There has been a lot of confusion however how the Wormhole hack had happened, and exactly whose side is at fault. Unfortunately, there is a lot of misinformation going around, and many people are not technical. I’d like to explain how this works.
ELI5 version:
To create wETH on their chain, Solana checks that there is a valid signature, and that the signature comes from a Guardian.
Proper usage means there is a valid signature (Correct 
) from a guardian (Correct ). These two conditions match, and so request is approved.
They expected an attacker would issue an invalid signature (Incorrect 
) from a guardian (Correct ). These two conditions do not match, so the request is denied.
The hack
The attacker issued an invalid signature (Incorrect ) from a non-guardian (Incorrect ). But these conditions match: incorrect matches incorrect. So the request is APPROVED (!!) and the ETH was stolen on the Solana network.
The Ethereum network successfully processed a withdraw, because Solana told Ethereum “it’s all good, this is legit”, but Solana’s logic for determining whether it is good was flawed.
For programmers: the check was == instead of &&
[Via]
Source :- https://nextbigwhat.com Author :- NextBigWhat Date :-March 17, 2022 at 03:33PM