Wrapped BANANO (wBAN) Bridges Rekt — Post-Mortem

Nov 11, 2021 4 min read

Explanations of what happened with the wBAN bridges, why we had to stop them and what we did in the interim

You probably noticed the wBAN bridges were stopped a few days ago, here’s the full story of what happened. Keep reading for an explanation of how “water flowed under the bridge”.

What happened?

It all started with a notice that the Polygon hot wallet needed a refill. This happened a lot of time in the past, it usually means that user withdrawals have become larger than what the hot wallet currently holds. And as was customary, we refilled the hot wallet. But this time was different, while checking the balances by hand, we noticed a discrepancy. Something was missing, the supply of wBAN minted weren’t backed 1–1 anymore! This should never happen.

No users have suffered loss of BANs due to this incident.

When the DeFi team decided to stop Polygon bridge, the same problem began to appear Binance Smart Chain version as well.

How did we investigate?

We started to brainstorm what could have been the cause, was it a bug or malicious activity? We had to manually review scraps and logs of data. This revealed to be extremely laborious, so a special wBAN forensics tool was developed for further analysis.

Ironically, not much came out from the various extractions, we were initially focusing on potential bugs related to forked Banano transactions, especially as the Banano network had lots of issues a few weeks back.

On Sunday, luck & perseverance finally struck! We were able to understand what happened: someone used one of the bridge as an attack vector against the other.

No users have suffered loss of BANs due to this incident.

Before we explain the attack, you need to understand a bit how wraps works.
When a monkeys ask to wrap some BAN, two things happen:

  1. The bridge signs a message (called a receipt — proof that the user had deposited enough BAN) made of the following data: BSC or Polygon address + amount to wrap + timestamp of the request, from a wallet allowed to mint wBAN tokens
  2. The bridge gives back the receipt to the user, allowing him to make a call to the wBAN smart-contract by providing the details of the wrap (same 3 above inputs) + the receipt

Then the smart-contract verifies that the signature of the receipt is made from a wallet allowed to mint some wBAN, that the inputs given matches what was signed, and also that this receipt was not consumed before. If so it mints new wBAN tokens.

What did the attacker do?

So with that knowledge, here is what the attacker did:

  1. deposit some BAN into BSC bridge
  2. wrap them: the attacker now knows the receipt for this legitimate wrap request
  3. make the exact same call (with same inputs) to Polygon smart-contract in order to mint the same amount of wBAN on Polygon — this worked because BSC and Polygon smart-contracts were using the same wallets to sign receipts and the receipt in step 2 was not consumed on Polygon
  4. unwrap those minted wBAN and repeat steps 2 to 4.

Here are some transactions on BSC & Polygon illustrating this attack:

By reusing receipts from one blockchain over the other, the attacker was able to mint 577.4k wBAN on BSC and 3.169M wBAN on Polygon which were not backed anymore with associated BAN deposits :(

What did we do to solve that?

The two main changes are:

  1. wBAN on Polygon uses a different wallet than the one on BSC allowed to mint => as signatures wouldn’t be the same, no way to replay a receipt from one chain over the other
  2. we modified wBAN smart-contract and bridges to include a fourth data in the receipt, which is the chainId that is the ID of the blockchain who should be the only allowed to consume such receipts

Next we sent the missing BAN from dev funds to associated cold wallets for each bridge, in order to maintain the 1 wBAN = 1 BAN formula.

No users have suffered loss of BANs due to this incident.

On top of that we are now running checks every 5 minutes alerting if the number of minted wBAN is bigger than associated BAN deposits.

Thanks to the hacker, I (Wrap That Potassium) spent days on this and even my birthday (did he forget my gift? 🤣) to fix this so that monkeys could wrap/unwrap again as soon as possible.

Since this was a major crime, we have a message for the hacker:

Give the dirty BAN back, and we’ll give you some clean BAN in return.
The incident has been reported to Major Benis from the BRPD.

Thanks for all the continuing support for wBAN! We will continue to monitor and improve our infrastructure and systems as the wBAN ecosystem grows.


What the Fork is BANANO?

For those of you who don’t know BANANO yet, it’s obviously perfect to just read our animated, meme-rich and interactive Yellowpaper! BANANO is a cryptocurrency (forked from NANO in April 2018) powered by DAG technology — here to disrupt the meme economy. Yes, BANANO has memes! And also feeless and near-instant transactions, a highly active community, and active technical development! The BANANO community doesn’t take themselves too seriously, but we’re here for the long run and we enjoy what we do. On top of this, BANANO is super easy to use and puts an emphasis on free and fair distribution, gamification and crypto education.

See current BANANO price and market data at Coingecko or Coinmarketcap. All current trading pairs and exchanges here.

Join the Banano Republic!

BANANO ($BAN) is a fee-less, instant, rich in potassium cryptocurrency powered by DAG technology disrupting the meme economy.

Official Website: banano.cc
Yellowpaper: banano.cc/yellowpaper
Help getting started: banano.how

Join our social channels for updates & giveaways:
Discord | Twitter | Telegram | Reddit | Youtube
Publish0x | Uptrennd | LBRY | Medium | Hive
Github | BitcoinTalk | Instagram | Facebook | TikTok

Overviews:
BANANO News | BANANO links


Read More