ETHW Confirms Exploitation of Contract Vulnerability and Rejects Proofreading Attack Allegations
The Ethereum blockchain proof-of-work fork was targeted by a cross-chain contract exploit.
![ETHW confirms contract vulnerability exploit, dismisses replay attack claims](https:// images.cointelegraph.com/images/1434_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvMDA3NDU1M2YtNTUwNy00MmM2LTgwOWItZjVlYTdkOTFhYWJiLmpwZw==.jpg)
The Ethereum post-merger proof-of-work (PoW) chain ETHW has decided to crack down on claims that it suffered an on-chain replay attack over the weekend.
Smart contract auditing firm BlockSec reported what it described as a replay attack that took place on September 16, in which attackers harvested ETHW tokens by replaying data from Ethereum proof-of-stake (PoS) chain call on forked Ethereum. PoW chain.
According to BlockSec, the root cause of the exploit was due to the Omni multi-chain bridge on the ETHW chain using the old chainID and not properly checking the correct chainID of the cross-chain message.
The Ethereum mainnet and testnets use two identifiers for different uses, namely a network ID and a chain ID (chainID). Peer-to-peer messages between nodes use network ID, while transaction signatures use chain ID. EIP-155 introduced chainID as a way to prevent replay attacks between ETH and Ethereum Classic (ETC) blockchains.
1/ Alert | BlockSec has detected that exploits are replaying the PoS chain message (calldata) on @EthereumPow. The root cause of the exploit is that the bridge does not properly check the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022BlockSec was the first analysis service to report the replay attack and notify the ETHW, which in turn quickly dismissed initial claims that a chain replay attack had been carried out. ETHW attempted to notify Omni Bridge of the contract-level exploit:
I tried every means to contact Omni Bridge yesterday.
Bridges should correctly check the actual ChainI...
![ETHW Confirms Exploitation of Contract Vulnerability and Rejects Proofreading Attack Allegations](https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvMDA3NDU1M2YtNTUwNy00MmM2LTgwOWItZjVlYTdkOTFhYWJiLmpwZw==.jpg?#)
The Ethereum blockchain proof-of-work fork was targeted by a cross-chain contract exploit.
![ETHW confirms contract vulnerability exploit, dismisses replay attack claims](https:// images.cointelegraph.com/images/1434_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvMDA3NDU1M2YtNTUwNy00MmM2LTgwOWItZjVlYTdkOTFhYWJiLmpwZw==.jpg)
The Ethereum post-merger proof-of-work (PoW) chain ETHW has decided to crack down on claims that it suffered an on-chain replay attack over the weekend.
Smart contract auditing firm BlockSec reported what it described as a replay attack that took place on September 16, in which attackers harvested ETHW tokens by replaying data from Ethereum proof-of-stake (PoS) chain call on forked Ethereum. PoW chain.
According to BlockSec, the root cause of the exploit was due to the Omni multi-chain bridge on the ETHW chain using the old chainID and not properly checking the correct chainID of the cross-chain message.
The Ethereum mainnet and testnets use two identifiers for different uses, namely a network ID and a chain ID (chainID). Peer-to-peer messages between nodes use network ID, while transaction signatures use chain ID. EIP-155 introduced chainID as a way to prevent replay attacks between ETH and Ethereum Classic (ETC) blockchains.
1/ Alert | BlockSec has detected that exploits are replaying the PoS chain message (calldata) on @EthereumPow. The root cause of the exploit is that the bridge does not properly check the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022BlockSec was the first analysis service to report the replay attack and notify the ETHW, which in turn quickly dismissed initial claims that a chain replay attack had been carried out. ETHW attempted to notify Omni Bridge of the contract-level exploit:
I tried every means to contact Omni Bridge yesterday.
Bridges should correctly check the actual ChainI...
What's Your Reaction?
![like](https://vidianews.com/assets/img/reactions/like.png)
![dislike](https://vidianews.com/assets/img/reactions/dislike.png)
![love](https://vidianews.com/assets/img/reactions/love.png)
![funny](https://vidianews.com/assets/img/reactions/funny.png)
![angry](https://vidianews.com/assets/img/reactions/angry.png)
![sad](https://vidianews.com/assets/img/reactions/sad.png)
![wow](https://vidianews.com/assets/img/reactions/wow.png)