🧵 on the Rainbow Bridge attack today.
TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased
TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased
1 / 18
The bridge attacker:
etherscan.io/address/0xa4b2…
got some ETH from Tornado to start the attack around 12h ago:
etherscan.io/tx/0x31978ff63…
CC: @rstormsf
The bridge attacker:
etherscan.io/address/0xa4b2…
got some ETH from Tornado to start the attack around 12h ago:
etherscan.io/tx/0x31978ff63…
CC: @rstormsf
2 / 18
With these money he deployed a contract that meant to deposit some funds to become a valid Rainbow Bridge relayer and send the fabricated light client blocks:
etherscan.io/address/0xd153…
With these money he deployed a contract that meant to deposit some funds to become a valid Rainbow Bridge relayer and send the fabricated light client blocks:
etherscan.io/address/0xd153…
3 / 18
He was trying to hit the moment to front run our relayer, but failed to do it:
etherscan.io/tx/0xb5b489bad…
He was trying to hit the moment to front run our relayer, but failed to do it:
etherscan.io/tx/0xb5b489bad…
4 / 18
After it, he decided to send the similar transaction with the block timestamp in the future (+5h), this transaction successfully substituted the previously submitted block:
etherscan.io/tx/0x342ad0d9a…
After it, he decided to send the similar transaction with the block timestamp in the future (+5h), this transaction successfully substituted the previously submitted block:
etherscan.io/tx/0x342ad0d9a…
5 / 18
In a short period one of the bridge watchdogs figured out that the block submitted is not in the NEAR blockchain; created a challenge transaction and sent it to Ethereum
etherscan.io/tx/0x5edcf5385…
In a short period one of the bridge watchdogs figured out that the block submitted is not in the NEAR blockchain; created a challenge transaction and sent it to Ethereum
etherscan.io/tx/0x5edcf5385…
6 / 18
Immediately, MEV bots detected this transaction and figured out that front-running it would result in 2.5 ETH gain, so they did exactly this:
etherscan.io/tx/0xd77596843…
Immediately, MEV bots detected this transaction and figured out that front-running it would result in 2.5 ETH gain, so they did exactly this:
etherscan.io/tx/0xd77596843…
7 / 18
As a result, watchdog transaction failed, MEV bot transaction succeeded and rolled back the fabricated block of the attacker. Some min after this, our relayer submitted a new block:
etherscan.io/tx/0x020dd82b9…
As a result, watchdog transaction failed, MEV bot transaction succeeded and rolled back the fabricated block of the attacker. Some min after this, our relayer submitted a new block:
etherscan.io/tx/0x020dd82b9…
8 / 18
A bit later we started to investigate the strange behaviour and paused all the connectors. And once figured out the details, unpaused them back.
A bit later we started to investigate the strange behaviour and paused all the connectors. And once figured out the details, unpaused them back.
9 / 18
Outcome #1:
The attack was mitigated fully automatically, Rainbow Bridge users even didn't saw anything happening, continuing transacting in both directions.
Outcome #1:
The attack was mitigated fully automatically, Rainbow Bridge users even didn't saw anything happening, continuing transacting in both directions.
10 / 18
Outcome #2:
Probably, the combination of the high Ethereum fees (and a delay of the block relaying) and a desire to check whether watchdogs are operational or not, were stimulating an attacker to break the bridge in that exact moment
Outcome #2:
Probably, the combination of the high Ethereum fees (and a delay of the block relaying) and a desire to check whether watchdogs are operational or not, were stimulating an attacker to break the bridge in that exact moment
11 / 18
Important:
For at least 6 months we knew that watchdog transaction would be front run by the MEV bots (reported by our auditors @sigp_io).
Main reason to keep this mechanics is the additional protection: MEV bots know how to get transactions executed ASAP.
Important:
For at least 6 months we knew that watchdog transaction would be front run by the MEV bots (reported by our auditors @sigp_io).
Main reason to keep this mechanics is the additional protection: MEV bots know how to get transactions executed ASAP.
12 / 18
Attacker lost 2.5 ETH, which was payed to the MEV bot because of the successful challenge.
Attacker lost 2.5 ETH, which was payed to the MEV bot because of the successful challenge.
13 / 18
Outcome #3:
We would redesign a bit the challenge payout mechanics, so the majority of the relayer stake is kept in the contract (so, lost to the attacker too), and some fixed amount payed to the watchdog (or MEV bot).
Outcome #3:
We would redesign a bit the challenge payout mechanics, so the majority of the relayer stake is kept in the contract (so, lost to the attacker too), and some fixed amount payed to the watchdog (or MEV bot).
14 / 18
Outcome #4:
And also we would increase the stake for the relayer manyfold, so similar attempts would cost much more.
You can think of this as a slashing in the PoS.
Money that attackers would loose will be spent for bug bounties and additional audits.
Outcome #4:
And also we would increase the stake for the relayer manyfold, so similar attempts would cost much more.
You can think of this as a slashing in the PoS.
Money that attackers would loose will be spent for bug bounties and additional audits.
15 / 18
For everyone's information:
I personally know about 5 watchdogs that are running 24/7. And no one in the world knows about all of them (a protection from the insiders). You can improve the security by simply running the watchdog script from
github.com/aurora-is-near…
For everyone's information:
I personally know about 5 watchdogs that are running 24/7. And no one in the world knows about all of them (a protection from the insiders). You can improve the security by simply running the watchdog script from
github.com/aurora-is-near…
16 / 18
Every watchdog transaction, that would fail because of the front running will be rewarded with a portion of the attacker stake through the manual process. In case this happens, please send me a message.
Every watchdog transaction, that would fail because of the front running will be rewarded with a portion of the attacker stake through the manual process. In case this happens, please send me a message.
17 / 18
I wish everyone who is innovating in the blockchain to pay enough attention to security and robustness of their products through all the available means: automatic systems, notifications, bug bounties, internal and external audits.
I wish everyone who is innovating in the blockchain to pay enough attention to security and robustness of their products through all the available means: automatic systems, notifications, bug bounties, internal and external audits.
18 / 18
Aurora Labs is continuing doing our best to develop the most secure tech that is working in the heart of the @auroraisnear ecosystem.
Stay tuned.
Aurora Labs is continuing doing our best to develop the most secure tech that is working in the heart of the @auroraisnear ecosystem.
Stay tuned.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
