Skip to content

Latest commit

 

History

History
45 lines (32 loc) · 2.05 KB

File metadata and controls

45 lines (32 loc) · 2.05 KB

Ronin Bridge

Step-by-step

  1. Social engineer attack against key holders to get privileged keys
  2. Use the privileged keys to drain funds

Detailed Description

The Ronin Bridge was operated by 9 validators with a threshold of 5 out of the 9. This threshold was misleading though, as 4 validators were operated by Sky Mavis. What is more: in Nov 2021, Axie delegated their validator's signature to Sky Mavis too. This delegation was supposed to be temporary, as Axie was experiencing heavy traffic. Nevertheless, it was never revoked.

As a result, Sky Mavis had 5 signatures. Enough to approve any message.

The attacker got control of the keys doing a social-engineer attack. Once they had it, the were able to call withdrawERC from the bridge without a backing transaction on the other side.

Possible mitigations

  • Multisigs do not matter if in practice several keys are controlled by the same entity. Distribute keys to independent entities to actually enforce that several entities must agree with a transaction before executing it.

Diagrams and graphs

Class

class

Call graph

call

Sources and references