ChainSwap Exploit 11 July 2021 Post-Mortem

On July 11, 2021, the cross-chain bridge project Chainswap was exploited, which resulted in a total loss of 20 assets on the bridge with a combined value of $4 million. ChainSwap team has now prepared and executed a compensation plan in consensus with the affected projects.

1.Attack Description

The attacked contract code:

https://etherscan.io/address/0x06c24002f43e3AF904EeEc581734EA3A7DbF355E#code

The attacker’s address is as follows: https://etherscan.io/address/0xEda5066780dE29D00dfb54581A707ef6F52D8113

2.What Happened

After investigating we found a bug in the token cross-chain quota code. The on-chain swap bridge quota is automatically increased by the signature node, which is intended to be more decentralized without manual control. However, due to a logical flaw in code, this led to an exploit by allowing invalid addresses which weren’t whitelisted to automatically increase the amount.

3.Current Progress and Compensation Situation

The bridge is offline. Mapping tokens have been frozen, and we are actively communicating with the affected projects. The compensation plan has been mostly finished. ChainSwap smart contract has previously been sent to two contract audit companies to complete the audit. Before re-opening the bridge, the code will be put under major audits to ensure safety.

4.Future Plans

In order to bring everybody a more rigorous, efficient bridge, the next development model of ChainSwap will be adjusted to ensure maximum safety.

--

--

--

The hub for smart chains

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cyber Warfare Has Been Around Longer Than You Think

{UPDATE} Geo Quiz - Italiano Hack Free Resources Generator

Enabling Compliance and Governance at Scale in a Multi-Cloud Environment

✍Aenco Academy #31: The Magical Trend of Texting — Messenger Application

zkTube Candy Airdrop Claim Tutorial

Cosmostation and Medibloc Announce Strategic Partnership

How I was able to see likes and dislikes count which is hidden by victim | YouTube #2

{UPDATE} juegos de skate libre Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ChainSwap

ChainSwap

The hub for smart chains

More from Medium

Source Code as a Vulnerability — A Deep Dive into the Real Security Threats From the Twitch Leak

The Wanna Decryptor or Wanna Cryptor or WannaCry ransomware worm hit the world on the 12th of May…

Motoko Bootcamp — a recap

You don’t need a ransomware program