Published in


Aurora Withdrawal Logic Error Bugfix Review


Aurora Introduction


Technical background on Aurora and Rainbow Bridge

struct BurnResult {
uint128 amount;
address recipient;
address ethCustodian;
/// withdraw result for eth-connector
#[cfg_attr(not(target_arch = “wasm32”), derive(BorshDeserialize))]
pub struct WithdrawResult {
pub amount: NEP141Wei,
pub recipient_id: Address,
pub eth_custodian_address: Address,


pub extern “C” fn view() {
let mut io = Runtime;
let env = ViewEnv;
let args: ViewCallArgs = io.read_input_borsh().sdk_unwrap();
let current_account_id = io.current_account_id();
let engine = Engine::new(args.sender, current_account_id, io, &env).sdk_unwrap();
let result = Engine::view_with_args(&engine, args).sdk_unwrap();
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.7.0 <0.9.0;
contract Echo {
function echo(bytes memory payload) public pure {
assembly {
let pos := mload(0x40)
mstore(pos, mload(add(payload, 0x20)))
mstore(add(pos, 0x20), mload(add(payload, 0x40)))
return(pos, 51)
  • An amount to withdraw written in little-endian notation, for example, 0x0000000000f06381960a000000000000
  • Address of the receiver on Ethereum blockchain, for example, 0x1111111122222222333333334444444455555555
  • EthCustodian address (the one which will be processing withdraw on the Ethereum side), for example, 0x6666666677777777888888889999999911111111
  • Proof data is associated with the transaction that did happen on the NEAR blockchain
  • The executor_id is the Aurora contract
  • Data from the proof will be correctly deserialized to the BurnResult struct
  • The deserialized data contains the EthCustodian contract’s address

Vulnerability Fix




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.