ZetaChain Attacked, Vulnerability May Stem from Gateway ZEVM Call Function Flaw

Odaily Odaily reported that ZetaChain was attacked. Preliminary analysis indicates the root cause of the vulnerability lies in the GatewayZEVM contract's call function lacking access control and input validation. This allowed attackers to initiate malicious cross-chain calls and execute arbitrary operations to transfer funds on the target chain through the relayer mechanism.

SlowMist stated that the attacker triggered the relayer to execute malicious calls by forging cross-chain events, thereby stealing funds. Related attack transactions have been disclosed.