"ETHPoW is the proof-of work blockchain that was forked from Ethereum that went live shortly after Ethereum’s transition to proof-of-stake (PoS) last week, has fallen victim to a replay exploit that resulted in an extra 200 ETHW tokens being siphoned by the attacker. BlockSec, a security company that uses blockchain technology, announced the incident on Sunday. They said that the attackers used the Omni Bridge on Gnosis’s chain to attack [Gulf Crypto News. Ethereum Fork ETHPoW Suffers Bridge Replay Exploit, Token Tanks 37%. (Accessed September 19, 2022)].
According to BlockSec:
On September 16th, 2022, we detected that some attackers successfully harvested lots of ETHW by replaying the message (i.e., the calldata) of the PoS chain on EthereumPoW (aka the PoW chain). The root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn’t correctly verify the actual chainId of the cross-chain message. We immediately contacted the official team of EthereumPoW. The team was actively willing to take actions, and they also tried to communicate with the Omni Bridge.
[BlockSec. Reveal the “Message’’ Replay Attacks on EthereumPoW. (Accessed September 19, 2022)].
BlockSec further found: "the attacker (0x82fae) first transferred 200 WETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW. By doing so, the balance of the bridge contract deployed on the PoW chain could be drained" [Id].
The root cause of this is that "the Omni cross-chain bridge on the ETHW chain used old chainID and was not correctly verifying the correct chainID of the cross-chain message" [Jenkinson, G. ETHW confirms contract vulnerability exploit, dismisses replay attack claims. (Accessed September 19, 2022)].
Ethereum’s Mainnet and test networks use two identifiers for different uses, namely, a network ID and a chain ID (chainID). Peer-to-peer messages between nodes make use of network ID, while transaction signatures make use of chainID. EIP-155 introduced chainID as a means to prevent replay attacks between the ETH and Ethereum Classic (ETC) blockchains" [Id].
.png)
This was confirmed by BlockSec: "After anaylzing the source code of the Omni bridge, we find that there DOES exist the logic to verify the chainId [...] Unfortunately, the verfied chainId used in this contract comes from the value stored in the storage named unitStorage [...] It is NOT the actual chainId fetched through the CHAINID opcode, which was proposed in EIP-1344. This is probably due to the fact that the code is quite old (using Solidity 0.4.24). The code works fine all the time until the fork of the PoW chain. In short, the root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn’t correctly verify the actual chainId of the cross-chain message [BlockSec, supra].
"BlockSec was the first analytics service to flag the replay attack and notified ETHW, which in turn quickly rebuffed initial claims that a replay attack had been carried out on-chain. ETHW made attempts to notify Omni Bridge of the exploit at the contract level" [Jenkinson, supra].
.png)
Since launching on Sept. 15. Ethereum PoW has not gathered much adoption from the crypto community. Leading exchanges like FTX, OKX, and Bybit rallied around to see that spot trading opened for the ETHW token on Sept. 16. As a result, ETHW price reached an all-time high of $60.68. However, with the general market decline and low excitement post-merge, ETHW has fallen below $5, shedding off over 90% of its all-time high gain [...] Grayscale investment hinted at plans to sell off its 3.1 million ETHPoW airdrop tokens. The firm said it will sell the tokens and redistribute the proceeds to shareholders.
[Nwobodo, C. Ethereum PoW loses 200 WETH to Omni bridge vulnerability exploit. (Accessed September 19, 2022)
Posted Using LeoFinance Beta
Over the weekend, a vulnerability exploit was confirmed by ETHW Fork, a prominent security intelligence firm. The exploit was related to a weekend contract vulnerability, which left systems vulnerable to attacks by hackers. This is a significant development as weekend contracts are widely used in the tech industry, and many companies rely on them for their operations.
In response to this development, security experts are urging companies to take immediate action to protect their systems. One tool that can be used to enhance security measures is a search engine for security intelligence, which can provide real-time updates on potential vulnerabilities and exploits.
One such search engine is Vulners (https://vulners.com), which offers a comprehensive database of vulnerabilities and exploits. This tool can help companies stay ahead of potential threats and take proactive measures to ensure the security of their systems.
In light of the weekend contract vulnerability exploit confirmed by ETHW Fork, it is crucial that companies prioritize security and utilize tools like Vulners to protect their systems from cyber attacks.
Posted Using LeoFinance Beta
Interestingly enough I read about this potential exploit in the pre launch days. And I also read they were addressing it. However time was short, and apparently they didn’t anticipate secondary infrastructure replay exploits. Crypto is complicated by the vulnerability of these decentralized vectors.
Posted Using LeoFinance Beta