We are proud to announce that Sherlock will be hosting an audit contest for the @ethereum Fusaka Upgrade!. We love collaborating with the @ethereumfndn, which always puts security first. Stay tuned for more details to come!

The @centrifuge Audit Contest coming on October 20th will now have $100k in guaranteed rewards. Don't miss it.

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

We are proud to have helped secure @zetablockchain through this discovery. When it absolutely needs to be secure, Sherlock is the right choice.

The Mitigation:. In the Solana Observer's inbound tracker processing, check if the transaction is successful before voting on it.

What's the impact?. All lamports and SPL tokens deposited in the Solana bridge can be stolen, given that deposits can be forged for any amount (they are processed despite the Gateway program causing the transactions to revert).

The Attack Path:. 1) Any party sends a failing transaction to the gateway with a deposit instruction (or deposit and call). 2) A malicious or negligent observer adds a failing Solana tx that contains Gateway instructions to the inbound tracker using MsgAddInboundTracker,.

External Pre-conditions:. Any party sends a failing transaction to the gateway with a deposit instruction (or deposit and call). The recipient of the ZRC20 Sol on Zetachain withdraws it and receives lamports on Solana.

Internal Pre-conditions:. A malicious or negligent observer adds a failing Solana tx that contains Gateway instructions to the inbound tracker using MsgAddInboundTracker, resulting in all validators processing and voting to mint ZRC20 Sol on Zetachain. The CCTX receives.

The root cause of this vulnerability:. The ProcessInboundEvents function does not require a transaction to have succeeded, unlike the EVM inbound observer, which does this correctly here. Since the instruction is decoded as if it succeeded, a malicious observer can spoof a.

Normally, observers don't process failing transactions, but this code path fails to perform the same validation as its EVM counterpart. While this requires a "privileged" role, every validator is an observer, and BFT consensus is supposed to be byzantine tolerant, i.e., tolerate.

Here is @bernd_eth's summary of the vulnerability:. 1. ZetaChain’s observers monitor transactions on external chains (e.g., Ethereum, Solana) and add them to a centralized inbound tracker to process them as deposits and withdrawals, assuming transaction success. 2. Unlike the.

Welcome back to Sherlock's Vulnerability Spotlight, where we highlight an impactful vulnerability uncovered during a Sherlock audit. This week, we have Deposit Spoofing. It was uncovered by @0xalpharush & @bernd_eth on the @zetablockchain Cross-Chain Contest. 🧵

Sherlock is excited to announce that another smart contract security assessment is complete for @1inch. Over time, @1inch has demonstrated their unwavering commitment to security, and we are honored to work alongside them.

RT @BMXDeFi: We're livestreaming w/ @ImmutableAlpha from @SherlockDeFi, a leader in blockchain security!

A clear, comprehensive focus on security - exactly what users should expect as @getaxal prepares to launch Axal Yield.

‼️ @dhedgeorg dHEDGE Update contest is live!! ‼️.

We are proud to have helped secure @symbioticfi through this discovery. When it absolutely needs to be secure, Sherlock is the right choice.

The Mitigation:. The voting power of such operators ( X=0, Y=0, and isNonSigner set to false) should not be added to the total aggregated power, and additionally, the aggregated key should not contain the keys.

What's the impact?. The network is compromised, and the attacker can do whatever they want. The Operator role is permissionless for some networks (depending on extensions), and even if it wasn't, they would still be able to completely bypass the quorum, which is a high-severity.

The Attack Path:. An operator with 1 voting power (or any minimal amount) calls Settlement::commitValSetHeader() with a malicious header for the next epoch to compromise the network. They send a proof with only them as signer, all other operators are non-signers, and add at the.

This effectively means that any operator with any minimal voting power can add this (0,0) operator with a voting power that exceeds the quorum and let the message go through. As a result, they can manipulate whatever data they want and take full control of the network, more.