
How Was Rubic Protocol Hacked?
The Rubic protocol was compromised, resulting in a loss of over $1.4 million worth of funds.
Youtube Video
Playing the video that you've selected below in an iframe
On September 16, 2022, a group of attackers successfully harvested a large amount of ETHW…
On September 16, 2022, a group of attackers successfully harvested a large amount of ETHW by replaying the PoS chain's message or call-data on EthereumPoW, also known as the PoW chain. The attackers sent 200 WETH through the Omni Bridge before replaying the same message on the PoW chain, earning an additional 200 ETHW.
The Obridge is a decentralized Omni Bridge for the web3 ecosystem. It is a permission-less and pool-less blockchain bridge based on atomic swap contracts.
ETHPoW, the proof-of-work blockchain hard forked from Ethereum, is backed by a group of miners who wanted to keep the PoW chain even after Ethereum’s recent transition to the proof-of-stake (PoS) chain.
Gnosis creates innovative market mechanisms for decentralized finance. Users can securely create, trade, and hold digital assets on Ethereum using their three interoperable product lines.
This is a typical instance of a contract vulnerability attack against a bridge. The fact that the Omni bridge on the PoW chain used the old chainId and did not verify the actual chainId of the cross-chain message was the core cause of the vulnerability.
function _isDestinationChainIdValid(uint256 _chainId)
internal returns (bool res) {
return _chainId == sourceChainId();
}
/**
* Internal function for retrieving chain id for the source network
* @return chain id for the current network
*/
function sourceChainId()
public view returns (uint256) {
return uintStorage[SOURCE_CHAIN_ID];
}
The price of the ETHW token plummeted about 90% on the back of the news.
In order to prevent such an exploit, Solidity developers working on the bridges must correctly verify the actual ChainID of the cross-chain messages.
Our security team at Neptune Mutual can validate your platform for DNS and web-based security, smart contract reviews, as well as frontend and backend security. We can offer you a solution to scan your platform and safeguard your protocol for known and unknown vulnerabilities that have the potential to have catastrophic long-term effects. Contact us on social media if you are serious about security and have the budget, desire, and feeling of responsibility to do so.
Neptune Mutual project safeguards the Ethereum community from cyber threats. The protocol uses parametric cover as opposed to discretionary insurance. It has an easy and reliable on-chain claim process. This means that when incidents are confirmed by our community, resolution is fast.
Join us in our mission to cover, protect, and secure on-chain digital assets.
Official Website: https://neptunemutual.com
Blog: https://blog.neptunemutual.com/
Twitter: https://twitter.com/neptunemutual
Reddit: https://www.reddit.com/r/NeptuneMutual
Telegram: https://t.me/neptunemutual
Discord: https://discord.gg/2qMGTtJtnW
YouTube: https://www.youtube.com/c/NeptuneMutual
LinkedIn: https://www.linkedin.com/company/neptune-mutual