The O3 coin theft incident brought the cross-chain security issue to the forefront.
August 11 morning, the hacker Ethernet Square, question and answer, wrote on the Web: “Why attack Poly Network ?. Because of the recent inter-chain protocol attacks is” Fire. ‘ “
“Attack cross-chain” is indeed very popular
According to PeckShield statistics, as of now in the third quarter of 2021, there have been 19 DeFi security incidents, of which 6 occurred in cross-chain agreements, with related losses of US$644 million topping the list; followed by Ethereum, reaching US$29.37 million; Polygon ranked third, causing a loss of 1.22 million US dollars.
It can be seen that even if the $611 million involved in the O3 incident is excluded, the loss caused by the cross-chain protocol security incident is still the highest in the DeFi field. From another perspective, what is reflected by the frequent occurrence of cross-chain security incidents and the huge amount of money is precisely the enthusiasm of the cross-chain protocol itself.
The emergence of cross-chain DEX has made it simple and fast for DeFi users to trade different chain tokens that needed to bypass the centralized trading platform in the past. In the traditional way, cross-chain transactions take as short as tens of minutes or as long as several days, and cost a lot of large handling fees. Cross-chain DEX, which only takes 2-3 steps and can be traded as fast as seconds, is well recognized by users in this scenario. However, recent security issues have made users realize that in addition to efficiency and rates, security issues may be the top priority for choosing a cross-chain DEX.
What are the potential risks of cross-chain DEX?
According to a piece of data collected by PeckShild, the cross-chain security problems that have been intensively erupted in the past two months are mainly due to the “logical errors” of the agreement:
Specifically, the current potential risks of cross-chain DEX are as follows:
1. Fake deposit vulnerability-THORChain attack
Fake recharge vulnerability means that hackers recharge fake Tokens to deceive the contract to allow the cross-chain bridge to generate real Tokens for hackers. THORChain has suffered a fake recharge attack. The reason is that in the function of verifying the token address, the initial token symbol is ETH , and the attacker forged an ERC-20 token with the symbol ETH on the Ethereum chain, deceiving the cross-chain bridge And obtained real ETH tokens.
2. Multi-signature vulnerability + quota vulnerability-ChainSwap was stolen for the second time
ChainSwap was stolen for the second time because the whitelist address quota of the cross-chain bridge was automatically increased by the node. However, when the whitelist was checked, the originally required multi-signature address became a single sign due to a configuration error. The malicious attacker only needs to pass the cross-chain One of the multi-signatures at the time of transfer can transfer the asset by calling the Receive function on the other chain.
3. Full payment risk
Take the BNB of the OK Chain (OEC) as an example. The Anyswap cross-chain bridge issued BNB for OEC, but the BNB was not officially issued but by Anyswap. Since BNB itself does not support the OEC public chain, the BNB on OEC is not equivalent to the BNB on BSC. OEC and BSC are different public chains. OEC itself cannot produce any BNB. The BNB on OEC is actually a BNB “bond” issued by Anyswap and circulating in OEC.
4. The risk of private key leakage-Anyswap attack
The main reason for Anyswap being attacked is that the signature uses a repeated R value. If two transactions signed by the same account have the same R value of the rsv signature, the hacker can reversely derive the private key of the account. Since the account can be reused on BSC, ETH and FTM, the assets on multiple chains of the account were stolen. It is worth noting that this is also related to the excessive authority of a single account.
5. Lightning loan arbitrage-bEarn Fi event
The attacker lends BUSD through flash loans, generates ibBUSD through Alpaca Finance’s lending, and uses bEarn Fi’s contract strategy loopholes to use the difference between the price of ibBUSD and BUSD to carry out arbitrage attacks.
6. Keeper (Relayer) replacement + signature forgery-O3 attack event
By disguising the transaction replacing Keeper as a normal cross-chain transaction, the attacker replaced the address of the cross-chain relayer Keeper in the Poly Network with his own address. In addition, the relayer’s verification function is not difficult to verify, and only checked 4 Bytes bytes. After forging the Keeper, the attacker found 4 Bytes that met the requirements through collisions. After successfully forging his own address into the Keeper address and signing it, he called the LockProxy contract and ransacked the entire Poly Network’s cross-chain assets.
