Talk to the leading security company, why are the injured always cross-chain bridges?
On the evening of August 10, Poly Network, a cross-chain interoperability project, was suddenly attacked by hackers, resulting in a loss of US$610 million. If calculated according to the market price of the relevant assets at the time of the incident, this is not only the hacking incident with the largest amount involved in the history of DeFi, but also the hacking incident with the largest amount involved in the entire history of cryptocurrency.
Despite the continuous efforts of all parties, the hacker finally chose to return all the stolen money of 610 million US dollars, but as a shocking case that is destined to be recorded in the history of cryptocurrency, we will review and sort out the incident itself and its related trends Still has a greater warning significance.
Looking back on this incident, the hacker’s attack methods have basically been analyzed. SlowMist pointed out that the cause of this incident is that the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can be modified by _ The executeCrossChainTx function executes the data passed in by the user.
If you jump out of individual cases and explore higher-level macro trends, the Poly Network case once again proves that the hacker community has focused on the emerging track of cross-chain protocols.According to PeckShield's statistics, as of August 12, a total of 19 DeFi security incidents occurred in the third quarter of 2021, of which cross-chain related protocols were hacked six times. In addition to Poly Network, there were also ChainSwap, AnySwap, THORChain, etc. In terms of the amount, even if the Poly Network incident is not included, the total amount of financial losses is as high as 32.8 million US dollars, which is higher than all other categories.
The reason is that the hacker of the Poly Network incident mentioned the motive of the attack through the additional information of the transfer - because cross-chain attacks are very "hot"!
To further extend the topic: why are cross-chain related protocols so vulnerable to attacks? How should the cross-chain bridge balance efficiency and security? As the security situation becomes increasingly severe, what should different roles such as project parties and users pay attention to? If an extreme accident does occur, what are the effective means of compensation?
In order to find answers to these questions, Odaily interviewed well-known security companies such as PeckShield and BlockSec. As professionals who are deeply involved in DeFi security, what kind of answers will they give?
Q1
Odaily :Why are cross-chain related protocols frequently hacked? Is it because the current technical solutions are not yet mature? Or are the hidden dangers of such contracts difficult to detect?
PeckShield:Cross-chain protocol is an emerging field, which breaks the barriers of information islands between chains, but it still needs to stand the test of time. The ChainSwap protocol was attacked because of loopholes in the contract itself, AnySwap was attacked because of problems with cross-chain private key management, and Poly Network was attacked because of contract loopholes. This is a warning to all cross-chain protocols that it is necessary to pay more attention to the inspection of contracts and the security of private key management and authorization.
BlockSec (the interviewee is Zhou Yajin, the co-founder of BlockSec and a professor at the School of Cyberspace Security, Zhejiang University):I think there are multiple reasons. The first one is profitable. Since there are often a large number of digital assets in the cross-chain bridge, it has become a favorite in the eyes of attackers. The second is that the entire process of the cross-chain bridge is relatively complicated, involving the interaction between multiple chains and multiple contracts, and the monitoring of these security risks requires an overall security assessment and analysis of the cross-chain bridge. The audit and analysis of a certain module cannot fully cover the security risks of the entire link, and some new security ideas and solutions are needed.
Q2
Odaily :In the case of Poly Network, a major focus of the community’s doubts was whether there was only one Keeper in the contract. Although it has been proved to be inaccurate afterwards, the balance between efficiency and centralization is still worth pondering. In cross-chain related services, does it mean that the higher the effectiveness of cross-chain execution, the more centralized it will be? Are centralization and insecurity equated?
PeckShield:The cross-chain protocol is built based on the underlying technology of the blockchain, which means that it will not only have the characteristics of the blockchain technology, but also carry the "impossible triangle" of the technology itself, that is, it cannot take into account "decentralization" at the same time , "Security", "Transaction Processing Performance" these three features.
BlockSec:Generally speaking, it still depends on whether the security defense measures of the project party are in place, especially when the security company participates in the audit, it is necessary to judge whether the audit exists, whether the service provider has super-high authority (the authority to transfer funds without audit) and its ability to perform Rug Pull Possibility, because of such operation permission settings, it is likely to cause illegal transfer of a large amount of funds when the supplier's private key is stolen or lost.
There is no causal logical relationship between the efficiency of cross-chain execution and centralization, and there is no direct relationship between the centralization and insecurity of cross-chain bridges. The safety of centralization mainly depends on the security of centralized entities. From a bad point of view, there is a single-point security threat, but from a good point of view, as long as the security of the central entity is high, the security can be guaranteed.
