Poly Network hack $ 611 million and the hacker return the fund

5 min readAug 15, 2021

Analysis of Poly Network Security Hole

Background

On August 10, 2021, a critical exploit was discovered on the Poly Network that enabled the hacker(s) to steal more than $600M USD worth of investor funds. Shortly after, the Poly Network Official Twitter made the following announcement:

https://twitter.com/PolyNetwork2/status/1425073987164381196?s=20

What is the Poly Network?

Poly Network is a blockchain system to implement interoperability cross-chain interactive services. It could support Bitcoin, Ethereum, Neo, Ontology, Switcheo, Binance Smart Chain(BSC), Heco blockchains. Currently, PolyBridge can cross Ethereum, Ontology, Neo, BSC, Heco, OKExChain and Polygon(Matic) including token transaction and smart contract interaction.

How does the Poly Network connect with other networks?

Poly Network cross-chain interaction between chains architecture as below:

Source: https://github.com/polynetwork/docs/blob/master/poly/README.md

The figure shows that Chain A user interactive with Poly Network and Chain B mechanism, the detail process as below:

Chain A user invoke the DApp Contrac
Chain A user trigger the business logic on DApp Contrac
Chain A invoke the cross-chain interface to Cross-Chain Manager Contract
Chain A Cross-Chain Manager Contract process the request and generate merkle-tree
Chain A Cross-Chain Manager Contract write merkle root into block header
Chain A relayer sync the block header
Chain A relayer commit merkle proof to Poly Network chain
Poly Network Header Sync Contract read the block header from Chain A relayer sent to Cross-Chain Manager Contract
Poly Network Cross-Chain Manager Contract verify proof by merkle root in header
Poly Network Cross-Chain Manager execute tx and write into ledger
Poly Network relayer sync the block header
Poly Network relayer commit merkle proof to Chain B
Chain B Header Sync Contract read the block header from Poly Network relayer sent to Cross-Chain Manager Contract
Chain B Cross-Chain Manager Contract invoke DApp Contract on Chain B
Chain B DApp Contract execute business logic

What are “Keepers”?

Keepers is a kind of service to provide blockchain at the moment to sync the ledger on Chain A or Chain B or Poly Network. For example, a relay chain validator is a kind of keeper.

What are Cross Chain Managers?

Cross-Chain Manager is the contract to provide blockchain DApp contract business logistic execution process to generate the merkle tree. It has higher authority to trigger messages sent to a relative relayer.

Which networks were impacted?

Poly Network impacted three blockchains Ethereum, BSC, Polygon.

Key Problem

Poly Network provides cross-chain service that connects different blockchains. To reach consensus between blockchains, Poly Network design and deploy higher privilege Cross-chain Manager Contract on each blockchains and this manager communicates with their Keepers, which is relayed between blockchains to provide consistent communication messages and maintain the blockchains synchronize, but the Cross-chain Manager Contract has security vulnerability problems. It’s basically an access control issue with three functions:

Contract “EthCrossChainManager” may have too much authority to modify the following contract.
Function “verifyHeaderAndExecuteTx” that anyone can call to execute a cross-chain transaction. It verifies that the block header is correct by checking the signatures of the keepers(relayers) public key.

Change keeper operation transaction on BSC:

https://bscscan.com/tx/0x3eba3f1fb50c4cbe76e7cc4dcc14ac7544762a0e785cf22034f175f67c8d3be9

Change keeper operation transaction on Ethereum:

https://etherscan.io/tx/0xb1f70464bd95b774c6ce60fc706eb5f9e35cb5f06e6cfe7c17dcda46ffd59581

The putCutEpochConPubKey Bytes function of EthCrossChainData.sol code:

EthCrossChainData Contract Security Hold

The attacker used the verifyHeaderAndExecuteTx function to call the putCurEpochConPubKeyBytes function to change the keeper public key stored in the EthCrossChainData contract.

3. Function “call _executeCrossChainTx” makes the call to the target contract. Here’s where the critical flaw is because this requires only checking the address of the contract without checking the owner of the contract.

executeCrossChainTx Contract Security Hole

The contract only checks that the address is in fact a contract, but does not check whether the contract’s owner is authorized to engage with it.

4. Checks that the transaction was included within that block with a Merkle proof.

Source: https://twitter.com/kelvinfichter/status/1425217046636371969

Specific Question

The key problem of Poly Network is that the “verifyHeaderAndExecuteTx function” of the EthCrossChainManager contract can execute specific cross-chain transactions through the _executeCrossChainTx function.

The analysis by PeckShield

PeckShield analysis Poly Network hack event

Source: https://twitter.com/peckshield/status/1425119080827215876

Approach

Poly Network Cross-chain Manager Smart Contract has security vulnerability, the hacker successfully sent normal transactions and modified the public key of the keeper. Using the new keeper public key, the hacker successful withdrawal the fund from Poly Network to hacker address:

https://etherscan.io/tx/0xad7a2c70c958fcd3effbf374d0acf3774a9257577625ae4c838e24b0de17602a#internal

Attacked Contract on BSC:

https://bscscan.com/address/0x7cea671dabfba880af6723bddd6b9f4caa15c87b

Attacked Contract on Ethereum:

https://etherscan.io/address/0x838bf9e95cb12dd76a54c9f9d2e3082eaf928270

Hacker Address:

https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963#tokentxns

2021/8/11 Hacker returns $ 477 million funds. Poly Network Official Twitter Announcement:

Key Takeaways

Smart contract access control is the key problem that enabled hackers to perform this attack. The EthCroseChainManager function can modify the target contract to any address the owner wants to change. These kind of situation can solve by three possible methods: