The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

  • Hacken
  • Blog
  • Discover
  • Are the current Polkadot parachains safe?

Are the current Polkadot parachains safe?

By Hacken

Share via:

Recently the Acala protocol was attacked and the exploiter was able to print 1.2 billion of aUSD

Fortunately, the Acala team reacted to the attack in a short time and stopped all the operations on the protocol. For now, the situation is still under research and discovering a solution.

The given attack has reminded everyone of some critical issues in parachains security, which should be considered by all the projects in the Polkadot and Kusama ecosystem.


Substrate runtime forkless updates

Unlike many blockchains, the Substrate development framework supports forkless upgrades to the runtime that is the core of the blockchain. Most blockchain projects require a hard fork of the code base to support the ongoing development of new features or enhancements to existing features. 

Due to such forkless upgrades, most of them are not audited properly. Usually, projects complete audits only of the initial versions before the launch.

So, each pallet (a building block of any substrate chain) that can be used for forkless upgrades at any time should be also carefully audited.

Cross consensus message (XCM)

Polkadot’s architecture allows parachains to natively interoperate with each other, enabling cross-blockchain transfers of any type of data or asset.

There is another vulnerability. If any project connected to other ones via cross-blockchain transfers gets exploited, stolen funds can flow to other blockchains and create a lot of troubles for their ecosystem as well as for their liquidity.

Canary network testing

Many projects diminish the value of testing the new features and pools at the canary network. Initially, Kusama is the canary network and serves as a testing ground for the mainnet. Such a network allows the developers to test any new features and upgrades before going to mainnet.



So, the recent attack has demonstrated that parachains require more specific and deep security audits, considering substrate based chains features.

Moreover, due to the Polkadot parachains structure, a successful attack on one parachain can be dangerous to the other projects connected via cross consensus message format.

subscribe image
promotion image
IMPORTANT

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    DISCOVER
    WebAssembly (WASM) Smart Contracts: Their Role In Future Blockchain Ecosystems Malanii O.
  • Blog image
  • Blog image

Get our latest updates and expert insights on Web3 security