Immunefi announced a new autopsy available

Immunefi announced last Wednesday, August 18, through their Twitter account, that they have a new autopsy available for an arbitrary call method error in xDai Chain. According to the company, the bug was out of reach, but xDai decided to reward the white hat with a $5,000 USDC reward anyway.

Image on Immunefi’s Twitter post

“On August 1, whitehat 0xadee028d sent an arbitrary method call vulnerability in xDai to Immunefi. The vulnerability was assessed to be of medium severity but was outside the scope of the xDai bug bounty program. Also, the bug only allowed a potentially malicious hacker to gain access to funds in a contract that users were never supposed to send funds to in the first place”, he said through an article posted on the Medium platform.

However, the company explained that at the time of the report, a user had accidentally sent $4.50 in renBTC to the contract 10 months earlier, which was equal to the total funds at risk. If users had sent more funds to that contract, there would be more at risk, and the same applies to funds sent to that contract in the future. Despite the vulnerability being out of reach, xDai generously decided to pay a $5,000 USDC reward to the whitehat.

Analysis

xDai works as an Ethereum sidechain, and there is a bridge between the Ethereum mainnet and the xDai chain that allows users to pass arbitrary messages from one chain to another – an arbitrary message bridge (AMB). In his opinion, part of the bridge is the contracts deployed in both chains. They can be used by EOA or other contracts to execute contracts on the other side of the bridge.

According to the company, since AMB contracts allow calls from any method of any contract, a malicious attacker could compose a message that would execute a token transfer on behalf of AMB contracts.

Also read: Pocket Network is bringing its node network to Polygon

Also, even though AMB contracts are not meant to hold any tokens, some users might still send them to them by mistake. As soon as the attacker discovers such tokens, they could be stolen.

Similarly, he stressed that it is necessary to consider that the OmniBridge contracts, which are intended to maintain the funds sent through the AMB, are not affected by this vulnerability.

Vulnerability fix

The company explained that xDai plans to introduce a monitor into the AMB contract to observe Transfer events, so that the team can identify the blocked tokens before someone else can access them.

About Immunefi

According to the company, it is the leading bug bounty platform for smart contracts, where hackers review code, reveal vulnerabilities, receive payments and make cryptocurrencies more secure.

Total
1
Shares
1 comment

Comments are closed.

Related Posts