Replay Attack on Ethereum Proof-Of-Work

Key Takeaways:

On September 18, a vulnerability caused a replay attack on the Ethereum Proof-of-Work (PoW) network by replaying a message from the Ethereum POS chain.

The bridge’s failure to properly check the cross-chain message’s actual chainid, which it keeps track of, is what gives rise to the exploitation.

On September 18, the Ethereum Proof-of-Work (PoW) community was subjected to a replay attack in which exploiters replayed a message from the Ethereum POS chain.

According to BlockSec, which discovered the attack first, the exploit occurred because the bridge did not precisely authenticate the precise chainID of the cross-chain message.

Based on the BlockSec thread, the underlying cause of the exploitation is that the bridge does not appropriately verify the real chainid (which it keeps track of) of the cross-chain message.

The exploiter first transferred 200 WETH via the Gnosis chain’s Omnibridge. The same transaction was then repeated on the PoW chain to obtain an additional 200 ETHW.

1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022

The attack has been confirmed by the official ETH PoW Twitter account, which clarified that it isn’t a transaction replay on the chain level. Instead, it’s due to the name information replay brought on by a contract error.

They declared:

“We had tried every method to get in touch with Omni Bridge yesterday. Bridges are required to precisely confirm the cross-chain messages’ ChainID.”

Had tried every way to contact Omni Bridge yesterday.

Bridges need to correctly verify the actual ChainID of the cross-chain messages.

Again this is not a transaction replay on the chain level, it is a calldata replay due to the flaw of the specific contract. https://t.co/bHbYR4b2AW pic.twitter.com/NZDn61cslJ
— EthereumPoW (ETHW) Official #ETHW #ETHPoW (@EthereumPoW) September 18, 2022

Meanwhile, because the community enforced EIP-155 before the hard fork, a chain-level replay attack is not feasible on the ETHPOW chain. This means that no transaction may be performed on the POW chain or vice versa from the ETH proof-of-stake chain.

The exploit not taking place at the chain level may not matter much, though. Since the PoW fork has only been operational for a little over 72 hours, an early exploit could have a negative impact on the fork’s potential for further acceptance.

The attack has stunned people, and some, like @MilancheP, are making fun of the Ethereum community, calling it a “Nice scam” and adding that the chain is pitiful because “developers” are dumping from the first listing. People continue to buy this and still think it’s a coin-and-chain.

Nice scam @EthereumPoW , "developers" dumping from the first listing, chain is pathetic… And people still buying and believe this is coin and chain.
— Milan P (@MilancheP) September 18, 2022

Others like @wonderingsheng and @ForwardIsGood are concerned about replay attacks.

https://twitter.com/ForwardIsGood/status/1571484606750425092?s=20&t=SM6jFZgRuafJcI5_ubcqRA

Yeah, I am concerned of replay attacks. Thanks for keeping a lookout ???? ????
— conjectures ???? (@wonderingsheng) September 18, 2022

The value of ETHW has suffered as a result of this attack. The price of the ETHW coin decreased by 17.8% over the past day. Over the past two weeks, the token’s value has dramatically decreased by more than 80%.

#PeckShieldAlert Seems like @EthereumPow suffered a replay attack. $ETHW has dropped -12%. Be Alerthttps://t.co/wuPLXsaanN pic.twitter.com/OlDgvNehTh
— PeckShieldAlert (@PeckShieldAlert) September 18, 2022