On June 24, 2022, Horizon, an asset cross-chain bridge between Ethereum and Harmony, developed by the Layer1 public chain Harmony, was attacked, with a loss of about $100 million.
What exactly is going on?
Although the day the hacker attack occurred, it can be concluded that it belongs to “the notary public’s private key was stolen”. Since the distinguished guest clicked it, you might as well start a chat. Don’t worry, there are a few hard-core source codes, but the whole article is in vernacular and easy to understand!
Smart contract audit services classification and technical principles
Interpretation of Horizon Contract Audit Report
Analysis and summary of the reasons for the theft
1. The principle of cross-chain bridge technology
Cross-chain, as the name implies, is the question of how to transfer asset information between different blockchains, also known as interoperability. There are currently more than 50 cross-chain solutions, and their definitions are diverse.
1.1. What are the cross-chain solutions?
In a nutshell, to achieve a constant asset value on another chain, there are two major paths, anchored by “price” and anchored by “physical”
It sounds complicated at first glance, but in fact, the price anchoring is the stable currency USDT on each public chain. It is anchored 1:1 with the US dollar, so it is also a kind of cross-chain asset.
Aside from various stablecoins, a more intuitive cross-chain solution is physical anchoring, that is, the total liquidity is constant, and there are many solutions (notaries, side chains, relay chains, hash locks, etc.), we Focus on the notary model.
The notary model is based on “who is the notary” and there are three distinctions:
Exchange as a guarantee type: For example, Binance coin, all kinds of transactions are carried out on the centralized exchange, and the coin is cashed out
Liquidity pool bridge type: such as bridge. connext, o3swap
Contract lock casting: various official bridge general solutions polygon/arbitrum/avax/celer, and today’s protagonist harmony
Since the locked casting type generates packaging tokens, it is often used by official bridges with certain credibility of each public chain.
All of the above have their own advantages and disadvantages, or fear that the exchange will run away, smart contract audit or the liquidity will be exhausted, or the private key of the notary will be stolen. At present, there is no cross-chain solution that perfectly realizes the impossible triangle.
The figure below shows the trend of total liquidity and transaction volume of o3swap, which has dropped by 90% in the past six months, perhaps because of the continuous decline in the case of theft of pledged assets in August last year.
1.2. Cross-chain principle of Horizon bridge
The Horizon bridge developed by Harmony is a pretty standard notary lock casting type.
Why can lock casting be trusted?
It is because the contract on the blockchain is immutable. If there is no backdoor, there will be no way to affect its operation once it is deployed. Just as the official boredom transfer all permissions to the 0 address, after giving up ownership, there is no way to affect it. Any way to further mint new monkeys, the total amount of liquidity will be locked.
In the same way, although contracts are different between different public chains, if you lock 10 ETH with a contract on Ethereum, you can release 10 wETH with a contract with the same credibility on another public chain. In fact, the overall liquidity is fixed. As long as wETH can be transferred back to Ethereum at any time and exchanged for ETH, then wETH can be considered to have the equivalent value of ETH.
So its core operation is
Lock-and-Mint: A chain locks token liquidity + B chain issues an equal amount of tradable packaging tokens
Burn-and-Release: Chain B destroys the packaging tokens + Chain A unlocks the liquidity of the same amount of base tokens
Notary: After discovering the Lock lock event of the A chain, go to the B chain Mint to mint the anchor token and transfer it to the target address.
The best way to naturally measure the scale of each cross-chain bridge is TVL (total value lock). It can be seen that after 6.24, Horizon’s TVL instantly fell to the bottom. When security incidents come, no matter how many TVLs come, it will be like running water. Swarmed and scattered.
2. Interpretation of the contract audit report of Horizon Bridge
For many Web3 projects, if an accident cannot be 100% secure, it is basically equal to 0 value. Therefore, in order to check the security of the contract, a variety of attack scenarios are generally tested and simulated, and a security review is conducted through the checklist to ensure the security of the contract.
The development may only take a few days, but if it is reliable enough, the process is many and expensive (generally, the quotation starts with 10W knife based on time)
The core information of the audit report is: risk name, vulnerability description, risk level, security advice, repair status and audit results, etc.
The contract audit report of the Horizon Bridge was conducted by the veteran auditing company PeckShield and found 5 vulnerability risks.
2.1. Medium and low risk point 1 — Insufficient compatibility
Is it hard to imagine that even 3 lines of code can have bugs?
In fact, the logic of locking the token is very simple, that is, the user specifies the amount and target address, and after authorizing the withholding authority, the contract transfers USDT to this contract to lock, and sends a locked event, so that the notary off the chain can know that the asset has been locked. locked.
However, the PeckShield audit found that the LockToken locking function is incompatible with deflationary tokens. If the amount passed in by the user is 100, the natural Locked event is issued to successfully lock 100 tokens.
But what if it is a “deflationary” token? What should I do if the amount decreases during safeTransferFrom? There is a risk that the lock-up amount will be lower than the B-chain release amount
See the previous article: [Source code interpretation] What is the NFT you bought? bsc smart contract audit
In the standard protocol, virtual functions are used as hooks to add logic before and after the transfer. Some tokens may increase the transaction loss here _beforeTokenTransfer, thereby controlling the circulation to achieve deflation.
Of course, harmony must be modified and optimized in the end, and the actual lock amount is calculated by reading the balance twice before and after the transfer.
Facebook Conversations