Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

1. Event description

On September 18, 2022, after the Ethereum merger was completed, the PoW chain was subjected to a replay attack of transactions on the PoS chain. The root cause was that the bridge did not correctly read and verify the chainid of the blockchain. The attacker first transferred 200 WETH through the Gnosis chain’s Omni cross-chain bridge, and then replayed the same message on the PoW chain, earning an additional 200 ETHW.

SharkTeam conducted a technical analysis of this incident and summarized the security precautions. It is hoped that follow-up projects can learn from it and build a security defense line in the blockchain industry.

Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

2. Event analysis

The incident involves transaction hashes and attacker addresses of two different chains, as follows:

(1) PoS chain transaction hash: 0xbddb0cc8bc9949321e1748f03503ed1a20dd618fbf0a51dc5734c975b1f8bdf5

Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

(2) PoW chain transaction hash: 0x9c072551861ce384203516f4d705176a2d2e262d5b571d853467425f1a861fb4

Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

(3) Attacker address: 0x82FaEd2dA812D2E5CCed3C12b3baeB1a522DC677

First of all, we found that the two transactions accessed the same contract and the same input data, that is, the same function of the same contract was called with the same parameters. According to the same method signature ID 0x23caab49, the hacker called the safeExecuteSignaturesWithAutoGasLimit function.

Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

Therefore, the attacker transferred 200WETH through the Omni Bridge and then replayed the same Inputdata on the PoW chain, earning an additional 200 ETHW.

At this point, we’re skeptical about the replay operation here. Because, the Ethereum network enforced EIP-155 before the hard fork, which means that transactions on the ETH PoS chain cannot be repeated on the PoW chain. In normal transactions, we use nonce to sort transactions to avoid duplicate transactions. In the cross-chain, we will identify the type of chain according to the chianiid. For example, the chainid of the Ethereum main network is 1, and the chainid of the ETHW main network is 10001.

In this regard, we analyzed the corresponding source code of Omni Bridge. We looked at the logic of Omni Bridge to verify the chainid, and found that the chainid comes from the value stored in unitStorage, not the chainid directly read through the opcode CHAINID (0x46).

Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

unitStorage is a state variable in the contract EternalStorage. The contract BasicAMB where the sourceChainId() function is located inherits BasicBridge and VersionableAMB. Among them, BasicBridge successively inherited the contract EternalStorage. The chainid saved here is pre-stored. If a hard fork of the blockchain occurs and the chainid is not reset or the chainid is manually set incorrectly, from the contract level, since the chainid is not obtained through the opcode, it will not be correct. Verify the actual chainid of the cross-chain message. Such vulnerabilities are easily exploited by attackers.

Beware of Replay Attacks After Ethereum Merger: Analysis of Omni Cross-Chain Bridge Attacks

Summary of problem analysis: The main reason is that the solidity version used by Omni is 0.4.24, and the chainid is manually stored and updated, and the actual chainid is not obtained through the CHAINID (0x46) opcode specified in EIP-1344.

3. Safety Suggestions

The reason for this security incident is that during the PoW upgrade PoS process, Omni Bridge did not process the chainid in time. As a result, there are historical problems in the old solidity version. It is recommended to respond to new problems in a timely manner and take necessary code optimization measures in subsequent project iterations. Although the Omni Bridge on the Gnosis chain has a maximum daily transfer limit of 250 WETH of tokens, it is still necessary to remain vigilant to prevent accumulation and cause greater losses.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/beware-of-replay-attacks-after-ethereum-merger-analysis-of-omni-cross-chain-bridge-attacks/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-09-20 10:31
Next 2022-09-20 10:32

Related articles