Wormhole Exploit Underlines Case For Greater MPC Use Across Blockchain Oracles & Bridges

Wormhole Exploit Underlines Case For Greater MPC Use Across Blockchain Oracles & Bridges
фото показано с : zycrypto.com

2022-2-9 16:43

Decentralized finance (DeFi) might have emerged as an exciting category in the blockchain ecosystem, but its still-nascent state has left many participants exposed to the accompanying risks of this more democratized financial services iteration. 

The latest exploit of Wormhole, a blockchain bridge between Solana and Ethereum, underscores the flaws that continue to crop up and impact DeFi users. For context, the hack of  $325 million was effectively the result of flawed logic in the bridge’s programming set for an update.

Ordinarily, a transaction flowing through Wormhole to Solana requires a valid transaction signature and guardian (approved validation node). If these two conditions are met, transaction requests are approved. In the event of an invalid transaction signature and valid guardian, the necessary conditions for initiating a transaction aren’t fulfilled, leading Solana to deny this request. However, instead of presenting invalid conditions where there was an invalid transaction signature and valid guardian, the hacker used an invalid signature and a non-guardian, effectively creating two unapproved conditions. 

Because two valid conditions are needed to form a “match” to accept the transaction requests, and two invalid conditions could also be viewed as a “match” within the system’s existing logic, it allowed the hacker to mint wrapped Ethereum (wETH) on Solana. Without having to deposit 120,000 ETH into what functions as an escrow account, the hacker minted 120,000 wETH, which was then exchanged, tricking Wormhole into unlocking ordinary Ethereum that collateralized other wETH on Solana.

Although the Wormhole team has since closed the flaw, it is unclear how they intend to recapitalize the funds stolen from the bridge despite announcing efforts to that effect. While they’ve made bounty overtures to the hacker, the non-response has been deafening. Still, this hack highlights the significant vulnerabilities within the critical interoperability infrastructures that connect DeFi, and more importantly, those that allow blockchains to communicate.

Can Multi-Party Computation Mean Safer Interoperability?

Interoperability, or in this context, the ability to connect disconnected blockchains and ecosystems, is the glue that holds decentralized finance together via a spread of bridges, oracles, and more. However, interoperability can also mean vulnerability, as was the case with Wormhole, especially when interoperability is responsible for overseeing the secure exchange of value between two systems.

The idea of requiring multiple parties or proofs (like signatures) to approve certain transactions is no stranger to blockchain technology but a rather common feature of certain eWallets. The idea of distributing signature power to multiple parties diminishes the risk of a single point of failure. 

For mutlisig wallets, this means deciding who the co-signers will be and how many co-signers must sign a transaction. The problem with this model is changing co-signers and permissions, not to mention that multiple signatures need to be presented simultaneously, resulting in availability demands from co-signers for every transaction.

Multi-party computation (MPC) can help avoid these complications, but its application stretches well beyond wallets and key verification. MPC uses completely modifiable endpoints containing a portion of the secret keys but not their entirety. Together, these endpoints are used to form a consensus, and a minimum number of endpoints are set to reach this consensus on a transaction.

Kurt Nielsen, the President and Co-founder of Partisia blockchain, believes that MPC holds the key to unlocking the true potential of interoperability in a more secure, trustworthy framework. Nielsen notes, “Interoperability via token bridges exhibits immense potential to become a main value creator in the blockchain ecosystem. However, as we saw in the Wormhole exploit, moving tokens outside of their established security model poses significant challenges and vulnerabilities. Our answer is more sophisticated, proven audit principles and large scale MPC security measures.”

He further explains, “First, a regularly expiring Oracle effectively and transparently represents the values across the different blockchains like the double-entry bookkeeping that has proven its worth since the Medici Bank in the 14th century. Second, large-scale MPC security measures avoid the accumulation of financial risk across Oracles or epochs. Third, the nodes operating the Oracle in a given epoch provide collateral to back the transferred values, and finally, objective imbalances are compensated through a decentralized dispute process.”

