This repository was archived by the owner on Nov 30, 2021. It is now read-only.
This repository was archived by the owner on Nov 30, 2021. It is now read-only.
Replay Tx on another Chain #687
Description
Vulnerability Overview:
Since ethermint uses the same type of chainIDEpoch for ethereum compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack etc.
Details and Root Cause:
First, we found some ground truths:
- Both ethermint and ethereum have the same signature scheme.
- User has the same public key and private key on ethermint and ethereum.
- Different chainID can be parsed to a same chainIDEpoch such as "ethereum-1" and "erhermint-1"
Thus, if a msg successfully executed on ethereum of some chainIDEpoch, say 1 (mainnet), then it can be replaied on ethermint of the same chainIDEpoch (with the nonce check passed), and vice versa.
Steps to Exploit:
- Suppose that there are two chains. One's chainID is "Ethereum-1",the other is "Ethermint-1".The victim have accounts on both chains with the same public key (private key).
- The victim transfer 10eth to the attacker,and the victim's MsgEthereumTx.data.nonce on "Ethereum-1" is 300. The victim's MsgEthereumTx.data.nonce on "Ethermint-1" is 300(or less than 300).For the previously mentioned vulnerability can greatly reduce the difficulty of exploiting this vulnerability only need to meet the nonce of the replayed chain than the nonce of the replayed chain can be low.
- The attacker replay the MsgEthereumTx on "Ethermint-1".