The Wormhole Hack: How Soteria detects the vulnerability automatically
Recently, an attacker was able to steal more than $320 million from Wormhole, a popular bridge linking Solana and Ethereum.
The root cause lies in a bug in verify_signatures
of the Wormhole bridge code:
(1) it did not validate an input account and
(2) it used an unsafe and deprecated Solana API to parse the account.
If wormhole had avoided either (1) or (2) above, the attack would have been avoided.
For (1), we will elaborate it in Section “premium version” in the second half of this article (also see a detailed analysis by samczsun and the bug fix).
For (2), the API load_instruction_at
provided in solana_program::sysvar::instructions
does not check validity of accs.instruction_acc
.
Therefore, the attacker could supply a faked account to do verify_signatures
. The code diff for the fixes are shown below: