Analysis of the Poly Network Hacker Attack Incident

Recently, the cross-chain interoperability protocol Poly Network was attacked by a Hacker, which has attracted widespread attention. According to the security team's analysis, this attack was not due to the leakage of the keeper's private key, but rather the attacker modified the keeper of the EthCrossChainData contract to a designated address through carefully crafted data.

Attack Core

The key to the attack lies in the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract. This function can execute specific cross-chain transactions through the _executeCrossChainTx function. Since the ownership of the EthCrossChainData contract belongs to the EthCrossChainManager contract, the latter can call the putCurEpochConPubKeyBytes function of the former to modify the contract's keeper.

Attack Process

1. The attacker uses the verifyHeaderAndExecuteTx function, passing in carefully crafted data.
2. Execute the putCurEpochConPubKeyBytes function call on the EthCrossChainData contract through the _executeCrossChainTx function.
3. Successfully changed the keeper role to the address specified by the attacker.
4. After completing the keeper replacement, the attacker can freely construct transactions to withdraw any amount of funds from the contract.

Attack Impact

1. After the attack is completed, due to the modification of the keeper, other users' normal transactions are rejected.
2. Similar attack patterns have also been implemented on the Ethereum network.

Event Insights

1. A more stringent access control mechanism is needed in contract design.
2. The execution of key functions should have multiple verification steps.
3. Regular security audits and vulnerability assessments are crucial.
4. The security of cross-chain operations needs more attention and improvement.

This incident highlights the importance of blockchain security once again, especially in complex cross-chain scenarios. Development teams need to continuously improve security measures to respond to increasingly sophisticated attack methods. At the same time, users should also enhance their security awareness and participate cautiously in various blockchain projects.