Hashi Bridge Post-Mortem

On March 14th, 2022 at 11:40:35 PM UTC+1 the Polkaswap team discovered a hack that was taking place on the Hashi Bridge. In total the attacker was able to obtain 150ETH, of which 130ETH was returned, and the remaining 20 ETH will be covered by minting XOR via the SORA network’s Social Insurance for Systemic Infrastructure.

This postmortem will outline what went wrong, how it was fixed, and the additional protection protocols implemented to fix the vulnerability and prevent further attacks. An analysis of the accounts involved, as well as a list of associated accounts, is also included. Finally, the SII course of action will be outlined.

What went wrong?

At 21:42:05 on March 14th, 2022, the Polkaswap team discovered an unusual series of transactions taking place on the Hashi bridge. It was discovered shortly after that the hacker took advantage of the sendERC20ToSidechain public function of the bridge smart contract;

function sendERC20ToSidechain( 
bytes32 to,
uint amount,
address tokenAddress)
external
shouldBeInitialized shouldNotBePreparedForMigration {
IERC20 token = IERC20(tokenAddress);
require(token.allowance(msg.sender, address(this)) >= amount, “NOT ENOUGH DELEGATED TOKENS ON SENDER BALANCE”); bytes32 sidechainAssetId = _sidechainTokensByAddress[tokenAddress];
if (sidechainAssetId != “” || _addressVAL == tokenAddress || _addressXOR == tokenAddress) {
ERC20Burnable mtoken = ERC20Burnable(tokenAddress); mtoken.burnFrom(msg.sender, amount);
} else {
require(acceptedEthTokens[tokenAddress], “The Token is not accepted for transfer to sidechain”);
token.transferFrom(msg.sender, address(this), amount);
}
emit Deposit(to, amount, tokenAddress, sidechainAssetId);
}
  • The function produces the Deposit event at the end, which determines the amount of tokens to be deposited to the SORA network account from the SORA bridge account.

Attack Angle

  • The Hacker 0x743143F37D1E901494aBa15D1E8463806663e822 created a new smart contract that emitted a Deposit event (with the same name and parameters).
  • This transaction happened on Mar-14–2022 09:04:35 UTC+1 and produced a fictitious Deposit event, that was consumed by the SORA bridge, depositing more tokens in the SORA network than were actually deposited on the Ethereum side.
  • On the SORA side, request_from_sidechain was called by the hacker which took the event from the hacker’s smart contract.
  • The account 0xd04a1ac0a2e9e81407555881600ceb1fe0d9a5bf received 0.1 ETH from Tornadocash to perform the attack and withdrew 150ETH, which was almost immediately sent back to Tornadocash and broken down into smaller amounts. The attacker’s SORA account cnUt4e1wvUWKghRxgeKZrxoyonjW5iFh5nhRJuqF6EyBgtuecwas identified as well.

Attacker Information

  • Following the breadcrumbs, it was revealed that the account 0xd04a1ac0a2e9e81407555881600ceb1fe0d9a5bf performed the attack after receiving 0.1 ETH from Tornadocash, and then, after receiving 150 ETH from the bridge (9:04 am), the amount was broken down (9:11 am) into 100 ETH, then 4 x 10ETH and 9x 1ETH and 5x 0.1 ETH on Tornadocash respectively. The 100 ETH was refunded, but the remaining amount broken down into 18 separate pieces amounting to 50 ETH was not recovered, as it was distributed amongst the flagged addresses.
  • For the next two days, the flagged account 0x743143F37D1E901494aBa15D1E8463806663e822 received ETH from Tornadocash and proceeded to send 9.7 ETH to the ENS address arnavgupta.eth
  • The ENS address arnavgupta.eth has received transfers from 0x743143F37D1E901494aBa15D1E8463806663e822 as well as the Hashi Bridge.
  • The attacker tried the exploit angle again from the account 0x39e36272efe6677bfab32b5bd5da15498a38afc9 and sent funds to 0x743143F37D1E901494aBa15D1E8463806663e822 (The transactions 0.01 Contract & ETH, as well as 0.06 contract and ETH by this address, correspond to interactions with the Hashi Bridge)

Additional addresses associated with the attacker are:

  • cnVvKzpuhamBeRmmWFyxRctkigqvVrfmCiRf4FpT3bydiS8c5
  • cnUybhZSiHRD2gJseyPLPY8sv8LBN3iYcbApQh1CbkZWjzGPq
  • cnVet8ujYypSrLD7upsknWyrUNBHMon1sbZ5tQJFECeCkWXsw
  • cnWAHWjjLkcTLSSKV2grAnS1NK16gmYp4sS2bsd2HRTYswFui
  • cnTBKrrZrB3zpNLH3tKvsQmx29LojKjqPqQ6tAbHRdg1hY7Lo
  • 0x1f289da34192316918b2cbb4df0c39eca3847fb5
  • 0xf58ba06e5b1e8e11535e35c936e3c97c2eba6594
  • 0xbe89aaf61b3ee2d26521aa740b6a06bbe88a11dc
  • 0xc8b9d903f1670ffc0900bf2aa56853dd161123fe
  • 0x640f4e28f6485c118e1b350b6357d7300c03b637

How Was it Fixed

  1. Fast action: Bridge was stopped in order to prevent further hacks.
  2. The smart contract address on the SORA side was checked during the Deposit event processing
  3. A mainnet runtime upgrade with a bridge fix was immediately implemented.
  4. The hacker was pinpointed and called out, which led to a refund of 130 ETH of the total 150 ETH compromised.

How Will Further Attacks be Prevented

Along with stopping the attack, there has been a code upgrade to improve the security of the bridge both in the ETH mainnet and SORA network. The bridge infrastructure was upgraded to prevent similar attack angles and a mainnet runtime upgrade (March 15th, 2022) was fast-tracked to implement security improvements that protect the users and network.

Additionally, XOR will be minted and a bounty will be provided to four members of the community who provided more insight on the attack and monitored the bridge. You know who you are, thank you.

A bug bounty for critical bugs will soon be implemented in collaboration with Immunefi to find and address other possible issues that could compromise bridge security. More information and the rules for this bounty will be announced soon.

For other projects using bridges, there is a bot available to monitor bridge infrastructure for suspicious transactions. Please reach out to contact@whitehats.lol for more information.

Finally, if you are reading this, you are still in time to return the ETH you stole to this address 0x4ADb46C5382a32fEB15eeB977c6c7F55eFBd7863. For your cooperation, there will be a bounty of 20 ETH.

Update: The hacker returned 30 ETH on the 4th of May 2022 at 15:20 UTC +1. The Social Insurance for Systemic Infrastructure will cover the remaining 20 ETH.

Social Insurance for Systemic Infrastructure Claim

Although the hacker was able to obtain 150 ETH through this exploit, and subsequently refund the network 130 ETH, there is still 20 ETH that was provided as a bounty for finding the exploit. The Social Insurance for Systemic Infrastructure will mint XOR to cover the difference, buying back and burning ETH slowly over 100 days.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Polkaswap

https://polkaswap.io is a non-custodial cross chain AMM DEX designed uniquely for the Polkadot and Kusama ecosystems and hosted on the SORA 2.0 network.