Hackers of India

Hack The Bridge

By  Anto Joseph  on 07 Sep 2022 @ Nullcon


Presentation Material

Abstract

Blockchains are disrupting finance (DeFi), collectibles (NFTs), and even governance (DAOs). This is all possible with smart contracts & cutting-edge cryptography where code is law and execution is final. However, immutability is a double-edged sword: a hack is just as permanent as any other event. Because of this, smart contracts must be treated with the same security mindset as any mission-critical system: a single vulnerability can cost hundreds of millions of dollars, if not more.

In this talk, we discuss different bridge designs that help transfer value across blockchains. We will look at practical attacks against these designs and demonstrate real-world exploits on production systems (patched). Currently, there is more than $25B of value locked in multiple bridges, but very little has been done to level up the security of some of these systems. The number of cross-chain bridges are expected to grow as new scaling solutions and entire new chains are entering space daily. We dive into different bridge designs, their security trade-offs, vulnerabilities that may exist in these designs, and best practices for end-users and developers.