Verichains Report Reveals Ronin Chain Attack Details, Highlights Critical Contract Vulnerability

Blockchain cybersecurity firm Verichains revealed details about the Ronin chain attack on August 6, causing a loss of about $10 million.

Blockchain cybersecurity firm Verichains has provided further details regarding the recent Ronin chain attack, which resulted in the theft of nearly $10 million.

The attack, which was ultimately benign as the funds were returned by a white hat hacker, was reportedly carried out by an MEV (maximum extractable value) bot, highlighting a concerning vulnerability in the chain's architecture.

According to Verichains' report, an update to the Ronin bridge’s contracts introduced a vulnerability that was exploited by the bot to extract the funds. The bridge connects Ethereum to the Ronin blockchain, a gaming-related network that hosts popular titles such as Axie Infinity.

The report highlights that the contract update neglected to include a critical function, which ultimately allowed anyone to withdraw funds from the bridge without any validation.

Normally, each transaction is validated by network participants and processed through a consensus, which is enabled by the minimumVoteWeight variable. This variable, in turn, relies on the totalWeight variable acting as the input.

However, during the update, totalWeight's value was set to zero instead of what it was set to be in the previous contract. As a result, users were able to withdraw funds without a signature, as the updated contract allowed them to.

In an X post on August 7, Damian Rusniek, an auditor at Composable Security, noted, “The signer is 0x27120393D5e50bf6f661Fd269CDDF3fb9e7B849f but this address is not on the bridge operators list. This means that only ONE signature was required and it could by ANY valid signature.”

Rusniek's findings ultimately align with those of Verichains, concluding that the “root cause was that the minimum votes of the operators was 0. Anyone has 0!”

Ronin Offered $500,000 of the Exploited Funds to the White Hat Hacker

The MEV bot, through simulations, figured that out and committed the transaction, leading to the $10 million exploit. The white hat hacker returning these funds ensured Ronin developers found the issue before bad actors took over.

The network ultimately allowed the individual to keep $500,000 of the exploited value as a bug bounty reward.

The above is the detailed content of Verichains Report Reveals Ronin Chain Attack Details, Highlights Critical Contract Vulnerability. For more information, please follow other related articles on the PHP Chinese website!