Cobo Blockchain Security Team’s take on the vulnerability in Stargate’s underlying protocol LayerZero
This article is authored by Cobo’s Blockchain Security Team. The team members are originally from well-known security laboratories with many years of experience in cyber security and exploitation. They have reported critical vulnerabilities and are credited by Google, Microsoft, and other companies, and ranked on the Microsoft MSRC “Most Valuable Security Researcher” list. The team currently focuses on smart contract security and DeFi security while building cutting-edge blockchain security technologies. The team is looking for long term learners with curious minds and methodical problem solving skills who are passionate in crypto to join the team.
LayerZero, a hot cross-chain message passing protocol that underlies Stargate, has updated its default ProofLibrary contract. After deep investigation into the code, Cobo Blockchain Security Team confirmed that this update fixed a critical vulnerability in the previous version, which may affect all applications based on LayerZero.
Stargate Finance(https://stargate.finance/), with more than $3.5 billion TVL, has quickly become one of the most popular cross-chain bridge projects. Stargate is an application built on top of LayerZero protocol and relies on LayerZero to pass messages reliably across chains.
The basic architecture of how LayerZero passes messages across chains is as follows:
- Trusted oracles submit the source chain’s block hash and block receipts root to the target chain.
- Relayers submit transaction receipt and path proofs with block receipts root to the target chain.
- The validation contract, a.k.a. ProofLibrary, on the target chain will be invoked to validate the correspondence between the transaction receipts submitted by relayers and the block receipts root submitted by trusted oracles [1].
- If the validation succeeds, the receipt is considered as legitimate and will be forwarded to the upper-layer protocol to finish subsequent cross-chain asset operations.
LayerZero updated its default validation contract on March 28 without making any public announcement [2]. By comparing the code of the original contract (MPTValidator) and the new validation contract (MPTValidatorV2) [3], Cobo Blockchain Security Team confirmed that the update fixed a critical vulnerability in the previous version.
The gist of the fix is as follows:
In the original vulnerable code of MPT proof, hashRoot used in the calculation of the next iteration was obtained from user-provided pointers with inline assembly instructions. However, no security guards exist to ensure the pointers are within range. If an attacker passes in an out-of-bounds pointer, the contract may reference hashRoot from addresses out of the proofBytes. Thus, attackers can craft malformed proof data to fool the validation, which further leads to faked transactions. Finally, even if the oracle is trustworthy, a malicious relayer can also fake cross-chain messages by forging receipt data, breaking the security assumption of LayerZero.
At present, oracles used by LayerZero protocol are smart contracts owned by multi-signature, which are often deemed more trustworthy. However, relayers are often owned by EOA addresses, which means a compromised relayer can submit fake data to complete all attack processes.
The fixed version of the code uses a safeGetItemByIndex function to obtain the hashRoot of the next iteration of the MPT proof, which ensures that hashRoot always resides in proofBytes so that the MPT verification can proceed correctly.
In this particular case, the vulnerability was manifested in the MPT proof part, which is the cornerstone of the other operations of the entire LayerZero and upper-layer applications (such as Stargate). Although the LayerZero team has fixed the found vulnerability, there is no guarantee that similar issues will not arise again. In addition, most of the core contracts of the LayerZero protocol are currently controlled by EOA without multi-signature or time-lock protection. If the privileged EOAs are compromised, it will also leave all the assets of upper-layer applications in danger.
Cobo blockchain security team would like to remind all investors that special attention should be paid to the security risks of new projects. We hope the LayerZero developers will conduct more thorough audits of its contract code and transfer the current EOA-controlled privileges to multi-signature or time-lock contracts as soon as possible to reduce the attack surface.
References:
[1] https://eth.wiki/fundamentals/patricia-tree
[2]https://etherscan.io/tx/0xf4f0495bfed37d4d95b3342ead0962433c7973f240b9b0739faa91e6ccac9d40
About Cobo
Cobo is the leading cryptocurrency custody and asset management platform in the Asia Pacific. It provides all-in-one crypto infrastructure services such as custody, trading, lending, WaaS (Wallet as a Service), DaaS (DeFi as a Service), StaaS (Staking as a Services) as well as crypto asset management.