Partisia has been involved in commercial-grade MPC solutions since 2008 and now is applying its acumen to blockchain-based applications. Partisia Blockchain effectively acts as an interoperability layer using Zero-Knowledge proof computations. With nodes being rated and ranked according to their trust score, DeFi users can gain greater trust in how and who is moving their value between ecosystems.

Although the largest such incident in 2022 thus far, Wormhole will likely be far from the only DeFi protocol, bridge, or blockchain targeted by hackers as the year progresses. Nevertheless, as Partisia shows, MPC stands out as one strategy for fostering communication between networks that oversee data or value transfer without knowing exactly what is being transferred by who and to where.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

High Performance Blockchain (HPB) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0.0064459
Капитализация $0 Rank 99999
Цена в час новости $ 0.0910131 (-100%)

blockchain left many participants state ecosystem still-nascent

blockchain left → Результатов: 126


Battling Blockchain Game Galaxy Fight Club Welcomes $7M Investment

Gamefi has been the talk of the town in crypto for a while now, and growing institutional interest suggests there’s plenty of race left to run. Whether it’s Gemini raising $400m to facilitate access to the metaverse, or the Tron Foundation launching a $300m gamefi fund, an apparently endless river of capital is flowing into the space and nourishing the impression that very soon, we’ll all be donning VR headsets and devoting our free time to exploring, interacting and earning in immersive virtual reality worlds.

2022-2-2 06:10


Фото:

Justin Sun Leaves Tron For WTO Amid Massive Reorganization Of The TRX Blockchain Governance

Justin Sun has left Tron to represent Grenada’s national interests at the World Trade Organization (WTO) leadership, in another move that once again casts doubt on his commitment to cryptocurrency. He, however, said that the move could help establish Tron’s relationship with international regulatory jurisdictions as this is the next milestone for the crypto industry. […]

2021-12-17 17:34


Crypto in the UAE. TRES Was Approved by DMCC for OTC Trade License to Operate With Cryptocurrency

On photo left to right:  Saif Al Mansouri – CEO TRES OTC DMCC, Ahmed Bin Sulayem – Executive Chairman and Chief Executive Officer of DMCC, Dmitry Krasnogor – Managing Director TRES OTC DMCC, Antony Katin – CEO SIMBA Storage, and Alexey Liakhovnenko – CEO TRES Group GmbH Back in 2020, at the Davos Summit, the DMCC (UAE Free Economic Zone) announced a strategic partnership with CV VC and CV Labs to launch Crypto Valley, the world’s largest ecosystem of cryptography, blockchain and distributed ledger in Dubai.

2021-7-20 10:58


Фото:

Federal Reserve Crypto Job Post Suggests US Won’t Lie Down in Bitcoin Arms Race

There has been a steady growth in interest for cryptocurrencies and blockchain from governments, regulators, and enterprises. Now, the U.S. Federal Reserve is showing it too does not want to be left out after posting a job for a retail payments manager that will facilitate innovations research around digital currencies, stable coins, and distributed ledger […] The post Federal Reserve Crypto Job Post Suggests US Won’t Lie Down in Bitcoin Arms Race appeared first on BeInCrypto.

2019-11-6 22:20


Фото:

Moonday Mornings: eBay, Mastercard, Visa, Stripe, and Mercado Pago leave Facebook’s Libra Association

Good morning forkers, it’s that time of the week again. It’s Hard Fork’s wrap-up of the weekend’s cryptocurrency and blockchain headlines you shouldn’t miss. Let’s get to it. 1. Facebook‘s “cryptocurrency” Libra is facing yet more challenges as Mastercard, Visa, eBay, payment system provider Stripe, and South American partner Mercado Pago have pulled out of the troubled project, The Financial Times reports.

2019-10-14 11:40