How did I Save 70000 ETH and Win 6 Million Bug Bounty
💡 Read the original post here: https://pwning.mirror.xyz/CB4XUkbJVwPo7CaRwRmCApaP2DMjPQccW-NOcCwQlAs.
Hi! I am pwning.eth, a wanderer in the hacking space who has recently jumped into the wonderland of crypto. A few months ago, I reported a critical bug in the Aurora Engine, a layer 2 EVM solution built on the NEAR protocol. At least 70000 ETH were at risk of being stolen, until I found the tricky vulnerability and helped the Aurora team fix it. It would be in the top 5 heists in the defi history, if the 200 million tokens were taken over by a blackhat hacker. In the end, I won a bug bounty of 6 million, which was the second highest bounty in history.
I am an experienced whitehat hacker from the web2 world. I have been watching the hacking drama in the crypto world for a while, and there is so much randomness! I am not too surprised at the astronomical profits of defi hackers, because the criminals in the real world also make an insane amount of money. However, I was really shocked by the story of saurik, a famous hacker in the jailbreak community. The size of his bug bounty is unheard of in the traditional security world, and so I can’t wait to start my own treasure hunt in web3.
I started by checking the bounty list on Immunefi. The Aurora bounty program, listed on the very top of the website due to its huge bounty offer, caught my eye. It was a novel project built by a group of talented engineers, which suggested that it might be complex enough to be immune to common defi hackers and mysterious enough for me to learn something magical. Thanks to my experiences in hacking modern complex systems, I was able to start my research on the new blockchains quickly. I had reviewed the Aurora bridge, which was a solid project. Then I moved on to the Aurora engine and discovered the unicorn bug in a few hours. Unlike ordinary defi vulnerabilities, I didn't think this bug could be identified by random people as fast or lucky as me, so I took my time verifying and reproducing the bug in case it was a false alarm. It took me a few days to learn, build, learn, test and finally finish the report.
I tried pinging the Aurora team in discord, sending messages to the official bounty email and submitting the issue through Immunefi. They confirmed and patched the vulnerability quickly, and have since recounted the general story. Their rewards for smart contract critical vulnerabilities are calculated as 10% of potential economic damage of their exploitation, up to a value of $6,000,000 USD. In this case, the potential damage could have been higher than ten times this maximum reward. Therefore I was eligible to receive the maximum possible amount, the total value of $6,000,000 USD, in the form of locked AURORA tokens. It’s a pretty smart and lucky move to be listed on Immunefi :)
The technical details have been explained by Immunefi. Here is my short summary:
1. The Aurora engine implements token bridging in prebuilt contracts at hardcoded addresses. They are the magical bridges connecting Ethereum, NEAR and Aurora.
2. The vulnerable contract always emits a fixed address in bridging events, assuming the msg.value
will be collected by itself. However, if the contract is invoked by delegatecall()
, the msg.value
will never be sent to the contract but the log will be emitted as usual.
3. By repeating the malicious withdrawal then redeposit process, the attacker can double their balance exponentially. The infinity inflation of ETH could have destroyed the whole ecosystem of Aurora: all 71k ETH in the aurora
account could have been drained, and other valuable tokens could have been purchased by free ETH. (There were billions of TVL in the Aurora bridge.)
If you are hardcore enough, you may find the original report and scripts interesting, enjoy!