Rewards - Bug Bounties
Logic error allowing malicious attacker to execute a token transfer on behalf of the AMB contracts
Days in Operation:
100 pts each
Whitehat 0xadee028d submitted an arbitrary method call vulnerability in xDai to Immunefi. The vulnerability was assessed to have a severity level of medium, but was out of scope of xDai’s bug bounty program. Additionally, the bug only allowed a potentially malicious hacker to gain access to funds in a contract that users were never supposed to send funds to in the first place.
At the time of the report, however, a user had accidentally sent $4.50 in renBTC to the contract 10 months prior, which amounted to the total funds at risk. If users had sent more funds to that contract, more would have been at risk, and the same holds for any funds sent to that contract in the future. Despite the vulnerability being out of scope, xDai generously decided to pay out a bounty of $5,000 USDC to the whitehat.
xDai operates as an Ethereum sidechain, and there is a bridge between the Ethereum Mainnet and the xDai chain that allows users to pass arbitrary messages from one chain to another — an Arbitrary Message Bridge (AMB). Since the AMB contracts allow calls of any method of any contract, a malicious attacker could compose such a message that would execute a token transfer on behalf of the AMB contracts.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.