You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Garvit | Electron
Posting this thread to address the security concerns raised on Electron Bridge.
1/3
Yes, we are aware of the issue, and we had taken necessary precautions to mitigate this before the launch of the bridge itself. This vulnerability is not exploitable on the bridge right now.
Maksym Zavershynskyi (nearmax.near) ⋈ @weikengchen@nearprotocol @labs_electron That's why @NEARDevHub is looking to publicly audit these circuits and determine the next course of actions https://t.co/dhh6K0r4Qw . To clarify, @wormholecrypto 's NEAR<>ETH ZK bridge is based on entirely different circuits developed by @ZpokenWeb3 .
Weikeng Chen
"Electron Labs' bridge between NEAR and Ethereum is vulnerable. Zk circuits used for the NEAR light client are incomplete and severely under-constrained. It is possible to create valid proofs for invalid set of signatures. User funds are at risk!" @nearprotocol? @labs_electron?
Garvit | Electron
Posting this thread to address the security concerns raised on Electron Bridge.
1/3
Yes, we are aware of the issue, and we had taken necessary precautions to mitigate this before the launch of the bridge itself. This vulnerability is not exploitable on the bridge right now.
https://twitter.com/garvitgoel03/status/1670351793870761985?s=46&t=w1K-2akWm132Lj7mGi5p2g
Maksym Zavershynskyi (nearmax.near) ⋈
@weikengchen @nearprotocol @labs_electron That's why @NEARDevHub is looking to publicly audit these circuits and determine the next course of actions https://t.co/dhh6K0r4Qw . To clarify, @wormholecrypto 's NEAR<>ETH ZK bridge is based on entirely different circuits developed by @ZpokenWeb3 .
https://twitter.com/mzavershynskyi/status/1670197415994101760?s=46&t=w1K-2akWm132Lj7mGi5p2g
Weikeng Chen
"Electron Labs' bridge between NEAR and Ethereum is vulnerable. Zk circuits used for the NEAR light client are incomplete and severely under-constrained. It is possible to create valid proofs for invalid set of signatures. User funds are at risk!" @nearprotocol? @labs_electron?
https://twitter.com/weikengchen/status/1670163273759735808?s=46&t=w1K-2akWm132Lj7mGi5p2g
https://twitter.com/rahul__ghangas/status/1666366824395739136?s=46&t=w1K-2akWm132Lj7mGi5p2g
The text was updated successfully, but these errors were encountered: