• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M

Ronin Bridge Exploit of $10 Million Caused by Faulty Upgrade Script — Verichains

user avatar

by Giorgi Kostiuk

a year ago

  1. Cause of the Vulnerability
  2. How the Attack Happened
  3. Consequences and Resolution


    4. The $10 million Ronin bridge exploit on August 6 was caused by a faulty upgrade deployment script, according to blockchain security firm Verichains.

    Cause of the Vulnerability

    The upgrade reduced the voting threshold for validators to zero, allowing any user to withdraw from the bridge without a signature. Verichains states that the error occurred due to the incorrect initialization of the totalWeight variable.

    How the Attack Happened

    The attacker attempted to exploit this flaw but was front-run by an MEV bot, which actually carried out the attack, probably unintentionally. The bot’s owner later returned most of the funds to the Ronin team.

    Consequences and Resolution

    Verichains’ analysis reveals the risks of interacting with upgradeable smart contracts. The network could have lost the full amount had the attacker paid more in gas and thus avoided the front-run.

    Due to the faulty upgrade script, Ronin bridge users were able to withdraw funds without validator signatures. This incident highlights the potential risks when dealing with upgradeable smart contracts.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

chest

Other news

Gemini Exits Canada to Focus on US Market

chest

Gemini, led by the Winklevoss twins, is withdrawing from Canada and other secondary markets to concentrate on the US.

user avatarMohamed Farouk

JPMorgan Faces Scrutiny Over Past Manipulative Conduct

chest

JPMorgan faces scrutiny due to past manipulative conduct, having paid over $920 million for deceptive practices in precious metals futures.

user avatarDiego Alvarez

John E Deaton Accuses JPMorgan of Manipulating Bitcoin Prices

chest

John E Deaton accuses JPMorgan and CEO Jamie Dimon of manipulating Bitcoin prices through paper markets, drawing parallels to past manipulations in precious metals.

user avatarElias Mukuru

DDC Continues Bitcoin Accumulation Amid Corporate Shift

chest

DDC has purchased an additional 105 BTC, reflecting a growing trend among corporations to secure Bitcoin as a treasury asset.

user avatarKenji Takahashi

Galaxy Digital Refutes Quantum Computing Concerns Over Bitcoin Trade

chest

Galaxy Digital refutes claims that a significant Bitcoin trade was motivated by fears of quantum computing threats.

user avatarMaria Fernandez

Bullish Reports Significant Q4 Loss Amid Market Downturn

chest

Bullish reported a significant Q4 net loss of $563 million, a stark contrast to the previous year's profit of $1,048 million, highlighting vulnerabilities in the current market.

user avatarGustavo Mendoza

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.