PolyNetwork Bug Review And Patch Analysis

The deployed version has an issue in blindly trusting the messages mined in the Relay Chain and failing to thoroughly and properly sanitize the deserialized message content before carrying out cross-chain transactions. Undoubtedly, the incident is a well-executed exploitation of the above issue that originates from Ontology and propagates to BSC, Ethereum, Polygon, and Heco (Note the attempt on Heco is not successful as the related relayer does not behave exactly the same as others. The exact reason is out of scope of this review, but is also a ``TASTY FOOD FOR THE RESEARCHERS.’’).

Figure 1: EthCrossChainManager::verifyHeaderAndExecuteTx()
Figure 2: The Cross-Chain Transaction Comparison in PolyNetwork: Normal vs. Exploited

--

--

A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store