Post-Ethereum Merge proof-of-work (PoW) chain ETHW has moved to quell claims that it had suffered an on-chain replay attack over the weekend.
Smart contract auditing firm BlockSec flagged what it described as a replay attack that took place on Sept. 16, in which attackers harvested ETHW tokens by replaying the call data of Ethereum’s proof-of-stake (PoS) chain on the forked Ethereum PoW chain.
According to BlockSec, the root cause of the exploit was due to the fact that the Omni cross-chain bridge on the ETHW chain used old chainID and was not correctly verifying the correct chainID of the cross-chain message.
Ethereum’s Mainnet and test networks use two identifiers for different uses, namely, a network ID and a chain ID (chainID). Peer-to-peer messages between nodes make use of network ID, while transaction signatures make use of chainID. EIP-155 introduced chainID as a means to prevent replay attacks between the ETH and Ethereum Classic (ETC) blockchains.
1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
BlockSec was the first analytics service to flag the replay attack and notified ETHW, which in turn quickly rebuffed initial claims that a replay attack had been carried out on-chain. ETHW made attempts to notify Omni Bridge of the exploit at the contract level:
Had tried every way to contact Omni Bridge yesterday.Bridges need to correctly verify the actual ChainID of the cross-chain messages.Again this is not a transaction replay on the chain level, it is a calldata replay due to the flaw of the specific
Read more on cointelegraph.com