The platform dropped details about the exploit of its V3 router prototype, though users have been assured that the default bridge is unaffected.
AnySwap V3 Router Prototype Suffers Exploit
After a recent exploit of their V3 router prototype AnySwap has released a comprehensive report about the incident. Following the recent multichain prototype router exploit on July 10th the protocol released a postmortem via Medium, which explained the incident’s description, what transpired, and the solutions provided.
The postmortem posted on the 12th of July is a follow-up to the protocol’s Tweet on 11th July about the detected exploit.
An exploit occurs when a smart contract is able to be manipulated in order to steal tokens or manipulate pricing. These exploits are usually the result of an oversight in the contract’s code by developers.
AnySwap Multichain Router V3 Exploit
The AnySwap multichain beta V3 router was launched on June 4th. It was deployed on three of the most prominent networks in the Decentralized Finance (DeFi) ecosystem — Binance Smart Chain (BSC), Fantom, and Polygon, with plans to add more in the future.
The beta release features a native swap; a non-custodial + MPC explained extensively in its Medium post, and a multichain router that allows users to swap between two chains.
Unfortunately, the unique innovation faced a significant exploit that prompted the protocol to halt the system.
Although V1/V2 funds were safe, the cross-chain Decentralized Exchange (DEX) announced that a post-mortem would be released to affected users of the new V3 cross-chain liquidity pools. With this in mind, the protocol has released comprehensive details of the incident and its solutions.
Postmortem Report: AnySwap Drops Statement
Below is a detailed report of the V3 router exploit according to its Medium article posted on 12th July 2021.
Details of The Attack
The attack ensued on the 10th of July, 2021 (8:00 PM UTC) on the AnySwap V3 multichain router prototype.
Details of Exploited Transactions
Stolen Amount: 1,536,821.7694 USDC
Stolen Amount: 5,509,2227.35372 MIM
Stolen Amount: 749,033.37 USDC
How the Exploit Happened
Two V3 router transactions with the same R value signature were detected under the V3 Router MPC account on BSC. The attacker hacked into the MPC account and obtained the private key. The AnySwap team reproduced the method used.
The V1/V2 bridges are safe as they have been audited and do not have the same R transactions.
AnySwap disclosed that a more detailed report about this would be published later.
Solutions
In response to the R signature flaw, the AnySwap team has fixed the code to avoid the same error. In essence, the R signatures will no longer be the same.
The AnySwap router V3 will relaunch in about 48 hours, and users are urged to follow AnySwap’s Twitter account for updates.
Trail of Bits has been auditing the V1/V2, and they will do the same for the V3 incident, according to AnySwap.
Conclusion
A total of 2,398,496.02 USDC and 5,509,222.73 MIM were stolen from the protocol, and it will go down in the record books as another significant exploit on BSC. AnySwap has taken actions to compensate its affected users and has promised that liquidity providers will withdraw their assets from the pool once again after liquidity is refilled upon the V3 relaunch.
Source : bsc.news
Founded in 2020, BSCNews is the leading media platform covering decentralized finance (DeFi) on the Binance Smart Chain (BSC). We cover a wide range of blockchain news revolving mainly around the DeFi sector of the crypto markets. BSCNews aims to inform, educate and share information with the global investment community through our website, social media, newsletters, podcasts, research, and live ask me anything (AMA). Our content reaches hundreds of thousands of global investors who are active in the BSC DeFi space.
BSC NEWS is a private news network. All posts posted by this user belong 100% to bsc.news All rights are reserved to BSC NEWS for more information about BSC NEWS contact BSC NEWS HERE.
