Rob Behnke
October 4th, 2021
The pNetwork project implements a cross-chain protocol allowing tokens from one blockchain to be “wrapped” and used on another. On September 19, 2021, an attacker took advantage of a vulnerability in the project’s code to steal 277 BTC worth over $13 million from the protocol.
The pNetwork project is an example of a cross-chain protocol. The goal of these protocols is to allow users to “wrap” a token for use on another blockchain. For example, in the case of this attack, the exploited bridge allowed Bitcoin (BTC) to be wrapped and used on Binance Smart Chain (BSC).
These protocols work by programmatically locking and releasing tokens on each of the bridged chains. In this case, a “peg in” request would involve the user sending BTC to a particular address on the Bitcoin blockchain. The pNetwork code would monitor for this event and, when it was detected, release a corresponding amount of tokens on BSC.
The user can then use these tokens for transactions on BSC. When they want their BTC back, they can “peg out” by performing the same process in reverse, sending tokens to an address on the BSC chain to unlock them on the BTC chain.
Cross-chain protocols do not require users to peg in and peg out the same amount. A user may attempt to peg out more BTC than they initially sent in. Since BTC are fungible, a protocol like pNetwork can fill requests for a peg out with any BTC locked in its contract, meaning that users are not limited to the tokens that they sent in.
The pNetwork hack was made possible by a flaw in the code that processed event logs for the protocol. These event logs include peg-out requests that are then processed by the protocol to unlock cryptocurrency on the Bitcoin blockchain.
The issue with the code was one of improper validation of peg-out requests. The attacker created event logs that contained a legitimate peg-out request and a set of fake peg-out requests that were created by the attacker’s smart contracts rather than pNetwork’s contracts.
The Rust code that extracted and processed these event logs did not validate that the requests originated from the pNetwork contracts. This meant that the fake requests generated by the attacker’s contract were processed as well. As a result, the contract erroneously unlocked tokens and transmitted them to the attacker.
The pNetwork hack was made possible by an assumption that all peg-out requests in event logs would be generated by pNetwork’s legitimate contracts. By spoofing these requests, the attacker was able to steal 277 BTC from the protocol.
This attack demonstrates why security audits are especially important for cross-chain protocols, where a project does not have complete control over its internal workings. By implementing proper validation of peg-out requests, this attack could have been prevented.