ETHW, the proof-of-work (PoW) chain that emerged after the Ethereum Merge, has moved to quell claims that it had suffered an on-chain replay attack over the weekend.
Smart contract audit firm BlockSec pointed to what it described as a replay attack that took place on September 16, in which attackers harvested ETHW tokens by replaying call data from the proof-of-stake (PoS) chain of Ethereum on the PoW forked chain.
According to BlockSec, the root cause of the exploit was due to the Omni cross-chain bridge on the ETHW chain using old chainIDs and not properly verifying the correct cross-chain message ID.
The Ethereum Mainnet and testnets use two identifiers for different uses, namely a network ID and a chain ID (chainID). Messages between nodes use the network ID, while transaction signatures use the chainID. EIP-155 introduced the chainID as a means of preventing replay attacks between the ETH and Ethereum Classic (ETC) blockchains.
1/Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn’t correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022
BlockSec was the first analytics service to identify the replay attack and notify the ETHW team, which in turn quickly dismissed initial claims that an on-chain replay attack had taken place. ETHW attempted to notify Omni of the contract level attack:
Had tried every way to contact Omni Bridge yesterday.
Bridges need to correctly verify the actual ChainID of the cross-chain messages.
Again this is not a transaction replay on the chain level, it is a calldata replay due to the flaw of the specific contract. https://t.co/bHbYR4b2AW pic.twitter.com/NZDn61cslJ
— EthereumPoW (ETHW) Official #ETHW #ETHPoW (@EthereumPoW) September 18, 2022
Analysis of the attack revealed that the attacker began by transferring 200 WETH through the Gnosis chain’s Omni bridge before playing the same message on the PoW chain, earning an additional 200ETHW. This caused the balance of the deployed contract in the PoW chain to be depleted.
BlockSec’s analysis of Omni’s source code showed that the logic to verify the chainID was present, but the verified chainID used in the contract was pulled from a value stored in the repository named “unitStorage”.
The team explained that this was not the correct chainID collected via the CHAINID opcode, which was raised in EIP-1344 and exacerbated by the resulting fork after the Ethereum Merge:
“This is probably due to the fact that the code is quite old (using Solidity 0.4.24). The code works fine all the way up until the PoW chain fork.”
This allowed attackers to get hold of ETHW and potentially other tokens owned by the bridge on the PoW chain and trade them on exchanges that list the corresponding tokens.
Cointelegraph contacted BlockSec to find out the mined value. Yajin Zhou, CEO of BlockSec, said that his team had not made a precise calculation, but highlighted a limit on transfers of wrapped ETH (WETH) through the Omni bridge:
“The bridge has a limit on the amount of WETH that can be transferred. The attacker can only get 250 ETHW per day. Please note that this is only for this bridge contract. This vulnerability may exist in other projects on the EthereumPoW chain. “.
Following the success of the Ethereum Merge event, which saw the smart contract blockchain transition from PoW to PoS, a group of miners decided to continue the PoW chain via a hard fork.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.