Gnosis Chain Completes Hard Fork to Prevent Further DeFi Reentrancy Attacks
Gnosis Chain (formerly xDai), has completed a security upgrade that will help fortify the Ethereum sidechain against potential DeFi hacks. According to a recent tweet by the protocol’s developers, the hard fork was implemented on April 20th at block height 21,735,000.
Gnosis Chain Takes Measures Over DeFi Attacks
The critical network upgrade will bridge token implementations to prevent future reentrancy attacks, which devastated two lending protocols running on Gnosis Chain last month.
The latest update seeks to improve the security of digital coins bridged from Ethereum to the popular sidechain. The move helps thwart efforts by cybercriminals to trick the system via reentrancy exploits and borrow back more crypto than their deposited collateral.
“All application builders on Gnosis Chain can now assume tokens bridged via the native bridge are not prone to the reentrancy attack anymore,” noted Gnosis co-founder Stefan George.
According to the Gnosis team, all network validators should update their nodes in preparation for the major network upgrade.
Restoring DeFi Investor Trust on Gnosis Chain
This past March, two of the leading protocols on the Gnosis chain suffered devastating exploits that leveraged repeated reentrancy attacks to siphon up to $11M in tokens from Hundred Finance and Agave.
The infiltrated DeFi platforms moved quickly to pause contracts on all chains as smart contract security experts carried out their investigations into the breach.
Per a Twitter post by blockchain security researcher Mudit Gupta, hackers used a reentrancy attack vector to access locked user funds on both lending platforms. In the wake of the exploit, the Gnosis DAO submitted proposal GIP-31, a hard fork that would help prevent future security attacks on the network.
The core dev team implemented the proposal on Wednesday at 6:30 am UTC. The new security upgrade promises to help instill investor trust in DeFi by safeguarding the nearly $290M TVL on the Gnosis network’s lending applications.
GnosisDAO voted to go through the hard fork to protect users against skyrocketing DeFi exploits by integrating an additional security layer to lending apps on the blockchain.
In an earlier post, the Gnosis team explained that the latest upgrade would boost network safety for investors in the sector by bridging “token implementations to harden against reentrancy attacks.”
Were the Gnosis Network Hacks Preventable?
Blockchains running parallel to Ethereum can often have loopholes that allow malicious actors to infiltrate leading DeFi protocols and siphon millions in user funds. In the Gnosis double-attack, hackers exploited a vulnerability in the smart contract on OmniBridge, the official Gnosis Chain Bridge that connects the network with the Ethereum blockchain.
According to Gupta, the twin exploits on the Gnosis blockchain were possible due to the mismatch between ERC-20 tokens and the official bridged tokens on OmniBridge.
Interestingly, a security audit conducted last year had flagged the incompatibility between network token bridge contracts on Gnosis Chain months before the devastating exploits on Hundred Finance and Agave.
The implementation of proposal GIP-31 now boosts the security of tokens bridged to the Gnosis sidechain from Ethereum, preventing any future reentrancy attacks.