CONNECT
Claystack is shutting down, please withdraw your assets. Read our announcement.

Magnify #3 — Rejoice or Burn?

Aug 14 2021
  • Magnify

Each week, I share my views on the week’s hottest conversations. Not subscribed yet? Click here to get the weekly newsletters.

The Long-Short

Is the mass exodus of miners from the US imminent?

Are the reporting requirements on brokers going to kill cryptocurrency?

Is this doomsday for crypto people?

Boo…you wish.

OH YOU WISH DARLING

People have been going berserk on the new Infrastructure Bill passed by the Senate. Confusions around who needs to do what abound. But before you and I predict the fated doomsday in crypto, let’s talk facts.

  1. The bill hasn’t been passed yet. The Senate has only approved it. It still needs to pass through the House of Representatives, where there is strong opposition by Republican Senators John Cornyn and Ted Cruz, along with 28 others.
  2. The vigorous attempts made by Sens. Lummis, Toomey, and Ron Wyden were not enough to counter Senator Shelby’s argument for increased allocation for defense spending of $50B. Come on, he has been lobbying support for defense and military personnel and pushing for the nation’s security above all else — don’t be surprised if he is not favoring crypto as a whole.
  3. The bill is unclear on whether crypto miners will fall under the tax ambit as well. Senator Lummis (a Republican), who strongly wanted this very clarification in the bill, is from Wyoming — the crypto-friendly state in the US. I believe that she will seek further clarifications once discussions are initiated in the House of Representatives.

Let’s think about all this for a second. A bill that regulates crypto earnings is about to be passed. Clarifications are hopefully incoming. Umm…how is this not good for us? Especially when we have been waiting for the ambiguous regulatory clouds to clear away.

For the American miners, developers, and other crypto people who have been shedding blood, sweat, and tears over this confusion — folks, let’s be patient and deal with other problems at hand. Speaking of which, did you notice that we just suffered one of the biggest hacks in crypto?

On Tuesday, an attacker compromised the PolyNetwork and took away roughly $600M in stolen BNB, ETH, and USDC assets by exploiting the Proxy Lock Contracts on Ethereum, BSC, and Polygon. In short, this is how the attack went down.

The EthCrossChainManager contract has a function called verifyHeaderandExecuteTx that calls the ExecuteCrossChainTx, which makes the call to the target contract — this is where the vulnerability lies. PolyNetwork confirms that a target is a contract, but because of vulnerability within the code, the users can call the EthCrossChainData contract. Users manipulate the EthCrossChainData contract and bypass the only0wner check. Post this, they just need to create the correct data to eventually trigger the function that replaces the public keys.

Wait What?
What?

Suffice it to say that the attacker was smart enough to capitalize on a smart contract vulnerability. Smart contract attacks are not uncommon, but here the problem lies in the bridge. A primary reason why blockchain bridges are vulnerable to attacks is that each has its own security model, independent of the security models of blockchains it is interacting with.

Moreover, this is not the first attack on a blockchain bridge. ChainSwap, Thorchain, and AnySwap have been attacked just this year and for the first two, smart contracts were exploited, whereas, for AnySwap, the private keys were compromised.

This wholesome series of attacks on blockchain bridges remind us of the lack of research around the security of blockchain bridges. While these attacks can compromise users’ funds worth millions of dollars, they also help us understand how vulnerable the protocols are. And in some cases, the attackers are simply trying to “teach a lesson”.

You’d be surprised to know that most of the stolen funds (in the Poly attack) have been returned. The attacker has even refused the bounty of $500K that was promised by PolyNetwork. They claimed to do the hack mostly “for fun” and because “cross-chain hacking is hot”.

What did you do for fun this week?

About ClayStack:

ClayStack is a decentralized liquid staking protocol that enables you to earn staking rewards while keeping your assets liquid. Without any lockups.

Get the latest updates!

Learn more about ClayStack, interact with our team, engage in community discussions, and share your valuable feedback.

Share

More from ClayStack