ETHW Confirms Exploitation of Contract Vulnerability and Rejects Proofreading Attack Allegations
The Ethereum blockchain proof-of-work fork was targeted by a cross-chain contract exploit.
New
The Ethereum post-merger proof-of-work (PoW) chain ETHW has decided to crack down on claims that it suffered an on-chain replay attack over the weekend.
Smart contract auditing firm BlockSec reported what it described as a replay attack that took place on September 16, in which attackers harvested ETHW tokens by replaying data from Ethereum proof-of-stake (PoS) chain call on forked Ethereum. PoW chain.
According to BlockSec, the root cause of the exploit was due to the Omni multi-chain bridge on the ETHW chain using the old chainID and not properly checking the correct chainID of the cross-chain message.
The Ethereum mainnet and testnets use two identifiers for different uses, namely a network ID and a chain ID (chainID). Peer-to-peer messages between nodes use network ID, while transaction signatures use chain ID. EIP-155 introduced chainID as a way to prevent replay attacks between ETH and Ethereum Classic (ETC) blockchains.
1/ Alert | BlockSec has detected that exploits are replaying the PoS chain message (calldata) on @EthereumPow. The root cause of the exploit is that the bridge does not properly check the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022BlockSec was the first analysis service to report the replay attack and notify the ETHW, which in turn quickly dismissed initial claims that a chain replay attack had been carried out. ETHW attempted to notify Omni Bridge of the contract-level exploit:
I tried every means to contact Omni Bridge yesterday.
Bridges should correctly check the actual ChainI...
The Ethereum blockchain proof-of-work fork was targeted by a cross-chain contract exploit.
New
The Ethereum post-merger proof-of-work (PoW) chain ETHW has decided to crack down on claims that it suffered an on-chain replay attack over the weekend.
Smart contract auditing firm BlockSec reported what it described as a replay attack that took place on September 16, in which attackers harvested ETHW tokens by replaying data from Ethereum proof-of-stake (PoS) chain call on forked Ethereum. PoW chain.
According to BlockSec, the root cause of the exploit was due to the Omni multi-chain bridge on the ETHW chain using the old chainID and not properly checking the correct chainID of the cross-chain message.
The Ethereum mainnet and testnets use two identifiers for different uses, namely a network ID and a chain ID (chainID). Peer-to-peer messages between nodes use network ID, while transaction signatures use chain ID. EIP-155 introduced chainID as a way to prevent replay attacks between ETH and Ethereum Classic (ETC) blockchains.
1/ Alert | BlockSec has detected that exploits are replaying the PoS chain message (calldata) on @EthereumPow. The root cause of the exploit is that the bridge does not properly check the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022BlockSec was the first analysis service to report the replay attack and notify the ETHW, which in turn quickly dismissed initial claims that a chain replay attack had been carried out. ETHW attempted to notify Omni Bridge of the contract-level exploit:
I tried every means to contact Omni Bridge yesterday.
Bridges should correctly check the actual ChainI...
What's Your Reaction?
