Certain multisignature (multisig) wallets can be exploited by Web3 apps that use the StarkEx protocol, according to a March 9 press release provided to Cointelegraph by Multi-Party Computation (MPC) wallet developer Safeheron. The vulnerability affects MPC wallets that interact with StarkEx apps such as dYdX. According to the press release, Safeheron is working with app developers to patch the vulnerability.
According to Safeheron’s protocol documentation, MPC wallets are sometimes used by financial institutions and Web3 app developers to secure crypto assets they own. Similar to a standard multisig wallet, they require multiple signatures for each transaction. But unlike standard multisigs, they do not require specialized smart contracts to be deployed to the blockchain, nor do they have to be built into the blockchain’s protocol.
Instead, these wallets work by generating “shards” of a private key, with each shard being held by one signer. These shards have to be joined together off-chain in order to produce a signature. Because of this difference, MPC wallets can have lower gas fees than other types of multisigs and can be blockchain agnostic, according to the docs.
MPC wallets are often seen as more secure than single signature wallets, since an attacker can’t generally hack them unless they compromise more than one device.
However, Safeheron claims to have discovered a security flaw that arises when these wallets interact with StarkEx-based apps such as dYdX and Fireblocks. When these apps “obtain a stark_key_signature and/or api_key_signature,” they can “bypass the security protection of private keys in MPC wallets,” the company said in its press release. This can allow an attacker to place orders, perform layer 2 transfers, cancel orders, and engage in other unauthorized transactions.
Safeheron implied that the vulnerability only leaks the users’ private keys to the wallet provider. Therefore, as long as the wallet provider itself is not dishonest and has not been taken over by an attacker, the user’s funds should be safe. However, it argued that this makes the user dependent on trust in the wallet provider. This can allow attackers to circumvent the wallet’s security by attacking the platform itself, as the company explained:
“The interaction between MPC wallets and dYdX or similar dApps [decentralized applications] that use signature-derived keys undermines the principle of self-custody for MPC wallet platforms. Customers may be able to bypass pre-defined transaction policies, and employees who have left the organization may still retain the capability to operate the dApp.”
The company said that it is working with a number of Web3 app developers, including Fireblocks, Fordefi, and StarkWare to patch the vulnerability. It has also made dYdX aware of the problem, it said. In mid-March, the company plans to make its protocol open source in an effort to further help app developers patch the vulnerability.
A source familiar with the matter told Cointelegraph that StarkEx had known about the vulnerability before Safeheron brought it to attention, noting that the it does not allow an attacker to transfer funds off of the layer 2 and back onto mainnet. This seemingly implies that it may not be possible for an attacker to successfully steal funds through the attack.
Cointelegraph attempted to contact dYdX, but did not receive a response prior to publication.
Avihu Levy, Head of Product at StarkWare told Cointelegraph that the company applauds Safeheron's attempt to raise awareness about the issue and to help provide a fix, stating:
"It’s great that Safeheron is open-sourcing a protocol focusing on this challenge. We encourage developers to address any security challenge that should arise with any integration, however limited its scope. This includes the challenge being discussed now."
He continued, explaining "The growth in companies and individuals finding fixes for some of the teething troubles of L2 integration is very positive."
StarkEx is a layer 2 Ethereum protocol that uses zero-knowledge proofs to secure the network. When a user first connects to a StarkEx app, they derive a STARK key using their ordinary Ethereum wallet. It is this process that Safeheron says is resulting in leaked keys for MPC wallets.