smartcontracts.eth (✨🔴_🔴✨)
@kelvinfichter
Followers
33,113
Following
591
Media
284
Statuses
6,145
building a better economy for humans @OPLabsPBC 🔴✨
Joined October 2012
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
The 1
• 2338186 Tweets
taylor
• 532687 Tweets
#ParisTSTheErasTour
• 320580 Tweets
#Eurovision2024
• 149324 Tweets
hailey
• 141397 Tweets
hailey
• 141397 Tweets
Long Live
• 106728 Tweets
Leverkusen
• 89516 Tweets
Marjorie
• 80733 Tweets
TTPD
• 77771 Tweets
#النصر_الاخدود
• 71949 Tweets
The Archer
• 69717 Tweets
DOWN BAD
• 57870 Tweets
Francia
• 56414 Tweets
TOLERATE IT
• 47947 Tweets
Speak Now
• 44414 Tweets
Switzerland
• 42714 Tweets
Selena
• 35727 Tweets
BUT DADDY I LOVE HIM
• 35079 Tweets
Betty
• 33014 Tweets
Willow
• 29200 Tweets
Nemo
• 23797 Tweets
JUSTIN VA A SER PAPÁ
• 22651 Tweets
Who's Afraid of Little Old Me
• 22045 Tweets
SO HIGH SCHOOL
• 21718 Tweets
Angelina
• 18341 Tweets
#ESCita
• 17916 Tweets
#ATAOM
• 17100 Tweets
Armenia
• 14304 Tweets
Paredes
• 13831 Tweets
Malta
• 13310 Tweets
Austria
• 13205 Tweets
Nebulossa
• 11358 Tweets
O JUSTIN VAI SER PAI
• 10091 Tweets
Alright. I figured out the Solana x Wormhole Bridge hack. ~300 million dollars worth of ETH drained out of the Wormhole Bridge on Ethereum. Here's how it happened.
478
3K
13K
Welp.
@Ronin_Network
is now on top of the crypto hack leaderboard. $625 MILLION dollars worth of ETH and USDC just got stolen from the Ronin bridge. Here's how it happened.
88
546
2K
Another "crypto hack made simple" thread for ya.
@BeanstalkFarms
, a DeFi protocol, was just exploited for about $75m worth of Ether (~25k ETH). Here's how the heist went down.
73
382
2K
Last weekend an attacker was able to gain control of the Optimism addresses that correspond to various Gnosis Safe multisigs on Ethereum that had not yet been deployed to Optimism. A quick thread on security in the multi-chain world ~~
42
328
1K
It's interesting that this commit was made ~9 hours ago and the exploit happened a few hours after that. Possible that an attacker was keeping an eye on the repository and looking out for suspicious commits.
37
52
1K
Here's the transaction which finalized a majority of the exploit. 80k ETH pulled out of the Wormhole contract on Ethereum in a single transaction:
3
47
630
Fine, I'm finally doing it. It's time to open-source the Eth2 book, a free resource for understanding the future of Ethereum (in depth):
15
155
629
Using this "fake" system program, the attacker could effectively lie about the fact that the signature check program was executed. The signatures weren't being checked at all!
8
32
611
And one withdrawal of 80k ETH + 10k ETH later (everything in the bridge on Ethereum), everything was gone.
12
19
597
After that point, it was game over. The attacker made it look like the guardians had signed off on a 120k deposit into Wormhole on Solana, even though they hadn't. All the attacker needed to do now was to make their "play" money real by withdrawing it back to Ethereum.
8
29
585
Wormhole is a "bridge" -- basically a way to move crypto assets between different blockchains. Specifically, Wormhole has a set of "guardians" that sign off on transfers between chains. It's a little more complicated than that in practice, but that's the general idea.
4
26
566
One sec loading up my next tweets... hold your horses
11
2
559
The first breakthrough came from this transaction on Solana which somehow minted 120k "Wormhole ETH" out of nowhere:
5
32
550
That explains part of it! The attacker was able to mint Wormhole ETH on Solana, so they were able to correctly withdraw it back to Ethereum. Now we just need to figure out how the attacker was able to mint this Wormhole ETH on Solana...
