The attacker called the `Bridge.deposit()` function to deposit 0.008 BNB to the contract `Bridge` connected to multiple chains including #BSC, #Ethereum, #Moonriver (twice).
The attacker injected the following malicious data by calling `Bridge.deposit() 👇
Then the `Bridge.deposit()` invoked `ERC20Handler.deposit()` function with the following input 👇
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The hacker called `deposit()` in the QBridge #eth contract w/o really making any deposit and emitted the Deposit event
The exploit was caused by `tokenAddress.safeTransferFrom` in QBridgeHandler.sol which didn't revert the tx when the tokenAddress is the 0x0.
2. The Ethereum QBridge captured the Deposit event and minted $qXETH for the hacker on #BSC.
The QBridge treats the Deposit event as an event of depositing #ETH because the `deposit` and `depositETH` methods in the #QBridge contract emit the same event.