Expert explains mechanism behind Poly Network hack worth $611 million

Developer Kelvin Fichter explained in detail the mechanism of the attack on the Poly Network cross-chain protocol, through which the hacker siphoned $611 million in various cryptocurrencies.

According to him, to move assets between blockchains Poly Network requests transaction confirmations based on validators’ signatures. The attacker rewrote the code to perform transaction authentication unilaterally.

Fichter found that Poly Network has a privileged contract EthCrossChainManager, which has the right to launch messages from another chain.

To execute a cross-chain transaction, the protocol uses the function verifyHeaderAndExecuteTx. It can be invoked by any user. It checks the correctness of the block header, the signature and the inclusion of the transaction in the block.

The function also calls the target contract EthCrossChainData. According to the expert, the critical flaw is that access to this action via the cross-chain mechanism was available to all users.

“This contract tracks the list of public keys that authenticate data coming from another chain. If you change this list, the hacker would not have to break private keys,” he noted.

At the same time, the EthCrossChainData contract is managed by EthCrossChainManager.

“By sending a cross-chain message, a user can deceitfully force EthCrossChainManager to call the EthCrossChainData contract, passing the onlyOwner check. Now the user simply needs to create the correct data to trigger the function that changes the public keys,” the analyst explained.

Later, to force EthCrossChainManager to invoke the correct function, the hacker forged the first four bytes of the transaction input data, the so-called sigHash (signature hash).

As a result, the hacker did not need to compromise a private key. He simply created the correct data and “the contract hacked itself.”

“One of the most important design lessons to draw from this: if you have such cross-chain relay contracts, ensure that they cannot be used to call special contracts. If a contract requires such special privileges, ensure that users cannot invoke special contracts through cross-chain messages,” Fichter said.

The expert also suggested that the hacker sent the message from the Ontology network to make the attack harder to trace.

Andrey Sobol, a researcher of consensus protocols, told ForkLog in a ForkLog comment that the attack on Poly Network was possible because of a bug in the smart contract.

“Conceptually the bridge was built roughly the same as bridges in other cross-chain protocols. The problem lies in the implementation,” he noted.

In his view, Fichter’s version describes the most plausible explanation for the breach.

The Poly Network cross-chain hack occurred on August 10. In total, the attacker siphoned $611 million from the Ethereum, Binance Smart Chain and Polygon networks.

On August 11, the hacker announced readiness to return the stolen funds. The project team created three wallets for this purpose.

Subsequently, $1 million in USDC, $1.1 million in BTCB token, $2 million in Shiba Inu and $622,243 in the stablecoin FEI were received.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news, infographics and opinions.