Cybersecurity firm BlockSec has just discovered an exploit linked to the Ethereum PoW fork ETHW.
According to the company experts, the smart contract of the OmniBridge system for Gnosis Chain was incorrectly validating the chainID parameter. Thanks to this, the attackers were able to get an additional 200 ETHW by sending a similar amount to WETH.
The developers of the PoW fork have emphasized the problem is in the contract, not in the new blockchain. According to them, the team has “contacted OmniBridge and informed them of the risks.”
The developers have explained:
“ETHW enforced EIP-155 on its own, and there is no replay attack from and to ETHPoS that ETHW Core security engineers planned in advance.”