed to be initialized to its previous value during deployment. However, the deployment script only called an initialization function for version 4, missing the crucial version 3 function that set totalWeight, leaving it at zero.
-
Impact: With the voting threshold set to zero, users could bypass the usual requirement of validator signatures for withdrawals. This vulnerability was exploited by an attacker who withdrew funds using a single valid signature, as any signature would satisfy the zero threshold.
-
Frontrunner Attack: The attack transaction was front-run by an MEV bot known as “Frontrunner Yoink,” which drained over $10 million from the bridge. The bot’s owner, acting as a white hat, returned most of the stolen funds, retaining $500,000 as a bug bounty.
Technical Analysis:
-
Security Flaw: The Verichains report reveals that the Ronin bridge’s reliance on the mimimumVoteWeight variable, which requires authorization from a minimum number of validators, was compromised due to the uninitialized totalWeight.
-
Signature Requirement: The exploit allowed withdrawals with any valid signature since the minimum vote requirement was effectively zero.
Response and Implications:
-
Ronin’s Confirmation: Ronin confirmed the exploit was due to the upgrade causing the bridge to misinterpret the required vote threshold for withdrawals.
-
Future Considerations: The incident highlights the risks associated with upgradeable cross-chain bridges. While some advocate for extended upgrade delays as a solution, critics argue that such measures are slow to implement and may not fully address the problem.
This exploit underscores the critical importance of rigorous testing and validation for smart contract upgrades, especially in systems handling significant amounts of value.
source: https://cointelegraph.com/news/crypto-funding-tron-surpasses-ethereum-revenue-finance-redefined