4
19
534
Although it's dramatic, this transaction is just the very end of an interesting series of events. I had to start working my way backwards to figure out how this was even possible.
2
10
516
Alright, here's where we start getting into the weeds of Solana. This is the first time I've ever looked at Solana contracts so it took me a while to get my bearings, but I think I finally get what's going on.
1
14
510
The transaction that pulled out 80k ETH was actually the attacker transferring 80k ETH from Solana to Ethereum. I originally thought that the contract might've incorrectly validated the signatures on the transfer, but the signatures completely checked out.
2
15
485
The Wormhole "guardians" had somehow signed off on this 80k ETH transfer as if it were 100% legit. How was that possible?
2
16
451
The next interesting piece of information is this Solana transaction that came right before the 120k ETH one, where 0.1 Wormhole ETH was minted on Solana:
2
13
438
For your entertainment, here's a thread about the future of
@optimismFND
, the upcoming Bedrock upgrade, Rollup decentralization, and ZK. Bedrock is a Rollup client, not an Optimistic Rollup client 😉. Enjoy the spice. 🌈
31
124
419
It doesn't really matter if you understand the fancy code, the most important thing here is that post_vaa checks if the message is valid by checking the signatures from the guardians. That part seems reasonable enough. But it's this signature checking step that broke everything.
2
18
433
The transactions that minted Wormhole ETH on Solana were triggering this Wormhole function "complete_wrapped":
2
19
413
Of course, the attacker definitely did not make a 120k ETH deposit into Wormhole on Ethereum. But there's something interesting about this deposit. It definitely has something to do with the attack, but what?
1
6
403
Whew. Long day. Optimism has now been sustaining >10tps for the last several hours, approximately on par with Ethereum, without any problems on the Sequencer side. Still a long way to go, but it's amazing that we're here considering L2s barely existed a year ago.
36
47
404
If we take a look at the attacker's transaction history on Ethereum, we end up seeing that the attacker *did* make a deposit of 0.1 ETH *into* Solana from Ethereum:
3
8
400
The load_instruction_at function was deprecated relatively recently because it *does not check that it's executing against the actual system address*!
8
24
405
The only crypto strategy is to buy ETH and fucking hold it.
27
24
373
Alright let's keep going. "post_vaa" doesn't actually check the signatures. Instead, in typical Solana fashion, there's another smart contract which gets created by calling the "verify_signatures" function.
2
7
371
One of the parameters that this function takes is a "transfer message", basically a message signed by the guardians that says which token to mint and how much:
1
6
355
Solana is kinda weird, so these parameters are actually smart contracts themselves. But the important thing is how these "transfer message" contracts get created. Here's the transaction that made the 0.1 ETH transfer message:
1
13
357
Blobs just went live and you can send any amount of ETH on
@Optimism
OP Mainnet anywhere in the world right now for less than $0.001. Meanwhile, it costs $4-$12 to send $200 from the US to the Philippines with Western Union. Crypto is scaling.
8
66
352
Introducing NFT mirroring: mirror your Optimism NFTs on Ethereum so you can display them on apps like Twitter. Dropping exclusively on Optimism soon(tm). Check out my PFP if you want a sneak peek 👀
58
72
305
But here's the "verify_signatures" transaction for the fake deposit of 120k ETH
7
17
342
Oh, and in case you missed it, the team over at
@OPLabsPBC
is shipping permissionless fault proofs to OP Sepolia in 6 days. 🥱
18
50
336
A commit was made ~9 hours ago replacing usage of load_instruction_at with load_instruction_at_checked, which actually confirms that the program being executed is the system program:
3
14
327
10 ETH bet that there won't be any zk-rollups that can support ethereum smart contracts without a custom compiler by the end of 2023
55
21
307
This "transfer message" contract is created by triggering a function called "post_vaa":
1
6
315
This verification function is a built-in tool that's supposed to verify that the given signatures are correct. So the signature verification has been outsourced to this program. But here's where the bug comes in.
