Gnosis Chain has gone through a network upgrade in order to fix the issue that allowed hackers to steal $11 million from two DeFi protocols running on its network last month.
“All application builders on Gnosis Chain can now assume tokens bridged via the native bridge are not prone to the reentrancy attack anymore, which caused the hacks of Agave and Hundred Finance,” Stefan George, co-founder and chief technology officer at Gnosis, told The Block.
Gnosis Chain (previously known as xDai Chain) is a popular sidechain — a term that refers to a blockchain running parallel to Ethereum — that's run by GnosisDAO. There are more than $287 million of cryptocurrencies locked up in applications running on its network, per DeFiLlama.
Gnosis Chain said, in an official post, that the hard fork — a significant network change — went live today at block number 21,735,000, which took place around 6:30 AM UTC.
The hard fork activated a proposal (GIP-31) on the Gnosis DAO governance aimed at preventing “reentrancy attacks,” which are a common type of security exploits targeting DeFi protocols.
The proposal came after two DeFi protocols on the Gnosis Chain — Hundred Finance and Agave — suffered from reentrancy attacks and reportedly lost $11 million in various tokens to hackers. These attacks occurred due to a vulnerability within a smart contract that wraps Ethereum-based tokens on the OmniBridge — the official bridge on Gnosis Chain connecting with the Ethereum blockchain.
A security audit last year found there was an incompatibility between bridged tokens on OmniBridge and the ERC-20 token standard that Ethereum tokens rely on. This mismatch between the two token types was what led to the two major exploits.
Prior to the upgrade, the development team working on Gnosis Chain stated that a hard fork would “harden” the security of tokens that have been bridged to the sidechain, and protect applications on the sidechain.
© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.