ChainCatcher 消息,跨链协议 Axelar Network 针对近期 Secret Network 相关安全事件发布说明称,社区对事件存在误解,Axelar 和 Inter-Blockchain Communication Protocol (IBC) 均未遭到攻击或破坏,受影响的代币智能合约并非由 Axelar 开发、部署或维护,Axelar 的防火墙机制也阻止了影响进一步扩散至其他链。
据悉,遭利用的合约是基于 CW20-ICS20 实现的一个分叉版本,但开发者移除了两项核心安全检查,导致出现“无限铸造”漏洞。由于删除了原本用于防止此类问题的校验机制,该分叉改变了合约原有信任模型,同时未经过新的安全审计。
Axelar Network 解释称,任何人都可以通过 IBC 部署用于跨链资产封装的合约,同类合约也被用于将其他链代币封装至 Secret Network。但此次事件中的 Secret 侧分叉版本因删除关键安全检查而存在漏洞,此次事件并非特有逻辑缺陷,也不是 IBC 协议本身的问题,而是第三方合约修改后引入的安全风险。
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.