1
13
309
One of the inputs to the "verify_signatures" function is a Solana built-in "system" program which contains various utilities the contract can use:
2
7
303
Here's that system address being used as the input for the "verify_signatures" for the legit deposit of 0.1 ETH
2
8
293
Within "verify_signatures", the Wormhole program attempts to check that the thing that happened right before this function was triggered was that the Secp256k1 signature verification function was executed:
3
9
285
The Wormhole contracts used the function load_instruction_at to check that the Secp256k1 function was called first:
2
8
278
This is very different from previous bridge hacks where the root cause was a smart contract bug. This is a much more "classical" hack of private keys in a multi-key security setup. This is why trust-minimized bridging is SO important.
5
29
277
.
@liamihorne
dropped the wildest ethereum pro tip I somehow never thought of, use a 1 of 1 multisig so you can rotate keys without changing your address 🤷♀️
31
30
277
You're supposed to provide the system address as the program you're executing here (it's the third-to-last program input):
1
4
268
Looks like it was probably an exploit on the Solana side, not on the Ethereum side. See the following transaction where 120k Wormhole ETH was minted on Solana:
7
79
258
Wormhole reports that the exploit has been patched
The vulnerability has been patched.
We are working to get the network back up as soon as possible.
109
100
985
1
10
257
As another commenter has noted, it could also be that the attacker knew about the bug in advance and was forced into exploiting the bug because the patch was being rolled out. Seems hard to construct this attack within ~2 hours so could be a possibility here.
15
5
257
Etherscan as a source of truth is a systemic risk. I love Etherscan as much as anyone else but we really need more competitors in the block explorer space.
15
21
255
@VitalikButerin
Actual question: what does a unit of gas represent? Gas is multi-dimensional (storage, compute, bandwidth pricing). Why don't we have different types of gas for each resource type? And how does one think about the meaning of one unit of gas in this current context?
16
9
237
The OP Stack is about to make Ethereum contract development crazy again. Hard to explain until you've seen it. It's just stupid how powerful this thing is. The idea of getting CSR on Optimism Mainnet was what really got me. (quik thred)
𝗖𝗼𝗻𝘁𝗿𝗮𝗰𝘁 𝗦𝗲𝗰𝘂𝗿𝗲𝗱 𝗥𝗲𝘃𝗲𝗻𝘂𝗲 for🔴Optimism Builders,
or:
How
@CantoPublic
's idea ended up on
@optimismFND
thanks to
@BanklessHQ
and
@EthernautDAO
.
🧵👇 (1/10)
9
13
137
14
47
244
I'm going to do a Twitch stream series where I dive into the architecture of zkEVMs (looking at code, not theory). Does anyone from
@0xPolygonHermez
@Scroll_ZKP
@zksync
want to hop on a stream sometime soon to go over their respective codebases?
16
16
225
This suggests that Ronin had minimal monitoring and alerting in place. Alerting on bridge balance dropping below a certain value seems obvious. People should've been getting annoying opsgenie calls at 2am for this.
2
6
222
Also, the hack happened SIX days ago and no one noticed until a user tried to withdraw:
4
13
216
This is why client diversity is SO IMPORTANT and why the Ethereum community has been shouting loudly about client diversity in preparation for the Merge. This event likely would've been prevented if there were at least 3 client implementations.
1
17
204
Arbitrum has acquired Prysmatic Labs, the maintainer of the most widely used Ethereum consensus client. In exchange for cash, Arbitrum has put itself in the position of a "core Ethereum maintainer" and now has Arbitrum engineers in a central part of the Ethereum dev process.
We’re extremely happy to announce that we (
@OffchainLabs
) are acquiring
@prylabs
, the team behind Ethereum's leading consensus client!
Let’s dive into details!🧵👇
635
3K
5K
15
31
200
Let's look at some early lessons. I think the most fundamental error here was the reliance on validator-based bridges. The Ronin Bridge has a fundamental assumption that a majority of keys cannot be compromised. Clearly this assumption was broken.
