Wormhole Bridge Exploit Analysis

Summary

Exploit Transactions

Attack Flow

  • The spoofed “verify_signatures” function with a malicious “sysvar account”:
  • In contrast, the following snapshot is a correct “verify_signatures” function with the correct “sysvar account”:
  • However, the function “load_current_index” does not validate whether the injected ”sysvar account“ is actually the “system sysvar“. As the current instruction (L92) retrieved from ”sysvar“ is controlled by the attacker, it will succeed in the following verification process.
  • Account2 is the signature set generated by the “verify_signatures” instruction.
  • Account3 is the message account that will be used in the following “complete_wrapped” function.
  • Account3 is the message account generated by the “post_vaa” function.
  • Account6 is the “to” address to receive the minted Wormhole ETH.
  • Account9 is the mint authority for Wormhole ETH and is a PDA (program-derived-address). This is why after signature verification is passed, the attacker can mint tokens directly.

Contracts Vulnerability Analysis

--

--

Official Website: https://certik.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store