Analysts identify replay attack on Ethereum PoW fork tokens

Security researchers at BlockSec have discovered an exploit linked to the Ethereum PoW fork (ETHW).

1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn’t correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.

— BlockSec (@BlockSecTeam) September 18, 2022

According to BlockSec, the OmniBridge contract for Gnosis Chain incorrectly verified the chainID parameter. As a result, attackers could obtain an additional 200 ETHW by sending a similar amount in WETH.

The developers of the PoW fork emphasized that the issue lies in the contract, not in the new blockchain. According to them, the team “has contacted OmniBridge and informed them of the risks”.

“ETHW has independently ensured compliance with EIP-155, and the replay attack against ETHPoS and on ETHPoS, which ETHW Core security engineers had planned in advance, did not occur,” the developers clarified.

As reported on September 15 at 9:42 (Kyiv/MSK), the Ethereum mainnet activated The Merge upgrade. The blockchain has successfully transitioned to the Proof-of-Stake consensus algorithm.

announced the launch of the mainnet within 24 hours of the upgrade. A few hours after the upgrade was activated, the team published the network identifiers.

Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.