ChainSwap: Auth bypass in Factory minting contract — sloppy signature check bypassed with fresh addresses
ChainSwap lost $4.4M when its per-token Factory minting contracts could be called by anyone using a fresh address per transaction — bypassing an authorization check that required no proof of legitimacy.
Summary #
ChainSwap suffered a Cross-Chain Bridge / Token Bridge on 2021-07-11, resulting in a loss of approximately $4M.
What happened #
ChainSwap lost $4.4M when its per-token Factory minting contracts could be called by anyone using a fresh address per transaction — bypassing an authorization check that required no proof of legitimacy.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited / inadequate review]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: None identified]
- RD-F-076 — related : Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: ~Several months; second incident came 9 days after first]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Partially public (Alameda-backed, but dev team semi-anonymous)]