There has been a lot of confusion however how the Wormhole hack had happened, and exactly whose side is at fault. Unfortunately, there is a lot of misinformation going around, and many people are not technical. I'd like to explain how this works.
ELI5 version:
To create wETH on their chain, Solana checks that there is a valid signature, and that the signature comes from a Guardian.
Proper usage means there is a valid signature (Correct ✅) from a guardian (Correct ✅). These two conditions match, and so request is approved. ✅
They expected an attacker would issue an invalid signature (Incorrect ❌) from a guardian (Correct ✅). These two conditions do not match, so the request is denied. ❌
The hack
The attacker issued an invalid signature (Incorrect ❌) from a non-guardian (Incorrect ❌). But these conditions match: incorrect matches incorrect. So the request is APPROVED ✅(!!) and the ETH was stolen on the Solana network.
The Ethereum network successfully processed a withdraw, because Solana told Ethereum "it's all good, this is legit", but Solana's logic for determining whether it is good was flawed.
For programmers: the check was == instead of &&.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments