web3.0Verichains Report Reveals Ronin Chain Attack Details, Highlights Critical Contract VulnerabilityVerichains Report Reveals Ronin Chain Attack Details, Highlights Critical Contract Vulnerability
Blockchain cybersecurity firm Verichains revealed details about the Ronin chain attack on August 6, causing a loss of about $10 million.
Blockchain cybersecurity firm Verichains has provided further details regarding the recent Ronin chain attack, which resulted in the theft of nearly $10 million.
The attack, which was ultimately benign as the funds were returned by a white hat hacker, was reportedly carried out by an MEV (maximum extractable value) bot, highlighting a concerning vulnerability in the chain's architecture.
According to Verichains' report, an update to the Ronin bridge’s contracts introduced a vulnerability that was exploited by the bot to extract the funds. The bridge connects Ethereum to the Ronin blockchain, a gaming-related network that hosts popular titles such as Axie Infinity.
The report highlights that the contract update neglected to include a critical function, which ultimately allowed anyone to withdraw funds from the bridge without any validation.
Normally, each transaction is validated by network participants and processed through a consensus, which is enabled by the minimumVoteWeight variable. This variable, in turn, relies on the totalWeight variable acting as the input.
However, during the update, totalWeight's value was set to zero instead of what it was set to be in the previous contract. As a result, users were able to withdraw funds without a signature, as the updated contract allowed them to.
In an X post on August 7, Damian Rusniek, an auditor at Composable Security, noted, “The signer is 0x27120393D5e50bf6f661Fd269CDDF3fb9e7B849f but this address is not on the bridge operators list. This means that only ONE signature was required and it could by ANY valid signature.”
Rusniek's findings ultimately align with those of Verichains, concluding that the “root cause was that the minimum votes of the operators was 0. Anyone has 0!”
Ronin Offered $500,000 of the Exploited Funds to the White Hat Hacker
The MEV bot, through simulations, figured that out and committed the transaction, leading to the $10 million exploit. The white hat hacker returning these funds ensured Ronin developers found the issue before bad actors took over.
The network ultimately allowed the individual to keep $500,000 of the exploited value as a bug bounty reward.
The above is the detailed content of Verichains Report Reveals Ronin Chain Attack Details, Highlights Critical Contract Vulnerability. For more information, please follow other related articles on the PHP Chinese website!
FloppyPepe (FPPE) Price Could Explode As Bitcoin (BTC) Price Rallies Towards $450,000May 09, 2025 am 11:54 AMAccording to a leading finance CEO, the Bitcoin price could be set for a move to $450,000. This Bitcoin price projection comes after a resurgence of good performances, signaling that the bear market may end.
Pi Network Confirms May 14 Launch—Qubetics and OKB Surge as Best Cryptos to Join for Long Term in 2025May 09, 2025 am 11:52 AMExplore why Qubetics, Pi Network, and OKB rank among the Best Cryptos to Join for Long Term. Get updated presale stats, features, and key real-world use cases.
Sun Life Financial Inc. (TSX: SLF) (NYSE: SLF) Declares a Dividend of $0.88 Per ShareMay 09, 2025 am 11:50 AMTORONTO, May 8, 2025 /CNW/ - The Board of Directors (the "Board") of Sun Life Financial Inc. (the "Company") (TSX: SLF) (NYSE: SLF) today announced that a dividend of $0.88 per share on the common shares of the Company has been de
Sun Life Announces Intended Renewal of Normal Course Issuer BidMay 09, 2025 am 11:48 AMMay 7, 2025, the Company had purchased on the TSX, other Canadian stock exchanges and/or alternative Canadian trading platforms
The Bitcoin price has hit $100k for the first time since February, trading at $101.3k at press time.May 09, 2025 am 11:46 AMBTC's strong correlation with the Global M2 money supply is playing out once again, with the largest cryptocurrency now poised for new all-time highs.
Coinbase (COIN) Q1 CY2025 Highlights: Revenue Falls Short of Expectations, but Sales Rose 24.2% YoY to $2.03BMay 09, 2025 am 11:44 AMBlockchain infrastructure company Coinbase (NASDAQ: COIN) fell short of the market’s revenue expectations in Q1 CY2025, but sales rose 24.2% year
Ripple Labs and the SEC Have Officially Reached a Settlement AgreementMay 09, 2025 am 11:42 AMRipple Labs and the U.S. Securities and Exchange Commission (SEC) have officially reached a deal that, if approved by a judge, will bring their years-long legal battle to a close.
JA Mining Helps Global Users Share the Benefits of the Bitcoin Bull MarketMay 09, 2025 am 11:40 AMBy lowering the threshold for mining and providing compliance protection, JA Mining helps global users share the benefits of the Bitcoin bull market.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
Dreamweaver Mac version
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