Risk prevention starts from agreement
The above six risks are summarized by the security team of the newly born LP cross-chain protocol project HurricaneSwap. As a fully upgraded LP cross-chain protocol relative to the traditional single currency cross-chain, HurricaneSwap deployed on the Avalanche public chain has the top architecture consultant in the blockchain industry-Ted Yin, the first author of the HotStuff consensus, and is currently the chief architecture of the Avalanche public chain Division.
From the above we can see that most of these cross-chain protocols under attack have their own protocol vulnerabilities or logic errors. To fully prevent them, the security deployment of cross-chain DEX will undoubtedly be at the protocol level. In response to the above risks, the more advanced LP cross-chain protocol HurricaneSwap constructed by the industry’s top team has already prepared its own guarantee scheme:
1. Fake recharge vulnerability: It has been confirmed that there is no risk of fake recharge in the code audit of HurricaneSwap by Paidun. At the same time, HurricaneSwap has strict currency restrictions and contract address restrictions on the cross-chain currencies supported in Station to avoid false recharge loopholes.
2. Multi-signature and quota vulnerability risk: HurricaneSwap’s contract code currently has no code to plunder users’ LP assets. For details, see the Paidun audit report. There is no possibility of extracting user liquidity through multi-signature.
Liquidity cross-chain bridges such as Chainswap deposit Tokens in the contract to cast cross-chain mapping Tokens to complete the cross-chain. Whitelisted users rely on quotas to deposit and withdraw liquidity in Chainswap. HurricaneSwap does not have a hard quota upper limit setting. The upper limit of the user’s withdrawal liquidity comes from the LP Token owned by him, avoiding multi-signature and quota loopholes.
3. Redemption risk: HurricaneSwap’s aToken is a mapping of source chain assets. At present, users can check whether the number of liquid assets locked in the Station contract and the number of aToken issued in HurricaneSwap is 1:1. In the future, we will also cooperate with Chainlink to give aToken a more stable and rigid payment feature.
4. The risk of private key leakage: HurricaneSwap absorbs the risk of Anyswap private key leakage. There is no repeated signature of R value in the transaction, so as to avoid the situation of attackers pushing back the key. Second, the team used a dedicated key management tool during the contract deployment phase to avoid the risk of leakage caused by storing private keys in plain text.
5. Flash loan risk: The core way to make a profit from a flash loan attack is the price gap. HurricaneSwap uses an oracle price feed method to update the liquidity pool price and the price of other chain tokens in real time to avoid price fluctuations caused by lightning loan manipulation. In the future, it will also introduce a fuse mechanism to further prevent lightning loan attacks by suspending the call of related token contracts.
In addition, the HurricaneAlliance node will carry out arbitrage based on the token spread and regulate the price of trading pairs. If a flash loan attack causes a violent fluctuation in the price of a certain token, the node will arbitrage and reduce the price gap, reducing the attacker’s attack revenue.
6. Relayer replacement and hash collision risk: HurricaneSwap has a similar function with Keeper as the Roke Protocol master account. Roke Protocol cannot control the liquidity locked in Station by LP; on the other hand, the operating account for executing aToken mint and burn is limited to Roke Protocol Owner account, and there is no forgery of aToken by replacing Roke Protocol.
HurricaneSwap: natural advantage + safety blessing
One of the main reasons for the reform of single currency cross-chain to LP cross-chain is that the HurricaneSwap team has seen the risks of the current cross-chain mechanism. As a more advanced cross-chain mechanism, HurricaneSwap’s LP cross-chain protocol has natural security advantages compared with traditional single-currency cross-chains. The most fundamental difference is that under the LP mechanism, attackers cannot escape assets through single-currency cross-chains.
In addition to the security features of the LP mechanism itself, HurricaneSwap also uses Roke Protocol, Hurricane Station, and alliance node HurricaneAlliance to provide a full range of security protection for assets from the spread of cross-chain assets, LP permissions, and decentralized security verification. Behind these security mechanisms, top members in the industry, such as Ted Yin, construct the underlying guarantee for the project’s protocol, code, and logic.
The emergence of new things is accompanied by risks. In this O3 incident, the hacker said that it was right. This attack actually once again sounded the alarm for the O3 project and the DeFi industry.
No one is born to like to be evil unless you put the opportunity in front of him.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/what-are-the-potential-risks-of-cross-chain-dex-how-to-prevent/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.