New

Hacken is launching a monitoring tool. Get details and join our beta program

More

Are the current Polkadot parachains safe?

Are the current Polkadot parachains safe?
  • Discover

15 Aug 2022

Recently the Acala protocol was attacked and the exploiter was able to print 1.2 billion of aUSD

Fortunately, the Acala team reacted to the attack in a short time and stopped all the operations on the protocol. For now, the situation is still under research and discovering a solution.

The given attack has reminded everyone of some critical issues in parachains security, which should be considered by all the projects in the Polkadot and Kusama ecosystem.


Substrate runtime forkless updates

Unlike many blockchains, the Substrate development framework supports forkless upgrades to the runtime that is the core of the blockchain. Most blockchain projects require a hard fork of the code base to support the ongoing development of new features or enhancements to existing features. 

Due to such forkless upgrades, most of them are not audited properly. Usually, projects complete audits only of the initial versions before the launch.

So, each pallet (a building block of any substrate chain) that can be used for forkless upgrades at any time should be also carefully audited.

Cross consensus message (XCM)

Polkadot’s architecture allows parachains to natively interoperate with each other, enabling cross-blockchain transfers of any type of data or asset.

There is another vulnerability. If any project connected to other ones via cross-blockchain transfers gets exploited, stolen funds can flow to other blockchains and create a lot of troubles for their ecosystem as well as for their liquidity.

Canary network testing

Many projects diminish the value of testing the new features and pools at the canary network. Initially, Kusama is the canary network and serves as a testing ground for the mainnet. Such a network allows the developers to test any new features and upgrades before going to mainnet.



So, the recent attack has demonstrated that parachains require more specific and deep security audits, considering substrate based chains features.

Moreover, due to the Polkadot parachains structure, a successful attack on one parachain can be dangerous to the other projects connected via cross consensus message format.

share via social

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email


    Interested in getting to know whether your systems are vulnerable to cyberattacks?

    Tell us about your project

    • This field is required
    • This field is required
      • whatsapp icon WhatsApp
      • telegram icon Telegram
      • wechat icon WeChat
      • signal icon Signal
    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Apply for partnership

    • This field is required
    • This field is required
    • This field is required
    • This field is required
      • Foundation
      • VC
      • Angel investments
      • IDO or IEO platform
      • Protocol
      • Blockchain
      • Legal
      • Insurance
      • Development
      • Marketing
      • Influencer
      • Other
    This field is required
    This field is required
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo

    1,070+ projects audited

    companies logos

    Get in touch

    • This field is required
    • This field is required
    • This field is required
    • This field is required
    This field is required
    By submitting this form you agree to the Privacy Policy and information beeing used to contact you
    departure icon

    Thank you for your request

    Get security score on

    • certified logo
    • coingeco logo
    • coin market cap logo