From c53af062226d9eee652cb282b121a11729c49680 Mon Sep 17 00:00:00 2001 From: bt3gl <1130416+bt3gl@users.noreply.github.com> Date: Mon, 10 Oct 2022 10:39:03 -0700 Subject: [PATCH] =?UTF-8?q?=F0=9F=8D=B3=20binance=20bridge?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- vulnerabilities/bnb_bridge.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 vulnerabilities/bnb_bridge.md diff --git a/vulnerabilities/bnb_bridge.md b/vulnerabilities/bnb_bridge.md new file mode 100644 index 0000000..0c93dd7 --- /dev/null +++ b/vulnerabilities/bnb_bridge.md @@ -0,0 +1,29 @@ +## 🍳 binance bridge + +
+ +### tl;dr + +* an attacker stole 2 million BNB (~$566M USD) from the Binance Bridge +* the attacker exploited the BNB bridge into minting 2 batches of 1M BNB each, via falsified proofs of deposit on the legacy binance beacon chain +* the bridge uses vulnerable IAVL verification which the attacker was able to forge, specifically for block 110217401 +* to not draw attention, funds were deposited as collateral on the lending platfor, venus protocol - making it look like it was simply a gigawhale +* users begain to notice high-slippage swaps and tether blackisting funds +* the attacker supplied 900k bnb to venus, borrowing a total of $147M in stablecoins, before bridiging to ethereum and l2s, fantom, avalance, polygon +* bnb paused for 8h, with 26 validators the chain is not really decentralized + +
+ +Screen Shot 2022-10-07 at 2 15 35 PM + + +
+ +### resources + +
+ +* [samczsum](https://twitter.com/samczsun/status/1578167198203289600) +* [rekt](https://rekt.news/bnb-bridge-rekt/) +* [slow mist](https://twitter.com/SlowMist_Team/status/1578220472373649408) +* [dedaub](https://twitter.com/dedaub/status/1578428002701959170)