4
15
197
How do we prevent this sort of compromise? It's an annoying engineering problem. First, it seems clear that no single entity should be running a significant number of nodes. I find it problematic that Sky Mavis was running 4/9 nodes.
5
5
193
I used the following tools for this analysis:
These are usually my go-to tools, I highly recommend them to anyone looking to analyze hacks like this.
4
13
193
TL;DR older version of Solana standard lib doesn't check stuff properly, contract doesn't get upgraded to latest version, bye bye $300m
Alright. I figured out the Solana x Wormhole Bridge hack. ~300 million dollars worth of ETH drained out of the Wormhole Bridge on Ethereum. Here's how it happened.
478
3K
13K
5
37
185
Man I love deploying to Optimism. Feels like Ethereum in 2016 back when I could actually afford to deploy stuff and experiment with things. Can get way more creative with my contracts. One of the under-appreciated things about L2.
5
8
187
Why are you still using a single hardware wallet instead of a 2-of-2 multisig with hardware + key on a mobile device as 2FA
32
21
179
It looks like 5 of the keys were compromised via a backdoor in the Ronin bridge node. It's unclear exactly how the backdoor worked, I'm going to keep investigating to see what's up.
5
14
174
Discovering the hack almost a week after it happened is a bad look, especially for something as easy to monitor as the bridge balance (there are much more subtle attacks out there that would be hard to monitor for).
1
9
171
It looks like the Ronin hack was quite different from previous bridge hacks. The Ronin bridge is a 5-of-9 validator bridge, meaning the funds are secured by a set of 9 secret keys, any 5 of which can be used to move money around.
1
11
160
Optimism ecosystem has various open protocol projects for the OP Stack. If you're interested in working on the cutting edge of crypto, building open source software, and being rewarded for your work via RetroPGF, DM me and I'll find you the perfect project.
8
31
161
Once 5 of the keys were compromised, the attacker could basically just take all of the money out of the bridge without a problem. Bye bye $625m.
2
7
158
Third day of record transactions on Optimism. Wild.
21
12
162
Crypto has slowly been losing sight of its vision. In some way the "builder" class is a part of this -- lots of people coming into crypto for the cool tech and not the social reality that the tech can enable. Crypto is going to have to fight for its vision.
17
21
154
It's clear: THE FUTURE IS SUPERCHAIN
@coinbase
is joining
@optimismFND
on the journey towards the vision of a UNIFIED network of L2s: the Superchain.
Here's what's up with the Superchain and how you can get involved **today** 👀
1/ 🔵 We’re excited to announce
@BuildOnBase
.
Base is an Ethereum L2 that offers a secure, low-cost, developer-friendly way for anyone, anywhere, to build decentralized apps.
Our goal with Base is to make onchain the next online and onboard 1B+ users into the cryptoeconomy.
2K
3K
11K
10
26
159
We all know Optimistic Rollups need to build fault proofs. But did you know there are actually four different levels of fault proofs? 👀👀 A behind-the-scenes thread on the truth behind Optimistic Rollup proof systems 🔴✨
5
24
153
Exciting news, my zkEVM stream series starts tomorrow!
I'll be streaming with
@0xPolygonHermez
and diving deep into their zkEVM codebase. It'll be a fluid Q&A where I'll be trying to understand the codebase on the fly.
Join me @ 10:30am EST over at
10
27
151
I made a repo with simple instructions for how to run your very own Optimism node (it even comes with metrics!)
10
27
151
Congrats to the whitehat, but what an absolutely massive process and security failure on the part of Jump/Wormhole. You can't be forgetting to initialize proxies. You should have systems in place that do not allow you to forget to initialize proxies.
Whitehat satya0x reported a critical vulnerability in
@wormholecrypto
on Feb 24 via Immunefi.
The bug was quickly patched, no user funds were affected, and satya0x received a $10 million payout from Wormhole, the largest bounty payout on record.
