Ethereum Pow (ETHPoW), the proof-of-work blockchain forked from Ethereum that went live immediately after Ethereum’s move to proof-of-stake (PoS) last week, has been attacked by a replay exploit, which resulted in the attacker draining off 200 ETHW tokens.
The main cause of the exploitation, according to Blocksec, is that the Omni bridge on the PoW chain utilizes the old chain ID and does not appropriately validate the real chain ID of the cross-chain message.
1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022
“On September 16th, 2022, we detected that some attackers successfully harvested lots of ETHW by replaying the message (i.e., the call data) of the PoS chain on EthereumPoW (aka the PoW chain),” according to them.
According to the blog post, the company quickly informed the official team of EthereumPoW, who was eager to take action and attempted to interact with the Omni Bridge.
Ethereum PoW loses 200 WETH
The exploiter began by transmitting 200 WETH across the Omni bridge of the Gnosis chain before replicating the identical message on the PoW chain, collecting an additional 200ETHW. As a result, the balance of the chain contract put on the PoW chain was emptied.
BlockSec’s investigation of the Omni bridge source code revealed that the logic to check chainID was present, but the confirmed chainID used in the contract was retrieved from a value stored in the storage designated unitStorage.
The team noted that this was not the right chainID obtained using the CHAINID opcode, as recommended by EIP-1344, and worsened by the subsequent fork following the Ethereum Merge.
This is most likely because the code is pretty old (using Solidity 0.4.24). Blocksec claims that the code works perfectly until the PoW chain forks.
According to Blocksec, the attacker(s) might harvest a large amount of ETHW (as well as other tokens owned by the bridge on the PoW chain) and trade them in various exchanges, like some centralized exchanges (CEXs)
They contend that doing so may have an impact on the price of ETHW owing to an increase in liquidity. As a result, users/investors are advised to exercise caution when trading these tokens on the PoW chain.
EthPow dropped sharply
According to data from CoinMarketCap, the price of the ETHW token dropped 37% as a result of the news, reaching a new low of $4.22 early on Monday. It is presently trading at $5.58, a 25% decrease.