Beosin released Ronin Bridge project abnormal extraction cross-chain asset behavior analysis
According to the monitoring of the blockchain security audit firm Beosin Alert, the Ronin Bridge project has an abnormal behavior of extracting cross-chain assets. According to the analysis of the Beosin security team, the root cause of this abnormal behavior is that when the project party upgrades the contract, it does not normally initialize the operator weight required for cross-chain transaction confirmation, resulting in the minimumVoteWeight parameter in the contract being zero, allowing anyone's signature to pass the cross-chain verification. At present, Ronin bridge has lost 3,996 ETH, and the funds are stored in the address starting with 0xc6aec (this address is MEV bot, so it is speculated that it may be a white hat behavior).