Our Analysis of the $80M Qubit Finance Exploit
Contents
According to our SlowMist Intelligence, on January 28, 2022, Qubit Finance experienced a loss of around $80 million as a result of an exploit. We’ve conducted an investigation into this event, and the following are our findings.
Tx Id: https://etherscan.io/tx/0x478d83f2ad909c64a9a3d807b3d8399bb67a997f9721fc5580ae2c51fab92acf
https://bscscan.com/tx/0x33628dcc2ca6cd89a96d241bdf17cdc8785cf4322dcaf2c79766c990579aea02
1. The attacker first deposits funds into the QBridge contract on the Ethereum blockchain. Then creating a contract that allows the target chain destinationDomainID to be crossed and the asset resourceID to be cross-chained. It is composed of the cross-chain funds and the receiving address.
2. The attacker specifies that the incoming resourceID is the required value for cross-ETH tokens, but calls the QBridge deposit function rather than the depositETH function. As a result, the check between the amount of cross-chain funds and the msg.value is bypassed.
The deposit function extracts the original address from the mapping based on resourceID called. It can be successfully called because the attacker is able to pass in …
Tx Id: https://etherscan.io/tx/0x478d83f2ad909c64a9a3d807b3d8399bb67a997f9721fc5580ae2c51fab92acf
https://bscscan.com/tx/0x33628dcc2ca6cd89a96d241bdf17cdc8785cf4322dcaf2c79766c990579aea02
1. The attacker first deposits funds into the QBridge contract on the Ethereum blockchain. Then creating a contract that allows the target chain destinationDomainID to be crossed and the asset resourceID to be cross-chained. It is composed of the cross-chain funds and the receiving address.
2. The attacker specifies that the incoming resourceID is the required value for cross-ETH tokens, but calls the QBridge deposit function rather than the depositETH function. As a result, the check between the amount of cross-chain funds and the msg.value is bypassed.
The deposit function extracts the original address from the mapping based on resourceID called. It can be successfully called because the attacker is able to pass in …