The initial analysis of the PolyNetwork Hack

Transaction and call trace

  • 0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963: Attacker
  • 0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270: EthCrossChainManager
  • 0xcf2afe102057ba5c16f899271045a0a37fcb10f2: EthCrossChainData
  • 0x250e76987d838a75310c34bf422ea9f1ac4cc906: LockProxy
  • 0x5a51e2ebf8d136926b9ca7b59b60464e7c44d2eb: managerProxyContract for LockProxy
  • d450e04c (verifyHeaderAndExecuteTx)
  • 69d48074 (getCurEpochConPubKeyBytes)
  • 5ac40790 (getCurEpochStartHeight)
  • 0586763c (checkIfFromChainTxExist)
  • e90bfdcf (markFromChainTxExist(uint64,bytes32))

The main process of the attack

Function: verifyHeaderAndExecuteTx:

verifySig

unlock

Conclusion

  1. The attacker provides a valid signed message to the function verifyHeaderAndExecuteTx
  2. The onlyManagerContract modifier in the LockProxy smart contract is NOT bypassed.
  1. The attacker may have the legitimate keys to sign the messages, which indicate the signing keys may have been leaked.

--

--

--

A Blockchain Security and Data Company.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

🦅 Hello, IJZ 🦅

Step-By-Step Guide On How to participate in Xend Finance’s Public Sale Round on Balancer

{UPDATE} Heroes Auto Chess: Ajedrez RPG Hack Free Resources Generator

6 IoT Developments We Can Expect to See in the Next Decade

Intrusion detection system using artificial neural networks

Fireblocks Deploys ‘Web3 Engine’ for Firms Eyeing GameFi, NFTs

Vote for Your Party

Tryhackme Kenobi Room

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

A Blockchain Security and Data Company.

More from Medium

Knownsec Blockchain Lab | A Brief Analysis of Ether Active Data Sync

Detailed explanation of Ethereum smart contract vulnerabilities: Reentrancy vulnerability

Damn Vulnerable Defi Walkthrough

DeFi Security Lecture 6 — — Phishing Attack