Generally speaking, it still depends on whether the security defense measures of the project party are in place, especially when the security company participates in the audit, it is necessary to judge whether the audit exists, whether the service provider has super-high authority (the authority to transfer funds without audit) and its ability to perform Rug Pull Possibility, because of such operation permission settings, it is likely to cause illegal transfer of a large amount of funds when the supplier's private key is stolen or lost.
Q3
Odaily :Under the background of successive accidents in the project, what should the project party do? What measures can be taken to avoid risks?
PeckShield:Maintain continuous monitoring of the situation on the chain, and be able to sense abnormal events on the chain in a timely manner, so as to block them in time before the loss expands.
For the project party, it is necessary to seek professional institutions to effectively identify known loopholes and build the first line of defense for the security of the protocol.
Secondly, we must also pay attention to troubleshooting business logic loopholes when combining with other DeFi products to avoid cross-contract logic compatibility loopholes.
Then, it is necessary to design a certain risk control fusing mechanism, and introduce threat perception intelligence and data situation intelligence services from third-party security companies. When a DeFi security incident occurs, it can respond to security risks as soon as possible and check and block security in a timely manner. attack to avoid further damage.
Finally, all parties in the industry should be linked to build a comprehensive asset tracking mechanism to monitor the circulation of related virtual currencies in real time. Operation and maintenance security.
BlockSec:
Introducing security into design is what we usually call security by design, not just security auditing. Third-party security companies should be introduced in the design phase to assess security risks together.
From a long-term perspective, the open source of project technical code is also a necessity to resolve unknown risks.
Maintain continuous monitoring of the situation on the chain, and be able to sense abnormal events on the chain in a timely manner, so as to block them in time before the loss expands.
Q4
Odaily :The demand for cross-chain has always existed, and it is bound to become more and more vigorous. For users, what should they do? How to choose a safe and suitable cross-chain bridge?
PeckShield:It should be noted that when such security incidents occur, the biggest losses are often LPs that provide liquidity for cross-chain funds. Our suggestion is to do a good job of project back-tracking and not easily invest assets in projects that have not been audited , including projects that are under audit but have not yet been completed. Furthermore, for cross-contract agreements, do not over-authorize, including project stakeholders, and do not over-authorize cross-chain agreements.
Q5
Odaily :When an extreme safety accident occurs, what are the effective means of compensation?
PeckShield:Collaborate with upstream and downstream industry resources to track the flow of stolen assets in a timely manner and recover losses, especially in terms of exchanges or stablecoins (money laundering) that occupy the majority of liquidity, which can more effectively block the risk of stolen money.
BlockSec:
Collaborate with upstream and downstream industry resources to track the flow of stolen assets in a timely manner and recover losses, especially in terms of exchanges or stablecoins (money laundering) that occupy the majority of liquidity, which can more effectively block the risk of stolen money.
etc……
summary
The answers from PeckShield and BlockSec roughly revealed the current security challenges faced by cross-chain related protocols.
On the whole, the reason why cross-chain related protocols are prone to repeated attacks can be roughly divided into three reasons. First, with the rapid development of the track, the amount of funds it carries is also rapidly expanding; second, the track is still emerging. stage, various details still need to be optimized; third, cross-chain related agreements often involve the interaction between multiple chains and multiple contracts, the process is relatively complicated, and there are many risk points.
For ordinary users (mainly referring to liquidity providers who earn income through cross-chain bridges), the situation they are facing now is somewhat similar to that at the beginning of DeFi last year, and they need to be more cautious in weighing benefits and risks. Priority is given to agreements with more complete audit status and smooth business operations for a longer period of time.
For the front-line project parties, on the one hand, it is necessary to absorb the experience of past events, and to find and fill in gaps in a targeted manner; Follow up the upgrades and changes of the underlying public chain in a timely manner, integrate derivative security solutions such as Lossless, seek cooperation with insurance agreements such as Nexus Mutual, and explore like cBridgeNon-contractual liquidity locking methodetc……
Finally, we would like to appeal to all relevant practitioners, including those affected projects such as ChainSwap, AnySwap, THORChain, Poly Network, etc., not to lose confidence. The initial stage of an emerging track will always be accompanied by pains. As the multi-chain structure becomes more and more stable, Cross-chain is bound to become more and more prosperous. The "favor" of hackers has proved the value of this track. I hope you will not stop your progress because of this stumbling block.
