Lingzong Security: Poly Network’s impact on cross-chain development due to attacks

This article was originally created by “Lingzong Security” and authorized to be published exclusively by “Golden Finance”. Please indicate the source for reprinting.

On August 10, the cross-chain protocol Poly Network was attacked, and the O3 Swap cross-chain transaction protocol that relied on the protocol was implicated. The assets on the three public chains Ethereum, BSC, and Polygon supported by it were almost looted. According to the information on the chain, a total of 300 million USDT, 55,000 ETH, and 2,000 mortgage-derived Bitcoins were looted, with a total value of 610 million U.S. dollars.

This is probably the largest hacking case in the history of blockchain development so far, and this case occurred in the decentralized cross-chain field. In the previous article, we have introduced in detail a number of cases that have occurred in the decentralized cross-chain field since June, and the amount of money involved in these cases is more than one. This situation not only caused serious losses to project parties and users, but also severely affected the industry’s confidence in decentralized cross-chain technology.

The attack on Poly Network and the unprecedented amount of loss has once again hit the confidence of users and the industry in the decentralized cross-chain field. As for the project party who is preparing to continue to launch the cross-chain project, I am afraid that the best way to prepare now is to strengthen project audit and repeated testing.

The cross-chain we are talking about here refers to the cross-chain between several completely independent blockchains. Each of these blockchains has different nodes, different consensus algorithms, and different native assets. Since there is no channel between these chains, an intermediary is needed to exchange assets for them. This intermediary is the medium that provides cross-chain functions.

A large number of altcoins were born after Bitcoin. People need to exchange between Bitcoin and altcoins. This exchange process can be understood as “cross-chain”. Traditionally, this process is carried out in a centralized exchange: the user puts the altcoin into the exchange account, sells the altcoin, then buys the Bitcoin, and then mentions the Bitcoin to their wallet. This is a complete cross-chain process.

In fact, the cross-chain with the centralized exchange as the intermediary is relatively mature in technology, and because the reputation of the exchange is guaranteed, the cross-chain performed by users on the centralized exchange has been used by default for a long time. The way.

However, this method also has its inherent problems: for example, it is restricted by the KYC of the exchange and the transaction amount. Later, when DeFi emerged and began to subvert traditional finance in a decentralized way, people began to wonder whether there was a decentralized cross-chain to completely replace traditional centralized exchanges.

This is the reason for the birth and development of decentralized “cross-chain” technology.


After the idea of ​​decentralized cross-chain was put forward, many teams have put forward their own technical solutions, but so far, all these solutions have been unable to achieve complete decentralization: in the process of cross-chain, when the system needs to be different When synchronizing transaction information between blockchains, the intervention of a centralized system or institution is still required to sort and synchronize transaction information, and transfer transaction information from the chain to the chain. The more chains the system supports, the greater the workload of the centralized system or organization involved in it, and the more complex the technology involved. These processes involve not only the smart contract technology on the chain, but also the traditional IT technology under the chain and the interface between the traditional IT technology and the blockchain.

Therefore, from the perspective of system security, Lingzong Security believes that in addition to auditing traditional on-chain contracts, the audit of off-chain systems and the interface between contracts and off-chain systems is also an important part of the security guarantee for cross-chain projects. It is even more important in this sense. In this attack, the part that was attacked was the interaction between the contract and the off-chain system, and some contracts were not open source. In this regard, Lingzong Security has accumulated rich experience from cross-chain attacks in recent months and developed a special vulnerability scanning system, and is always ready to provide detailed assistance to the project team.

From the perspective of technical architecture, Lingzong Security believes that the existing technical architecture will inevitably lead to two consequences: if it is too decentralized, it will be difficult to guarantee the synchronization and sorting of information; if you want to guarantee the synchronization and sorting of information, you have to go Make certain compromises in terms of centralization. Simply put, the existing technologies that want to ensure decentralization and secure synchronization in the cross-chain field require more sophisticated and detailed review and testing .

In the case of traditional centralized exchanges, the rise of decentralized cross-chain transaction protocols must meet the higher requirements of customers in terms of transaction volume, transaction freedom, and transaction performance, and meet these higher requirements. Requirements, the prerequisite must be to ensure safety as much as possible. This is the key point that all cross-chain project parties must first pay attention to.

From the perspective of Lingzong Security, before the emergence of new disruptive technologies, the existing decentralized “cross-chain” technology can only achieve better results by strengthening auditing and testing. Before decentralized “cross-chain” technology achieves disruptive progress, traditional centralized exchanges may still occupy an important position in cross-chain transactions.

About Lingzong Security:

Lingzong Security Technology Co., Ltd. is a company that focuses on blockchain ecological security. Lingzong Security Technology has mainly served many emerging and well-known projects through the integrated comprehensive program of “code risk detection + logic risk detection”. The company was established in January 2021. The team was created by a team with rich experience in smart contract programming and network security.

Team members participated in initiating and submitting a number of draft standards in the Ethereum field, including ERC-1646, ERC-2569, and ERC-2794, of which ERC-2569 was officially income by the Ethereum team.

The team participated in the initiation and construction of a number of Ethereum projects, including blockchain platforms, DAO organizations, on-chain data storage, decentralized exchanges and other projects, and participated in the security audit work of multiple projects, based on this Based on the team’s rich experience, a complete vulnerability tracking and security prevention system has been built.


Tan Yuefei, CEO of Lingzong Security

Master of Industrial Engineering (Virginia Tech, Blacksburg, VA, USA). Served as a software engineer at AIBT Inc (San Jose, CA, USA), a Silicon Valley semiconductor company in the United States, responsible for the development of the underlying control system, the program implementation of the equipment manufacturing process, and the design of the algorithm, as well as the comprehensive technical docking and communication with TSMC. Since 2011, he has been engaged in the research of embedded, Internet and blockchain technology. He is a teacher of the “Blockchain Introduction” course at the Entrepreneurship College of Shenzhen University, a visiting researcher at the Blockchain and Intelligence Center of Sun Yat-sen University, and an executive director of the Guangdong Financial Innovation Research Association. He owns 4 blockchain-related patents and 3 published works.


Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply