Crypto Market All-time High 🚀

Overall crypto market cap crosses $2.63 Trillion BTC crossed $67k ETH crossed $4k

Polygon $2 Million Bug Bounty Payout

Double Spending bug found in Polygon Polygon is a layer 2 scaling solution for Ethereum.

Polygon has awarded a $2 million bounty to a white hat hacker after they identified a vulnerability that put about $850 million of capital at risk. The vulnerability, found by Gerhard Wagner in the Polygon Plasma Bridge on October 5, allowed an attacker to exit their burn transaction from the bridge multiple times—up to 223 times.

  1. attacker deposits 200,000 (or more) USD worth of tokens to the DepositManager contract

  2. burns the tokens with a burn transaction on Polygon network

  3. starts the exit

  4. waits the seven days challenge period

  5. processes the exit and gets the initial funds back

Then the attack is launched, and 223 alternative exit payloads are generated with the technique described above, and exits are initiated for each one of them. All exits get a unique id and are added to the exit queue. Their age is already older than the challenge period since the burn transaction has been aggregated into a Plasma block, so the funds can be released on L1. After all exits have been started and processed, the malicious user gains 223 times the amount on top of the initial deposit or tokens valued at 44.6 million USD.

The vulnerability has been fixed by rejecting any encoding that does not start with 0x00 (see here). It’s not very elegant, but it fixes the double-spending bug by hard coding the encoding meta character.

Compound Bug

This is a follow-up bug to the issue we talked about in Episode 44.

About $90 million has mistakenly gone out to users of Compound, a popular decentralized-finance staking protocol, and the founder is begging users to voluntarily return the tokens.

Someone exploited a bug in Compound’s Controller contract, which is the part of the protocol that distributes yield farming rewards to users. By calling Compound’s drip() function, they transferred $68 million, or 202,472 COMP, from Compound’s reservoir to its Comptroller.

An update was published for the previous issue but it takes 7 days to go through on Compound.

"The drip issue has been known to Compound and the security researchers for a few days now," Banteg told Decrypt, "but since there was no mitigation, it was decided to keep it under wraps hoping nobody would notice until a patch is out."

StakeSteak Hacked

A StakeSteak key was scraped from repositories, destroying the token, its market value and losing nearly $200,000 in the process

“the exploiters were able to gain access to the STEAK deployer account due to the private keys being visible on the initial commit 5/19 of the steak public contracts on GitHub”.

The first exploiter burned 140,823 STEAK tokens from the LP. The max STEAK supply of 5 mil was preminted, but because of this burn, they were able to mint 140,823 STEAK from the compromised deployer account to the exploiters account. These STEAK tokens were then used to drain the LP pool. They came out with 80,636 FTM.

The second exploiter was then able to mint 30,000 more STEAK tokens. They also took out the 18,386 fUSD-USDC LP, 9,719 USDC, and 387 FTM from STEAK reserves. In total this exploiter took 81,351 USDC in value.

Rocketpool & Lido Vuln

Whitehat Dmitri Tsumak, founder of StakeWise, submitted a critical vulnerability on October 5th that affected the RocketPool and Lido Finance staking platforms. The vulnerability allowed for the node operator to steal user deposits. The payout for the whitehat was the maximum amount for critical bugs from both projects ($100,000 from each project), resulting in a total payout of $200,000.

RocketPool and Lido are both third party staking pools for Ethereum 2.0

Participants, known as validators, can propose new blocks and validate blocks from another validator, but only if they stake 32 ETH by depositing the funds to the official deposit contract. Only then can validators run client nodes to participate in PoS.

After a malicious node operator would be included in Lido and RocketPool, they would need to generate additional deposit data with withdrawal credentials and minimum deposit value in ETH (depending on the project) for every validator key created. The next steps are crucial for the exploit to happen.

An attacker waits for the 32 ETH to be submitted from the pool to the deposit contract for one of the validators approved in the beginning. When this happens, the malicious node operator frontruns the deposit with previously prepared deposit data with minimal needed deposit value for the same validator bls key by calling deposit() function on the deposit contract.

Malicious deposit data contains the same validator pubkey, minimal deposit for deposit contract (1ETH or 16ETH on RocketPool), and withdrawal credentials.