Home » BlockSec

BlockSec

ETHW confirms contract vulnerability exploit, dismisses replay attack claims

Post-Ethereum Merge proof-of-work (PoW) chain ETHW has moved to quell claims that it had suffered an on-chain replay attack over the weekend. Smart contract auditing firm BlockSec flagged what it described as a replay attack that took place on Sept. 16, in which attackers harvested ETHW tokens by replaying the call data of Ethereum’s proof-of-stake (PoS) chain on the forked Ethereum PoW chain. According to BlockSec, the root cause of the exploit was due to the fact that the Omni cross-chain bridge on the ETHW chain used old chainID and was not correctly verifying the correct chainID of the cross-chain message. Ethereum’s Mainnet and test networks use two identifiers for different uses, namely, a network ID and a chain ID (chainID). Peer-to-peer messages between nodes make use of network ID...