Full Report
While reading blockchain security articles, the author of this post stumbled across this post talking about delegatecall() on a pre-compiled contract causing infinite money creation problems because of the events it was emitting. From there, they went through a list of the most popular blockchains one by one. The author was looking for pre-compiled smart contracts to see if any of them were vulnerable to the delegatecall() attack mentioned above. Eventually, they stumbled upon Velas. Velas is a side chain built on Solana but has a special instruction to invoke EVM programs as well. With the chains native currency VLX, this is held by the Native Type. When a program runs in the EVM space, it belongs to the EvmState account. The bridge between VLX from the EVM space to the Native space is done by sending a transaction to a precompiled contract. By making a delegateCall to the function transferToNative the contract believes that the proper funds are there even though the contract making the delegateCall is the true owner of the funds. The blockchain now executes code that will transfer the funds back to the native state, even though they were never removed from the ETH state. This can be done over and over again to create an infinite amount of VLX tokens in the EVM space. Overall, great bug discovery after a lot of time of looking!
Analysis Summary
# Vulnerability: Infinite Minting via Delegatecall to Bridge Precompile on Velas
## CVE Details
- **CVE ID**: Not Assigned (Common for niche blockchain vulnerabilities)
- **CVSS Score**: 10.0 (Critical - estimated)
- **CWE**: CWE-917: Improper Neutralization of Special Elements used in an Expression Language (specifically related to context-switching in Smart Contracts) / Related to CWE-829 (Inclusion of Functionality from Untrusted Control Sphere).
## Affected Systems
- **Products**: Velas Blockchain (Solana-based sidechain with EVM compatibility).
- **Versions**: All versions prior to the hotfix applied following the disclosure.
- **Configurations**: EVM-compatible environments utilizing the `transferToNative` precompiled contract.
## Vulnerability Description
The flaw exists in the bridge mechanism between the Velas Native state (Solana-based) and the Velas EVM state. Velas utilizes a precompiled contract to facilitate the transfer of VLX tokens from the EVM space back to the Native space.
When a standard call is made to the `transferToNative` precompile, the system verifies that the caller has the necessary funds in the EVM state (`EvmState` account) and then credits the Native state. However, the author discovered that by using the **`delegatecall()`** opcode to invoke this precompile, the execution context (the "sender") was preserved.
The precompiled contract incorrectly validated the balance of the contract initiating the `delegatecall` rather than verified the actual movement of funds. This allowed the bridge to trigger a credit to the Native state without actually debiting/locking the VLX tokens in the EVM state, resulting in "double-spending" or infinite money creation.
## Exploitation
- **Status**: PoC available (demonstrated by the researcher); closed via patch.
- **Complexity**: Low (requires basic knowledge of Solidity and `delegatecall`).
- **Attack Vector**: Network (Smart Contract interaction).
## Impact
- **Confidentiality**: None.
- **Integrity**: Critical (Complete compromise of the tokenomics and total supply).
- **Availability**: High (An exploit of this scale would likely lead to a chain halt or economic collapse).
## Remediation
### Patches
- The Velas team updated the EVM program logic to restrict how the `transferToNative` precompile can be invoked, specifically preventing it from being called via `delegatecall`.
### Workarounds
- None recommended; users should ensure they are interacting with the updated mainnet/testnet versions.
## Detection
- **Indicators of compromise**: Discrepancies between the total supply of VLX in the Native state versus the amount locked/burned in the EVM state.
- **Detection methods**: Monitoring for `delegatecall` instructions targeting known precompiled contract addresses (e.g., bridge or system contracts) via blockchain explorers or smart contract security scanners.
## References
- **Original Research Post**: hxxps[://]paragraph[.]xyz/@the_oren/the-0-day-hunt-velas-infinite-money-glitch
- **Velas Network Official**: hxxps[://]velas[.]com/
- **Solana/EVM Cross-Chain Security**: hxxps[://]docs[.]solana[.]com/developing/programming-model/calling-between-programs