link.png

ID:

aurora-engine-1165

Date:

Status:

Incident Count:

June 16, 2022

Near-Miss

2

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

Sigma Prime

Loss Amount:

-

info.png

Recovered:

-

Rewards:

1,000,000

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Near

Protocol

Layer 2

Rewards - Bug Bounties

Extended Method:

Withdrawn function logic error

info.png

Days in Operation:

579

(1.59 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

Aurora is an EVM (a fully operational environment for Solidity smart contract execution) existing on the NEAR blockchain. However, from Aurora’s perspective, it is an L2 network that allows using assets and contracts as though they were on Ethereum. And that’s with leveraging the high throughput and low fees of NEAR blockchain.

An anonymous whitehat submitted a critical vulnerability to Aurora via Immunefi, which consisted of a withdrawal logic error. At the time of the submission, on block 14970303, 50550.9 ETH was on the vulnerable contract. Given that the average price for ETH that day was ~$1,245, the funds at risk amounted to $62,935,870.

Aurora has a flaw in the withdraw function that it was possible to use the Echo contract to steal the funds from the EthCustodian contract without burning any tokens on the Aurora side. First, an attacker had to create a malicious payload, which would be correctly deserialized to the BurnResult struct. Then, all a malicious user needs to do is call the view function in the Aurora, which will call the Echo contract with the above payload. By doing so, the NEAR blockchain will record a valid and successful transaction containing the payload decodable by EthCustodian.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.