The Rainbow Bridge got attacked, but Alex Shevchenko tweeted it was stopped automatically, and no funds were lost.
The tweet starts saying:
🧵 on the Rainbow Bridge attack today.
TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022
“on the Rainbow Bridge attack today. TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased.”
How Was the Attack Stopped?
It goes on to explain the attack’s stats and what happened. According to the report, the attacker got some ETH from Tornado around 12h ago. In order to become a valid Rainbow Bridge relayer, he required some funds to be deposited, and he sent the fabricated light client blocks with the use of this money. Interestingly enough, he tried at one time to front-run our relayer but was unable to do so.
There was an important next attempt from the attacker. The user then decided to send a similar transaction in the future (+5h) with the block timestamp; the transaction successfully replaced the previously submitted transaction.
As the block representing the NEAR blockchain was not the one from the NEAR blockchain, one of the watchdogs from the bridge generated a challenge transaction and sent it to Ethereum, and this challenge transaction was accepted by the NEAR blockchain. MEV bots immediately realized that it would be beneficial to front-run this transaction, so they went ahead and did just that, thereby gaining 2.5 Ethereums if they were able to do so.
The watchdog transaction that was supposed to fail failed, whereas an MEV bot was able to succeed, thus rolling back the fabricated transaction that had been associated with the attacker. About a minute after the watchdog transaction failed, the relayer submitted a new block. The team investigated the strange behavior for a short time and then paused all the connectors for further investigation. They unpaused them once they figured out what was going wrong.
It is important to point out that the investigation yielded two important results. Users of Rainbow Bridge did not notice any change in their transactions and continued to transact in both directions without any noticeable impact. As well as this, probably, the combination of the high Ethereum fees (and the delay of relaying the blocks) as well as the desire to check whether watchdogs were functioning at that time was the impetus for an attacker to break the bridge at that precise moment.
According to Alex, there are about five watchdogs that run around the clock. This could be improved by simply running the watchdog script from a watchdog transaction on each watchdog group. However, this would fail because the front runners would be rewarded with a portion of the attacker’s stake through a manual process.
