Developer Kelvin Fichter analyzed in detail the mechanism of the attack on the Poly Network inter-network protocol, as a result of which the hacker withdrew $ 611 million in various cryptocurrencies.
According to him, in order to move assets between blockchains, Poly Network requests transaction confirmations based on the signature of validators. The attacker rewrote the code to authenticate transactions alone.
Fichter found out that Poly Network has a privileged EthCrossChainManager contract, which has the right to launch messages from another chain.
To perform a cross-chain transaction, the protocol uses the verifyHeaderAndExecuteTx function. It can be called by any user. It verifies the correctness of the block header, the signature, and the inclusion of the transaction in the block.
The function also invokes the EthCrossChainData target contract. According to the expert, the critical drawback is that all users had access to this action through the cross-chain mechanism.
“This contract keeps track of a list of public keys that authenticate data coming from another chain. If you change this list, the hacker will not have to crack the private keys,” he said.
At the same time, the EthCrossChainData contract is managed by EthCrossChainManager.
“By sending a cross-chain message, the user can trick EthCrossChainManager into calling the EthCrossChainData contract by passing the onlyOwner check. Now the user just needs to create the correct data to run a function that changes public keys,” the analyst explained.
Later, in order to force EthCrossChainManager to call the correct function, the hacker forged the first four bytes of incoming transaction data, the so-called signature hash or signature hash.
Thanks to this, the hacker did not need to compromise the private key. He just created the right data and “the contract hacked itself.”
“One of the most important design lessons to be learned from this is: if you have such internetwork relay contracts, make sure that they cannot be used to invoke special contracts. If a contract needs such special privileges, make sure that users cannot invoke special contracts through inter–network messages,” Fichter said.
The expert also suggested that the hacker sent a message from the Ontology network to make the attack harder to track.
Andrey Sobol, a researcher of consensus protocols, stated in a ForkLog comment that an attack on the Poly Network became possible due to a bug in the smart contract.
“Conceptually, the bridge was built in much the same way as bridges in other internetwork protocols. The problem is in the implementation,” he said.
In his opinion, Fichter’s version describes the most plausible reason for hacking.
Recall that the hacking of the Poly Network inter-network protocol occurred on August 10. In total, the attacker withdrew $611 million from the Ethereum, Binance Smart Chain and Polygon networks.
On August 11, the hacker announced his readiness to return the stolen funds. The project team has created three wallets for this purpose.
Later, they received $1 million in USDC, $1.1 million in BTCB token, $2 million in Shiba Inu and $622,243 in FEI stablecoin.