Post-Ethereum Merge proof-of-work (PoW) chain ETHW has moved to quell claims that it had suffered an on-chain replay attack over the weekend.
Smart contract auditing firm BlockSec flagged what it described as a replay attack that took place on Sept. 16, in which attackers harvested ETHW tokens by replaying the call data of Ethereum’s proof-of-stake (PoS) chain on the forked Ethereum PoW chain.
According to BlockSec, the root cause of the exploit was due to the fact that the Omni cross-chain bridge on the ETHW chain used old chainID and was not correctly verifying the correct chainId of the cross-chain message.
Ethereum’s Mainnet and test networks use two identifiers for different uses, namely, a network ID and a chain ID (chainID). Peer-to-peer messages between nodes make use of network ID, while transaction signatures make use of chainID. EIP-155 introduced chainID as a means to prevent replay attacks between the ETH and ETC blockchains.
1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn’t correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022
BlockSec was the first analytics service to flag the replay attack and notified ETHW, which in turn quickly rebuffed initial claims that a replay attack had been carried out on-chain. ETHW made attempts to notify Omni Bridge of the exploit at the contract level:
Had tried every way to contact Omni Bridge yesterday.
Bridges need to correctly verify the actual ChainID of the cross-chain messages.
— EthereumPoW (ETHW) Official #ETHW #ETHPoW (@EthereumPoW) September 18, 2022
Analysis of the attack revealed that the exploiter started by transferring 200 WETH through the Omni bridge of the Gnosis chain before replaying the same message on the PoW chain, netting an extra 200ETHW. This resulted in the balance of the chain contract deployed on the PoW chain being drained.
BlockSec’s analysis of the Omni bridge source code showed that the logic to verify chainId was present, but the verified chainID used in the contract was pulled from a value stored in the…