learn-evm-attacks icon indicating copy to clipboard operation
learn-evm-attacks copied to clipboard

Published 20 hours ago verified publisher icon coinspect

Wormhole bridge

Open tiassumpcao opened this issue 2 years ago • 1 comments

tiassumpcao avatar Dec 15 '22 18:12 tiassumpcao

One nitpick: Readme.md should read README.md just for consistency.

I also think the README should be more clear on how this is different from other attacks on UUPS and why the selfdestruct was necessary. The held for ransom strategy is very creative, but generally when you can upgrade to an arbitrary implementation this is not needed. See the Arbitrum Inbox bug. It is easier to just steal money.

I think the gist (I haven't studied the exploit in a while) is that you can't really change the implementation of the proxy, but because the UUPS has upgrade logic in the implementation; you can use that to provide an upgrade to the implementation (not expected usually I think).

This also answer why you can't steal money: you can't replace the implementation from the PoV of the proxy (which is the only one that matters) but you can destroy it!

joaquinlpereyra avatar Dec 16 '22 12:12 joaquinlpereyra