Audits
Services
DualDefense
Hacken Audit + Additional Crowdsourced Audit
Learn more
Services
DualDefense
Smart Contract Audit
Blockchain Protocol Audit
DORA Compliance
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
DualDefense
New Approach To Blockchain Security
Hacken Audit + Additional Crowdsourced Audit
At No Additional Cost
2 in 1
Dual-layered protection
$0
Costs
30-Day
Crowdsourced audit
Independent
HackenProof bug hunters
Learn more
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

Are the current Polkadot parachains safe?

Are the current Polkadot parachains safe?

2 minutes

Recently the Acala protocol was attacked and the exploiter was able to print 1.2 billion of aUSD.

Fortunately, the Acala team reacted to the attack in a short time and stopped all the operations on the protocol. For now, the situation is still under research and discovering a solution.

The given attack has reminded everyone of some critical issues in parachains security, which should be considered by all the projects in the Polkadot and Kusama ecosystem.

Substrate runtime forkless updates

Unlike many blockchains, the Substrate development framework supports forkless upgrades to the runtime that is the core of the blockchain. Most blockchain projects require a hard fork of the code base to support the ongoing development of new features or enhancements to existing features.

Due to such forkless upgrades, most of them are not audited properly. Usually, projects complete audits only of the initial versions before the launch.

So, each pallet (a building block of any substrate chain) that can be used for forkless upgrades at any time should be also carefully audited.

Cross consensus message (XCM)

Polkadot’s architecture allows parachains to natively interoperate with each other, enabling cross-blockchain transfers of any type of data or asset.

There is another vulnerability. If any project connected to other ones via cross-blockchain transfers gets exploited, stolen funds can flow to other blockchains and create a lot of troubles for their ecosystem as well as for their liquidity.

Canary network testing

Many projects diminish the value of testing the new features and pools at the canary network. Initially, Kusama is the canary network and serves as a testing ground for the mainnet. Such a network allows the developers to test any new features and upgrades before going to mainnet.

So, the recent attack has demonstrated that parachains require more specific and deep security audits, considering substrate based chains features.

Moreover, due to the Polkadot parachains structure, a successful attack on one parachain can be dangerous to the other projects connected via cross consensus message format.