33
244
1K
8
21
148
I really want to give a talk called "How Rollups **actually** work" that sketches out the proper mental models for thinking about Rollups
15
5
146
oh my god
9684c022748fed2b3b076cde6000d1dc8301e508f19382e2b510f84aed260380
186
78
780
9
9
141
We'll see what happens next. I'll keep digging into the exact exploit and report back if I find anything. Unfortunately, since this wasn't a smart contract bug, there's no public trace of the issue. Going to start examining Ronin's node software and see what I can find.
2
2
139
@FTX_Official
As a side note, an interesting model for withdrawals that I've heard discussed before (I think via
@ben_chain
) is to introduce a withdrawal delay depending on the size of the withdrawal. In combo with alerts on large withdrawals, likely would've prevented this attack.
5
6
139
It's funny how Ethereum turns a bunch of fintech startups that need months to build an MVP into weekend projects
15
16
133
Optimistic rollups are way better than ZK rollups right now (like, it's not even a competition really) and will remain that way for at least 2-3 years. If you want to scale any time soon you should be looking at Optimistic over ZK. fite me, it's true
12
21
137
I don't know how the Ronin team operates internally, but if you're making an N-of-M validator bridge then you MUST have the engineering practices in place to be able to secure those validators.
1
6
134
Damn I can't believe the merge is really happening. Ethereum is sick, I couldn't imagine working on anything else.
11
4
129
Hot take: I think deflationary systems are kinda wack and it's frustrating that deflation is becoming a core Ethereum meme :-/ Deflation mainly really benefits the people who already have stacks to sit on
18
8
131
OP Stack getting PUSH0 🫡
Today we’re announcing the first post-Bedrock network upgrade for the Optimism ecosystem: Canyon!
Built and implemented in collaboration with
@BuildonBase
, this upgrade will hit Superchain testnets on Nov. 14th at 17:00 UTC.
12
75
281
6
68
112
But there's no reason why Bedrock can't use a ZK proof System instead 👀👀. We think Optimistic Rollups currently have massive advantages over their ZK counterparts, but Bedrock has been designed to make a seamless transition between Optimistic and ZK possible.
8
21
127
Oh, and OP Mainnet now supports PUSH0!
The Canyon upgrade will be activating on OP Mainnet tomorrow, Jan. 11 at 17:00:01 UTC!
This is a reminder to upgrade your nodes—minimum versions are op-node v1.3.2 & op-geth v1.101304.2.
Here is a handy upgrade guide:
9
45
174
15
28
112
Lmao isn't this basically kind of an assassination market? If there were enough open interest, rescue workers could profit by sabotaging rescue efforts 😬
25
8
128
So some basic takeaways for now:
1. Validator bridges can work IF you have the engineering practices to maintain your security assumptions. This is not trivial.
2. Trust-minimized bridges are harder to build up-front but can be easier to secure down the line.
3
11
125
So uhhh if you wanna contribute to some code that has forever and always been MIT licensed...
4
10
119
If you have 32 eth and you aren't running a validator, go run a validator! It's so fun seeing number go up. I'm using eth-docker and it's been flawless so far.
9
14
122
Prediction: Optimistic Rollup (using compilation of execution layer to simpler VM like Bedrock or Nitro) + trailing ZK validity proofs over the execution trace of the simpler VM (like MIPS or whatever) will be the future of rollups (basically a hybrid ZK/OR model).
8
19
119
Alright, I'll say it. Client diversity isn't the only type of diversity Ethereum's client ecosystem needs to work on 😬
19
10
123
Whitelisted fraud proofs aren't real fraud proofs.
Fraud proofs with upgrade keys aren't real fraud proofs.
Until you have actual fraud proofs, you might as well not have any fraud proofs at all so users understand the security model.
Stop playing security theater, please.
9
17
120
Bedrock is actually such a sick design it's wild.
@protolambda
had the funny realization that you could do L1 tx/event subscriptions -- basically pay to automatically trigger L2 transactions when things happen on L1
6
21
117