TL;DR#
On February 2, 2022, the Wormhole bridge was exploited on the Solana network, allowing the attacker to mint 120,000 ETH, totaling over $326 million.
Introduction to Wormhole#
Wormhole is a decentralized, cross-chain message-passing protocol that enables applications to send messages from one chain to another.
Vulnerability Assessment#
The exploit was possible because of a flaw in the Wormhole contract's signature verification authorizations, which allowed the attacker to counterfeit a message from the Guardians and mint Wormhole wETH.
Attack Scenario#
Background
Wormhole is operated by a decentralized network of nineteen Guardians, who sign each transmitted message to guarantee its validity. The Guardians are also in charge of the Wormhole Network. The protocol employs a multi-party signature method, with a communication considered legitimate if signed by two-thirds of the Guardians. Any changes to the contracts or the protocol must also be approved by an absolute majority of the Guardians.
A portal is a token bridge built on the Wormhole network. It allows users to deposit funds into a contract on one chain and subsequently mint a wormhole-wrapped version of the token on another. A wormhole-authenticated message from the source chain contract is required for the minting function. This check verifies that Wormhole-wrapped tokens are backed up 1:1 by source chain contract tokens.
Vulnerability Explained
The portal's token minting program validates the source chain message before minting wormhole-wrapped tokens using the `verify_signatures` function. It makes use of information from the Solana runtime's instruction `sysvar` account.
When calling a function on Solana, the user can specify a number of arbitrary input accounts. Each program is responsible for validating that the provided accounts are the ones they expected.
However, the `verify_signatures` function did not assert that the user-supplied account was the special instruction `sysvar`. Therefore, an attacker was able to create an account and populate it with data to mimic the instruction `sysvar` account.
This forged instruction `sysvar` was then passed to the `verify_signatures` function to trick it into thinking that the signatures had been successfully verified. As a result, the attacker was able to successfully sign an arbitrary message in order to mint wormhole-wrapped tokens on Solana.
Attack Explained
The attacker was first able to bypass the Guardians using a `SignatureSet` created in this transaction and then invoked a call to the ‘verify_signatures’ function on the main bridge.
The ‘verify_signatures’ function of the contract delegated the actual verification of the `SignatureSet` to a separate Secp256k1 program. Because of the issues with the `solana_program::sysvar::instructions`, the contract didn’t correctly verify the address being provided, allowing the attacker to provide an address containing just 0.1 ETH.
Thus, the attacker was able to fake the `SignatureSet`, and then invoke a call to the `complete_wrapped` function, thereby minting 120,000 wormhole-wrapped ether on Solana using the verification that had been created in this transaction.
The exploiter bridged 10,000 ETH, 3,750 ETH, and 80,000 ETH to the Ethereum Mainnet over the course of three different transactions. The remaining part of approximately 36,000 whETH, out of the 120,000 ETH, was swapped on Solana into SOL and USDC tokens.
Aftermath#
The Wormhole network team established a war room conference call after the incident was identified. The call was among wormhole contributors from Jump Crypto, Neodyme, representatives from major stakeholders, and some external researchers. The contributors notified the Guardians of the possible exploit and informed them not to relay messages so that any further token transfers across the network could be paused.
The team also sent an on-chain message to the exploiter, offering bug bounty rewards of $10 million in hopes of recovering the stolen funds. They later issued a community alert highlighting the details of this incident. They also stated that the stolen assets would be replenished as a whole.
Solution#
To prevent an attack like the Wormhole exploit on the Solana network, a holistic approach is crucial, encompassing improved contract design, security practices, and continuous monitoring. Robust validation of smart contract input parameters should be a fundamental step before executing any critical operation. Regular code reviews and external security audits play a pivotal role in identifying and proactively addressing vulnerabilities.
Continuous monitoring systems should be firmly established to promptly detect unusual activity, ensuring that rapid response protocols are in place to investigate and address any suspicious behavior swiftly. Incentivizing security researchers through bug bounty programs and fostering awareness among users and developers about potential risks and best practices remains imperative.
However, recognizing that vulnerabilities can surface despite rigorous security measures, collaboration with Neptune Mutual presents an innovative solution. Neptune Mutual was not available as a marketplace at the time of the event, thus the team had no way of recovering their funds. We may not have been able to prevent this hack from occurring, but we could have reduced or mitigated the aftermath of the attack to a greater extent. Had Wormhole partnered with Neptune Mutual to set up a dedicated cover pool before the incident, the fallout might have been significantly mitigated. Neptune Mutual specializes in offering coverage to users who may face losses due to smart contract vulnerabilities.
We have avant-garde parametric policies designed to streamline the claims process. Users are not burdened with bureaucratic procedures when proving their losses; instead, they can swiftly claim payouts following the confirmation and resolution of an incident through our rigorous incident resolution framework.
Our marketplace extends across several renowned blockchain networks, including Ethereum, Arbitrum, and the BNB chain, ensuring a broad reach across the DeFi ecosystem. This expansive network caters to a diverse range of DeFi enthusiasts, offering them a protective shield against potential risks and fostering trust in the DeFi landscape.
Reference Source Wormhole, Rekt
