Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

In the world of blockchain, a bridge is a way for assets to exist between blockchains. Since there are so many different chains, having this allows NFTs and coins to exist in several different places.

This is done with the I Owe You approach. This means that users send funds to the bridge protocol on the one chain to be locked by the contract. Then, the equivalent is created on the second network as an IOU token or a wrapped token. For every asset moved from one chain to another, the bridge holds the native version.

Aurora is an implementation of the EVM on the NEAR blockchain network. Aurora developed the Rainbow Bridge to allow users to transfer between Ethereum, NEAR and Aurora. In particular, ETH and all ERC20 tokens from Ethereum can be used on the nested layer of NEAR, which is on Aurora.

How does this bridge actually work though?

1. The standard burn() function removing the tokens from circulation.
2. The money (ETH) is sent to a special hardcoded contract to generate an event to move data off chain.
3. The contracts event calls ExitToNear. This records the sender, destination and amount of this exit.
4. The Aurora EVM handles this transaction, from the events logs, to perform actions on the other part of the bridge.

The final piece of background knowledge is the difference between call and delegateCall. With call, the internal state variables cannot be changed from the other contract. However, delegateCall is designed exactly for this. Even with this for delegateCall, the AMOUNT of ether for msg.value is forwarded to the contract, even if the contract does not really have the money.

The vulnerability comes down to how the event logging was done to trigger the complex chain integration. In step 4 from above, the function ExitToNear can be called directly. If we use delegateCall, we can send Ether to OUR contract without sending it to the bridge.

Since delegateCall retains the msg.value without actually having the money, ExitToNear will log that is received a bunch of ETH, when it never did. As a result, the owner keeps the money but makes the bridge believe that they need to wrap the coin on the other platform for them. This allows infinite creation of money!

To fix this problem, ExitToNear must be called by the bridge contract itself. Overall, a great find in complex software that led to a 6 million payout.