{"id":444,"date":"2023-01-30T11:01:20","date_gmt":"2023-01-30T09:01:20","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=444"},"modified":"2023-01-31T14:50:15","modified_gmt":"2023-01-31T12:50:15","slug":"2022-solana-hacks-explained-wormhole","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained-wormhole\/","title":{"rendered":"2022 Solana Hacks Explained: Wormhole"},"content":{"rendered":"

Wormhole<\/strong><\/a> is a message-passing protocol<\/strong> enabling the transfer of tokenized assets<\/strong> between supported chains<\/strong>. In other words, it allows one to send ETH from Ethereum and receive a wrapped wormhole ETH (wETH) on Solana. Thanks to that, developers can also create cross-chain dApps<\/strong>.<\/span><\/p>\n

The basic principle of operation is that each<\/strong> supported chain<\/strong> has a wormhole<\/strong> contract<\/strong> that emits or processes wormhole messages. The system relies on so-called ‘Guardians<\/strong>‘, a distributed set of nodes that monitor the state of transactions and after consensus sign the messages emitted by the wormhole contracts. When a user sends ETH to Solana, the system locks<\/strong> the tokens<\/strong> into a contract<\/strong> on the source chain (Ethereum) and when the Guardian nodes approve that it happened, they sign<\/strong> the message, and another contract on the destination chain is called to issue the parallel ‘wrapped’ token<\/strong>.<\/span><\/p>\n

What happened<\/strong><\/p>\n

In February 2022, an attacker stole<\/strong> assets worth roughly $338M<\/strong> (at the time of the exploit) by circumventing<\/strong> the signing<\/strong> process<\/strong> and minting 120k wrapped ETH tokens on Solana without locking an equivalent on Ethereum. Even though the Wormhole team sent a message<\/a> to the hacker offering a white hat agreement<\/strong>, there was no response. The hacker used 93,750 of the minted wrapped ETH to redeem back to equivalent ETH tokens on Ethereum, thus draining<\/strong> the money from Ethereum liquidity pool<\/strong>. The rest of the tokens were sold for SOL and USDC, as seen in the hacker’s wallet<\/a>. Wormhole’s investor, Jump<\/strong> Crypto<\/strong> replenished all 120k<\/strong> ETH<\/strong>, virtually bailing<\/strong> Wormhole<\/strong> out<\/strong>.<\/span><\/p>\n

Exploit Details<\/b><\/p>\n

The Wormhole project is open-source,<\/strong> and the public repository<\/a> <\/strong>is accessible to anyone. Interestingly enough, the hack happened only a few hours after a critical bug was fixed<\/a><\/strong> and committed to the public repository and before a new version<\/strong> of the program was deployed.<\/span><\/p>\n

The bug’s root cause was a deprecated function<\/strong><\/a> <\/span><\/p>\n

load_instruction_at <\/span><\/pre>\n
being used during the Wormhole signature verification<\/strong>. The way to build custom instructions that ‘do’ signature verification<\/strong> is by sending a transaction made of (at least) two instructions<\/strong> and checking<\/strong> that the native program instruction was sent. As described in the secp256k1_instruction.rs<\/strong><\/em><\/a> documentation, it is necessary to:<\/span><\/p>\n